fbpx

ForgeRock Stock: A “Never Login Again” Identity Platform

Using a unique set of characters to access something that’s being protected is as old as time. It’s something we’re taught at a very young age, for example, in the fables of Syrian storyteller Hanna Diyab who speaks the magic words “open sesame.” In a world where we’re trying to bring woolly mammoths back to life, it seems odd we’re protecting our most valuable possessions with secret combinations of letters, numbers, cases, and special characters.

When we talk about identity, we need to consider various use cases. There’s global identity verification which authenticates people across the globe as real humans, then there’s identity verification that’s ongoing, like what you are subjected to when you serve time in large corporations, or when you log into your online bank account. Late last year, we looked at How Companies Can Stop Using Passwords by utilizing technologies such as artificial intelligence to figure out who is really behind the keyboard. One company we hadn’t come across yet is ForgeRock (FORG).

About ForgeRock Stock

Click for company website

Founded in 2010, San Francisco’s own ForgeRock raised $233.7 million in disclosed funding before pursuing their initial public offering (IPO) that debuted just days ago (more on this in a bit). All the funding has been used to build a Consumer Identity and Access Management (CIAM) platform that’s used to authenticate users and continue authenticating their behavior in real-time. For example, the cadence at which you type, the way you wake up your mouse, the way you type your own name, these are all ways that can be used to determine who is actually behind a keyboard or mouse.

Real-time monitoring is part of the movement towards “Zero Trust” – trust no one and nothing, regardless of whether or not they’ve been authenticated inside or outside your networks. With over 80% of hacking-related breaches utilizing stolen or brute-forced identity credentials, the notion of monitoring someone once they’ve authenticated makes loads of sense. Once someone’s inside your network, you cannot assume they’re a friendly.

In the past, less trust in users meant less usability. The more things were locked down, the more pissed off the end user became.

Comic from The remarkably intelligent, good-looking legend - Scott Adams
Credit: The remarkably intelligent, good-looking legend – Scott Adams

That’s all changed now with sophisticated technologies that allow organizations to increase security while decreasing friction. That may sound like a pipe dream to most CTOs, but it’s that appeal that has solutions like ForgeRock’s flying off the shelf.

The ForgeRock Identity Platform

For companies that need to offer secure environments, these usually take the form of two broad areas – consumer access and workforce management – customers and employees. ForgeRock’s has built an industrial-strength consumer and workforce access management solution that can support over 60,000 user-based access transactions per second per customer. In their recent IPO filing, they detail success stories from big names across all types of industries – HSBC, BMW, NBC, GEICO, and Maersk are listed as reference customers who tell tales of cost savings and efficiencies. It’s happening across the globe, with 48% of ForgeRock’s revenues coming from the United States and the remainder spread out across Europe Asia.

ForgeRock estimates their global total addressable market (TAM) to be $71 billion – Consumer Identity ($41 billion) Workforce Identity ($27 billion) and IoT ($3 billion). That size of an opportunity means there’s plenty of competition. As usual, the MBAs can’t agree on a relative comparison of the players in this space, but we can assume that all of the below companies would be ForgeRock’s formidable competitors – names like Microsoft (MSFT), IBM (IBM), and Okta (OKTA).

Image showing How ForgeRock stacks up to the competition - Credit: Gartner/Forrester
How ForgeRock stacks up to the competition – Credit: Gartner/Forrester

As expected, ForgeRock’s business model is software-as-a-service (SaaS), and consequently, revenues have been growing steadily over time in a predictable manner, even in the face of The Rona. (Around 97% of total revenue comes from subscriptions.)

ForgeRock's business model is software-as-a-service (SaaS), and consequently, revenues have been growing steadily over time in a predictable manner, even in the face of The Rona. Credit: Nanalyze
What pandemic? – Credit: Nanalyze

Digging into the ForgeRock registration statement, we find the usual SaaS metrics that can be used to monitor the health of ForgeRock’s business. As of mid-year 2021, the weighted average subscription term was 33 months with 353 large customers with $100,000 of annual run rate (ARR) accounting for 88% of total ARR. No single customer accounts for more than 6% of ARR. The old land-and-expand strategy seems to be working with a net retention rate of 113%. (This means existing customers are spending more money with ForgeRock over time.) It would be nice if they told us gross retention rate (this shows departing customers), but we didn’t see that in the S-1 filing.

Overall, it’s a healthy SaaS business with lots of room to expand as firms across the globe move towards a future where you’ll never have to login again.

Should You Buy ForgeRock Stock?

The cybersecurity domain is relatively mature, and that’s what category ForgeRock falls into. When you’re investing in mature domains, it’s often easier to find a decent ETF than it is trying to cherry-pick a winner from several dozen names which is next to impossible. That’s why our exposure to cybersecurity companies simply consists of holding the best cybersecurity ETF out there, and we’re content to leave it at that.

The ForgeRock IPO attracted some attention, with shares closing up +46% on the first day of trading. On the second day of trading, FORG stock is trading up (checks Bloomberg terminal) +20% thus far. Any newbie investor who confuses sudden stock price appreciation with the quality of a stock will have some proper FOMO going on now, so we’ll touch on valuation a bit.

Using our simple valuation ratio, we can see how ForgeRock compares to some other cybersecurity companies we’ve covered (with Okta thrown in for good measure). Turns out that ForgeRock isn’t overvalued after all, even after the recent stock price surge (company names link to our past research).

CompanyMarket Cap
(USD billions)
Revenue DataAnnualized Revs
(USD billions)
Simple Ratio
Darktrace $8.24 FY-2021$0.38621
Crowdstrike $59.75 3Q-2021$1.34844
SentinelOne  $18.46 3Q-2021$0.183100
Fortinet $48.85 2Q-2021$3.204 15
Palo Alto Networks $46.58 3Q-2021$4.8810
KnowBe4 $4.24 2Q-2021$0.23618
Okta $39.60 3Q-2021$1.2631
ForgeRock $3.36 2Q-2021$0.175619

As risk-averse investors, we prefer to own market leaders. ForgeRock is indeed a global identity leader, but their competitor – Okta – is 10X their size with 7X the revenues. If we wanted to invest in CIAM, we’d probably stick with Okta, even though it’s more richly valued.

Conclusion

Creating a secure environment has always been a tradeoff between increasing security and degrading the user experience. With today’s CIAM solutions, companies can have both. With greater than $70 billion in TAM to capture, there’s plenty of opportunity for leaders in this space like ForgeRock to grow revenues at a rapid clip. Based on the success of their initial public offering, it seems like Wall Street recognizes the opportunity at hand.

Share

Leave a Reply

Your email address will not be published.