1Password has hired its first chief technology officer (CTO) as the password management and credentials security platform doubles down on the enterprise growth that has netted big-name customers like Slack, IBM, Shopify, and GitLab.

The Canadian company has come a long way since it launched its first password manager for consumers some 15 years ago. Founded out of Toronto in 2005 ahead of its official release a year later, 1Password has increasingly chased the enterprise dollar, doubling its number of paying business customers to more than 90,000 in the past two years and hitting annual recovering revenue (ARR) of $120 million.

Things appear to be going swimmingly for 1Password, so why hire a CTO now? “In a word? growth,” 1Password CEO Jeff  Shiner told VentureBeat over email.

Although 1Password had grown organically and been profitable since its inception, the company’s decision to accelerate its enterprise push was enabled in large part by its gargantuan $200 million series A round back in 2019, its first institutional investment. Off the back of this raise, 1Password expanded into secrets management to help companies secure their infrastructure, launched a new API for security teams to funnel 1Password sign-in data directly into their cybersecurity applications, and introduced a new Linux desktop app for DevOps teams.

A few months back, 1Password raised another $100 million at a $2 billion valuation.

1Password for Linux

Above: 1Password for Linux

On top of all that, 1Password recently announced its first chief financial officer (CFO), chief product officer (CPO), chief marketing officer — and now its first CTO.

“We recently crossed 500 employees, and it became clear to the leadership that the company would benefit from a single leader in place to prioritize technology innovation and look around the corner at what the market needs next,” Shiner said. “There’s a lot we could do, but what should we do to advance our business and our mission?”

That’s where Pedro Canahuati enters the fray, joining 1Password to head up its technology endeavors after nearly 12 years at Facebook, where he most recently spearheaded the social network’s security and privacy efforts.

Hypergrowth

For context, Canahuati had been with Facebook since it had a measly 175 million users, all the way through its IPO and on to becoming one of the biggest companies in the world with more than 3 billion users across its properties. Behinds the scenes, this translates into growing from a “single datacenter and a few dozen engineers managing thousands of servers to dozens of datacenters, millions of servers, and over a thousand production engineers,” Canahuati told VentureBeat.

So Canahuati knows a thing or two about scaling engineering and security at hypergrowth organizations, including the inherent challenges.

“Facebook is a structured environment built from the ground up — we had to build a lot of the underlying technologies and infrastructure ourselves,” Canahuati explained. “With that, the company also became a pretty big target as it became the platform for several billion users. One of the biggest hurdles, from a security perspective, was keeping up with the growth of the company, the user base, and the ever-changing threat landscape. The problems became more complex over time, and we had to build tools like static and dynamic analysis software that now finds over 50% of security bugs through automation. We built code-level abstractions that solved some of the OWASP top 10 industry problems so our software developers could focus more on rapid experimentation than on security. This isn’t even scratching the surface of what we built.”

Canahuati said he could “probably write a book” about the lessons he learned during his Facebook tenure.

“I learned a ton about building feature-rich, secure infrastructure and products with high availability,” he said. “I was part of building a world-class infrastructure leadership team — the best in the big tech world, in my opinion. I had to learn how to become a stronger leader, build strong leadership teams that helped us be resilient to new requirements and move sustainably fast on stable, secure infrastructure with an ever-increasing demand.”

It’s probably fair to say Canahuati could have left Facebook for any number of big tech companies, but he was particularly interested in moving up to the CTO role.

“I spent a lot of time thinking about what kind of role and company I wanted to join,” Canahuati said. “It was important to me to find the cross-section of solving meaningful problems for people, strong leadership, a loved brand, and where my skills and experiences could help the company become even stronger. I prefer companies that take a consumer-first approach to building products because they tend to build more user-friendly applications.”

Above: 1Password: Managing family members

What’s next

It’s important to note that while 1Password does toot its own enterprise horn, it’s still very much a consumer service company. This presents an extra challenge, as 1Password has to deal with myriad expectations and requirements ranging from individual users and families to small businesses and enterprises. Such a product roadmap has the potential to get messy without due care.

“1Password is at an inflection point in its transition — one that began a few years ago — from a pure consumer company to one that also offers solutions to businesses,” Canahuati said. “Our fan base is passionate and has strong opinions about our products, and we’ll need to balance that against our priorities. I’ll be taking a holistic view of the products we offer and the products that businesses and families want and will help thread the needle between the two. It’s going to be a challenge for sure, but it’s one that I embrace.”

It’s widely acknowledged that the vast majority of data breaches are due to compromised passwords, which is why 1Password has managed to infiltrate both the consumer and enterprise spheres with a platform that enables users to store passwords securely and access myriad online services with a single click, while it can also be used to store other private documents, such as software licenses, credit card details. More recently, 1Password has started to manage and safeguard infrastructure “secrets,” such as API tokens, keys, and certificates.

1Password: Secrets automation

Above: 1Password: Secrets automation

The world has rapidly transitioned to remote work over the past 18 months, a trend that shows little sign of reversing. This has opened a can of worms for workplace security, in terms of employees signing into myriad cloud systems and applications on their own networks and devices. This is partly why the global password management market is gearing up to become a $3 billion industry in the next five years, up from $1.2 billion last year.

To prepare for this boom, Canahuati said he will be focused on supporting all the technology teams across the company, including engineering, security, production environments, data, and IT.

“As 1Password has grown tremendously over the past few years, I’ll be focused on ensuring that we can scale up the teams, our infrastructure, and capabilities to build more awesome technology,” he said. “This will help us be more nimble while building a diverse suite of products that help families and businesses.”

More specifically, Canahuati hinted that more third-party integrations were in the pipeline, after having already unveiled a handful of partnerships in the past year. These include a tie-up with Privacy.com to let users create virtual payment cards and a duo of enterprise integrations with Slack and Rippling.

“We’ll continue to go after similar opportunities that make it easier for businesses and families to stay safe,” Canahuati added.

Data sovereignty

A quick peek across the broader SaaS sphere reveals a growing array of software that embraces an open source model and is designed to attract industries that require full autonomy and sovereignty over their data. This is particularly true in highly regulated sectors such as finance, government, or health care that manage a lot of personally identifiable information (PII). Elsewhere, some companies or countries might even block access to online services like 1Password.

Having the freedom and flexibility to deploy software on a company’s own infrastructure is clearly a selling point for some — so is this something 1Password might consider in the future? 1Password is in fact currently seeking feedback on this very question, though Canahuati wouldn’t confirm whether this idea would be greenlighted.

“Currently, we believe that a 1Password membership is the best way to store, sync, and manage your passwords and other important information,” he said. “However, we’re constantly looking into new avenues to make sure we always offer what’s best for our customers. Right now, we’re in the exploratory phase of investigating a self-hosted 1Password. We’ll assess the demand for this as we gather results.”

With a $2 billion valuation, most of the C-level bases now covered (CFO, CMO, CPO, and CTO) and a roster of high-profile investors that includes Accel, Slack, Ashton Kutcher’s Sound Ventures, and Atlassian’s founders, it seems fair to ask — is 1Password gearing up to become a public company anytime soon?

“I can’t speak to our long-term business outcomes, but our mission is to help any company embrace security and privacy,” Shiner added. “We’ll pursue any product or business strategy that helps us achieve that goal.”

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member