Just about two years since we stepped out of stealth mode, Lumos has grown exponentially — 9x in revenue since the last round of funding, to be precise. We’ve attracted top-tier enterprise customers, including the likes of Pinterest, MongoDB, and GitHub. Today, we're thrilled to announce our $35M Series B financing led by Scale Venture Partners with participation from a16z, Harpoon Ventures, Neo and others.
It’s truly fascinating how our tools have evolved from hammers and screwdrivers in the world of atoms to digital apps in the world of bits. Software is truly embedded in every company’s DNA. As we depend more and more on software to run our companies, it's critical to properly manage a company’s app landscape. Today, we’d like to reintroduce ourselves to the world: Lumos is the first Unified Access Platform to manage a company's access to apps and data.
Managing Access is a Top Priority for CIOs & CISOs
We named Lumos after the spell that casts light in darkness to illuminate the increasingly complex landscape of apps. Now, companies use an average of 650 apps, many of them with hundreds of different permissions. Managing access to apps and data has never been more challenging for IT & security teams. Here’s why the stakes are so high:
Identity as the Achilles' Heel of Security
According to Gartner, 80% of organizations have experienced identity-related security breaches with substantial consequences. One such incident at MGM in 2023 led to a $100 million impact on its quarterly results. High-profile breaches at companies like CapitalOne, Equifax, Uber, Target, Facebook, and JP Morgan often result in CISOs losing their jobs. Although every breach is unique, there is a common theme: compromised credentials. When these credentials are compromised, it effectively means that the digital identity of the legitimate user is stolen, allowing intruders to access sensitive information and systems that should be protected.Employee Enablement with the Right Technology as a CIO Focus
The rapid emergence of GenAI has underscored that technology is more than just a means to keep up — it's a vital competitive advantage. Over the past 18 months, CIOs have intensely focused on goals like "driving employee productivity through technology." Managing this in environments overflowing with hundreds of apps is challenging. We frequently hear from CIOs about the lack of visibility into their software stack or the days needed to fulfill access request tickets.Software Spending as a Top Concern for CFOs
2022 and 2023 have underscored a critical shift: growth must be sustainable, not just rapid. For most companies, software spending is now second only to payroll. A recent Gartner poll showed that software spending is the #1 cost concern for CFOs. Yet, inefficiencies are rampant. Customers often have overlapping tools like Jira, Asana, ClickUp, and Monday, with as many as 25% of licenses going unused.Today's IT leaders are not only tasked with scaling but also with streamlining their software stacks.
This landscape sets the stage for Lumos to act and become the Unified Access Platform for companies.
Access is The Big Elephant Across Teams
Different teams manage hundreds of apps and permissions using various solutions that rarely connect with each other. This situation often reminds me of the blind men and the elephant analogy — everyone sees only a part of the problem and tries to solve it on their own:
SaaS Management & IT Teams: IT’s mission is to enable employees to do their best work with their right technology. However, different IT sub-teams use various tools for specific needs: IT Asset Management keeps track of all software; IT Procurement finds ways to save money on software; and IT Operations manages employee onboarding, offboarding, and self-service access through multiple apps and systems.
Identity Management & Security Teams: Security’s mission is about protecting the organization and earning & maintaining customer trust. Various teams do that in different ways. Information Security focuses on creating visibility over and securing sensitive accounts through Privileged Access Management (PAM) or Cloud Infrastructure Entitlement (CIEM) tools. GRC conducts quarterly access reviews to meet compliance standards such as SOX and ISO 27001 through spreadsheets or some specialized software. And, Identity & Access Management teams automate access workflows using Identity Governance (IGA) platforms. Yes, lots of abbreviations.
This situation highlights how teams work separately on specific parts of managing apps and access, often missing a unified view of the whole picture.
Uniform Data Models & Key Capabilities Unlock a Consolidated Platform Approach
It's somewhat ironic that companies often use 4-5 different apps just to manage all their other apps. Interestingly, these diverse systems are all built upon similar data models and capabilities. They all provide workflows to create and remove access based on an access data. For instance, PAM manages hundreds of AWS permissions, like access to an S3 bucket, while SaaS Management handles specific software licenses for tools like Adobe or Zoom. Meanwhile, IGA adjusts access to tools like Salesforce as employees' roles change. Despite relying on similar provisioning capabilities and data models, why aren’t our "blind men" seeing the whole elephant?
