Keyfactor CEO On Reaching $100M ARR Amid Identity Security Surge

In an interview with CRN, Keyfactor’s Jordan Rackie said the company is now looking to reach $250 million in annual recurring revenue within four years.

Identity security vendor Keyfactor announced Tuesday it has surpassed $100 million in annual recurring revenue (ARR), and the cybersecurity unicorn is eyeing more than doubling that in coming years with the help of channel partners, CEO Jordan Rackie told CRN.

The $100 million milestone is up from $7 million in ARR when Rackie joined the company as CEO in June 2019, he said, and comes amid the continued surge in identity-based attacks.

[Related: 10 Major Cyberattacks And Data Breaches In 2023]

In an interview with CRN, Rackie said that Keyfactor — which specializes in securing non-human identities such as those belonging to devices, workloads and APIs — expects to continue its aggressive growth pace and is aiming to reach $250 million in ARR in four years or less. “We feel confident that is within the line of sight for the business,” he said.

The milestone follows Keyfactor’s “significant minority investment” in October from Sixth Street Growth, which brought a valuation of $1.3 billion for the company. Insight Partners has been a major backer of the vendor over the past five years, investing a total of $202 million across rounds announced in 2019 and 2021.

What follows is an edited portion of CRN’s interview with Rackie.

How would you sum up the past five years for Keyfactor since you joined?

We have moved from early-stage startup [to] one of the thought leaders and best organizations to partner with, when it comes to PKI and identity-first security. Our team was recently invited to the White House, alongside the likes of Microsoft and a few other big players. We met with the Executive Office of the President, and we had two seats at the table to talk about quantum cryptography, and how do we prioritize it? How do we understand how hybrid is going to work? What's the architecture? What's the cost? What are the risks that are coming?

What are the main elements of your offering today?

Human identity management has been around for a long time. IAM [identity and access management], the idea of securing the human connectivity so that the human can identify who they are before they share protected information, secure information. Non-humans — or what the market likes to call “machine identities” — far outnumber humans. We are securing machine identities, but it's more than machines — it’s workloads, it’s APIs. Non-human identities would be the more accurate way to explain it. But machine identity is the phrase that’s taken off.

Enterprises have all these things out there that are not humans that need to have their own identification. We had a very strategic merger with PrimeKey in 2021. So before PrimeKey, Keyfactor was focused on machine identity management — meaning, discovering your entire inventory, finding all of your machines or devices or non-human assets. And then, managing the credentials of those — revoking, renewing, refreshing. The whole lifecycle of that machine identity is what we focused on.

What PrimeKey brought to us was a PKI [public key infrastructure], a certificate authority that allows us to issue identities. That made us extremely disruptive because nobody else had that end-to-end solution. [We can] essentially create that identification at scale in a very modernized way. It allows these enterprises to do things with less architecture, less skills needed on-site, more scalability. And it interacts well with the movement toward containers and containerization. So we're meeting the customer where they're at, in terms of the way they want to roll out a scalable solution. So that’s what we do — we do issuance and management of non-human identities.

What are your major differentiators from competitors?

Not only do we have the breadth of offerings, but within each offering, the depth of complexity and scalability that we need to be able to handle it, is really second to none. A lot of our competitors built their certificate management or PKI efforts [during] the PKI V1 phase — where it was all around issuing and managing public certificates. The scale was in the hundreds and not the hundreds of millions. And so the whole architecture of their tech stack was not designed [for] the volumes that we're talking about today. So when we get in bake-offs, or we're in competitive situations and we go through a [proof of concept], the customer is just blown away by our ability to handle the proliferation of these non-human identities that are in the business. So but early on, V1, it was public certs. Now we're talking about private certs. We're talking about the difference between your passport — where anyone can look at your passport and validate that this is who you say you are — that's a public record. Whereas what we're doing is, providing corporate ID badge-type identities that only make sense to that organization. But the amount of those within a company is 50-to-1 or 100-to-1 [compared to] human identities.

What are the major opportunities for partners in 2024, and what are your priority focus areas with the channel this year?

There is this huge channel opportunity that we're starting to really realize today. Two years ago, we had about 50 partners. Today we have over 200 partners that we work with. We've got VARs, we've got system integrators, we've got partners that are focused squarely on delivering our technology to the customer. So the opportunity is vast.

The more that we can leverage the partner economy [for delivery], the better for us. In 2022, we had zero partners deliver our products for us. In 2023, almost 15 percent of our new logos were delivered through partners. This year, we're targeting from 35 to 40 percent of our new logos being delivered through a partner.

We've got a lot of amazing partners. We've got companies Optiv, WWT, GuidePoint Security, Collective Insights. We do a lot of work with Accenture. And then we do a lot of work with bespoke local partners in certain regions.

[Compensation] for our direct team is 100 percent neutral in terms of [taking] it direct or with a partner. We want our sales reps to engage and interact with that partner economy. We're also on the Azure Marketplace and on the AWS Marketplace. We've got an expansive marketplace strategy, and that's been a huge advantage for us as well.

Do you have a certain timeframe when you're aiming to hit $250 million in ARR?

I would say, within the next four years is the plan. It’s probably going to be sooner than that. But I would say conservatively, over the next four years our goal is to exceed a quarter billion dollars in revenue. And I feel very confident that we're well on our way.