After four years of proving that continuous, context-aware authorization could replace legacy PAM and IGA at Fortune 50 scale, SGNL is joining CrowdStrike to bring identity infrastructure that moves at the speed of threats to every organization.
In March 2022, I wrote about driving to Google’s Irvine office to turn in my badge and laptop, leaving behind the free cafeterias and brilliant colleagues to pursue an unsolved security challenge. I called SGNL “my bet” and declared I was all in. Today, I’m thrilled to announce that SGNL has entered into a definitive agreement to be acquired by CrowdStrike, marking not an end but an acceleration of the mission we set out to accomplish.
When I left Google, I saw an industry at an inflection point. Authentication had become mature and commoditized, but authorization—the critical question of “what can you do?” versus just “who are you?"—remained fundamentally broken. Every enterprise struggled with the same challenge: managing access in real-time based on context, not just identity.
The traditional identity and access management (IAM) world offered two answers, neither adequate for modern threats. Privileged Access Management (PAM) solutions locked down credentials but created friction and still relied on standing privileges. Identity Governance and Administration (IGA) platforms managed compliance and provisioning but operated in batch cycles—hours, days, or weeks removed from actual access decisions. Both approaches were built for a different era: PAM for the perimeter that no longer exists, IGA for the quarterly access review that’s always out of date.
What enterprises needed wasn’t better PAM or smarter IGA. They needed something entirely new—continuous, contextual authorization that could make split-second decisions based on real-time signals. This wasn’t a problem that could be solved as a feature addition to existing platforms or within the constraints of legacy thinking. It needed unhindered focus. It needed SGNL.
Over the past four years, we haven’t just theorized about dynamic, context-aware authorization—we’ve deployed Continuous Identity at scale. Multiple Fortune 50 customers, global enterprise brands, and highly regulated companies now rely on SGNL to protect their most sensitive assets. These aren’t proof-of-concepts or pilot programs, but production deployments at Fortune 500 companies that stake their security on our platform.
Our customers have eliminated standing access to critical systems, replacing PAM’s static vaults with just-in-time access based on real-world context. One global automotive leader eliminated manual approval workflows and reduced the time for access decisions from minutes or hours, down to seconds. Another Fortune 50 global brand eliminated standing access to their cloud environments using SGNL, and reduced their management overhead of 30,000 static role assignments down to just six, simple and contextual policies to maintain.
We’ve shown these enterprises that you don’t need to choose between security and usability. Unlike PAM solutions that users work around or IGA platforms that IT dreads implementing, SGNL made security invisible—granting access when appropriate, denying it when risky, all without friction for legitimate users. We validated what I suspected in 2021: the industry wasn’t just ready for change—it was desperate for it.
When Erik and I started SGNL, we obsessed over how we built the company and who we built it with. We believed these factors mattered even more than what we were building. That philosophy guided every hire, every product decision, and ultimately, this acquisition.
CrowdStrike shares our vision of a customer-first approach. That identity-first security is the right path forward. They understand what we’ve learned through customer deployments: today’s PAM and IGA solutions are fighting yesterday’s war. Attackers aren’t hindered by your privileged account vault if they can move laterally through your environment. Compliance checkboxes from your IGA platform mean nothing if access decisions are based on outdated information.
CrowdStrike’s acquisition of SGNL isn’t about adding another product to complete an IAM portfolio. It’s about upending a paradigm that is twenty-plus years out of date. Together, we’re building the identity infrastructure that should have existed all along—one that makes authorization decisions in real-time, using all available context, at every access point. And we’re doing it with the validation of having already transformed identity security at some of the world’s largest organizations.
The scale matters. While SGNL proved the solution with major enterprises, CrowdStrike provides the platform to make this technology accessible to everyone. Every company deserves the same level of identity-first security that SGNL’s current enterprise customers now consider foundational.
The combination of SGNL and CrowdStrike creates something the market has never seen: an identity platform that operates at the speed of threats, not the speed of IT tickets.
Where PAM asks “Is this a privileged account?” we ask “Should this access happen right now?” Where IGA asks “What roles should this person have?” we ask “What is this person actually doing, and is it appropriate given current context?”