Historically, companies needed to invest hundreds of thousands of dollars to build integrations for provisioning access to their systems. There was no standardized protocol for creating and removing access to apps. SCIM, the main protocol for managing access, is not even 15 years old and still doesn’t support the management of granular permissions natively. It's only in the last 6-7 years that access management APIs have become a fundamental requirement for enterprise software. This recent development has opened up the opportunity to standardize these interfaces, potentially consolidating them into a single, streamlined infrastructure.
Introducing Lumos, the Unified Access Platform
Lumos is the first and only company to approach the access management problem holistically from day one. It is common knowledge that companies build product bundles over time to sell more into a captive audience. Usually, this is done way later in the lifecycle of a company. Our platform approach has been core to our strategy from the start. When everyone focused on building deep vertical solutions in the boom years of 2020 and 2021, it was an unobvious move to start a company with a platform strategy.
Fast forward to today, Lumos is the exact antidote needed to manage the “APPocalypse” with a consolidated approach. Lumos brings IT and Security teams together — enabling them to solve app and access related problems by merging the SaaS Management and Identity Management industries into one platform. Lumos helps IT teams discover all apps in a company’s environment, reduce software costs by eliminating unused licenses and duplicates, and allows employees to request software access through a self-service AppStore. Meanwhile, security teams use Lumos for quarterly access reviews to meet SOX and ISO27001 standards, reduce privileged access by granting temporary admin rights and manage joiner-mover-leaver policies.
We followed 4 core principles when building Lumos:
Unified Source-of-Truth: Lumos operates as a single platform that serves as the ultimate source of truth for access, managing granular permissions across on-prem and cloud environments and for all identities — including employees, contractors, and machine identities. It tracks actual system usage and integrates spend data to accurately reflect the cost implications of each license.
Full Use Case Coverage: Lumos was built to serve a broad spectrum of needs from day 1 whether that’s Identity Governance, Privileged Access Management, SaaS Discovery or Spend Management. Our goal is to break down silos between IT & Security with a unified control center to manage anything access-related - vendors to decrease software spend, apps to automate IT work and identities to protect against breaches.
Interoperability: Lumos supports diverse interfaces to minimize the need for change management. End users can request access to software from their Command Line Interface, Slack, IT Ticket System, and a Web UI, while admins can manage Lumos via a UI, via Terraform or open APIs, allowing for extensive customization and integrations.
AI-Powered: Lumos leverages AI across multiple use cases. Our AI integrates into a company’s ticketing system, picks up on any access request that wasn't natively created in Lumos and kicks it off through the proper approval chain. Our AI capabilities also extend to anomaly detection, analyzing employee data to suggest access modifications. And, we automate the ingestion of thousands of vendor contracts through AI-based OCR to identify the cost per license and quantify savings for license removals.
A Vision for the Future of Access
It’s more exciting than ever to be in the space of technology right now. The world of apps is on the brink of a transformative shift toward autonomous software. Initially, we moved from on-premise solutions like SAP and Oracle to cloud-based platforms such as Salesforce and Workday. Then came the consumerization of IT, enabling us to adopt tools like Figma and Slack with just a swipe of a credit card, enhancing collaboration like never before. Now, we're entering an era where software not only supports but actively takes over our routine tasks, functioning much like a virtual employee.
This evolution mirrors historical changes in manufacturing. Every company is operating two core factories: the product factory ("the factory") and the idea factory ("the office"). Over 250 years since the Industrial Revolution, our product factories have evolved dramatically — take the Tesla factory as an example, where robots perform the bulk of the work under human supervision. We are now poised to witness a similar transformation in the realm of software.
As software becomes increasingly autonomous, enabling us to create more than ever, the complexity also rises with more apps and more actors in play. This is where Lumos steps in — building the essential infrastructure to define the relationship between apps and actors. Rather than viewing our era as one of software excess, I believe we are leveraging these applications to their fullest to create unimaginable things. Lumos is here to ensure that you can harness this technology to its maximum potential without the headache, helping you navigate this exciting new frontier with ease.
Throw me a line on LinkedIn or check out our new website. Welcome to Lumos.
With positive vibes,
Andrej
.