This isn’t incremental improvement. It’s an architectural transformation. Our customers are already:
With CrowdStrike’s platform, these capabilities—already proven at enterprise scale—will extend across the entire ecosystem, from cloud infrastructure to SaaS applications, from development pipelines to AI agents.
In my original post, I wondered if we could combine FAANG-level product and engineering excellence with startup agility. We did. The team we assembled didn’t just build a product; they reimagined what identity infrastructure could be when freed from legacy constraints. And they did it while supporting some of the most demanding enterprise environments in the world.
CrowdStrike’s culture mirrors what we built at SGNL: customer-obsessed, innovation-driven, and uncompromising on excellence. But more importantly, they share our impatience with inadequate solutions. George Kurtz and his team have consistently disrupted markets by refusing to accept that “this is how it’s always been done.” They understand what our customers have learned: legacy IAM approaches aren’t just inefficient—they’re dangerous.
Three years ago, I wrote that being at SGNL gave us “the ability to control our own destiny.” Some might see an acquisition as giving up that control. I see it differently. We’re not abandoning our mission—we’re accelerating it.
The identity problem that we set out to solve wasn’t just SGNL’s problem—it’s the industry’s problem. Every CISO I talk to knows their PAM and IGA solutions aren’t sufficient for modern threats. They see what their peers who’ve adopted SGNL have achieved and want the same transformation.
Our customers will continue to work with the same team that understands their authorization challenges deeply. But now, we’ll be able to integrate with the Falcon platform, leverage CrowdStrike’s threat intelligence, and help more organizations achieve the same dramatic improvements in security posture.
For the broader market, this acquisition signals the end of the PAM/IGA era. The proof isn’t in analyst reports or vendor promises—it’s in the enterprises that have already made the switch and will never go back.
When I left Google, I mentioned the company’s “other bets”—ambitious projects that could be world-changing companies on their own. SGNL was my bet on a simple belief: that identity infrastructure designed from scratch for modern threats would inevitably replace solutions designed for client-server architectures and perimeter security.
That bet has been validated by the most demanding customers in the world. We’ve helped organizations stop breaches that PAM would have missed. We’ve eliminated access risks that IGA would have certified as compliant. We’ve made “zero trust” real for companies where it was previously just PowerPoint architecture.
But most importantly, we’ve proven that the authorization problem is solvable without the complexity, friction, and operational overhead of traditional IAM solutions. We’re pioneering Continuous Identity—and we’ve proven it where it matters most: in production, at scale, protecting critical infrastructure and sensitive data.
To our customers who bet their critical infrastructure on our vision: thank you for your trust. You proved that there was a better way than another PAM vault or IGA workflow. Your success stories will light the path for thousands of other organizations.
To our investors who backed us: you saw that the $10 billion spent annually on PAM and IGA was addressing symptoms, not the disease. This outcome validates your belief that a fundamental reimagining was both necessary and possible.
To the incredible SGNL team: we didn’t just build a better mousetrap. We eliminated the need for mousetraps altogether. The journey continues, just on a bigger stage.
And to the future: CrowdStrike and SGNL together will deliver what every enterprise needs—continuous, contextual, and comprehensive identity infrastructure. No more choosing between security and usability. No more static privileges waiting to be compromised. No more quarterly reviews of outdated access rights.
When I turned in that Google badge, I was betting that authorization’s time had come, and that the PAM/IGA duopoly would eventually give way to something better. Today’s announcement proves that bet was right. But more importantly, it ensures that the solution we’ve built will reach everyone still struggling with legacy approaches.
The mission continues. The scale just got a lot bigger. And the future of identity just got a lot brighter.
Welcome to the next chapter—one where identity infrastructure finally moves as fast as the threats it’s meant to stop, and where every organization can have the same advanced authorization capabilities that the world’s leading enterprises have already proven essential.
Ready to move beyond PAM and IGA? Contact us to learn how CrowdStrike and SGNL together will transform your identity infrastructure for the modern threat landscape.
Want more of the latest identity-first security topics and trends delivered to your inbox? Helpful and insightful content, no fluff.