When I started as CEO of LastPass in April of 2022, I was excited to join a company that was not only a pioneer in the enterprise password management space, but also a market leader with an incredible brand and a vocal and loyal customer base. The company had seen impressive growth, which is why GoTo's board of directors decided to spin LastPass out as an independent company.
I was equally intrigued by the lack of innovation in authentication over the years, despite the increasing number of attacks targeting users. With my background in security and product management, I saw a unique opportunity to drive innovation in this space and help shape the future of authentication.
Over the past two years, we have been relentlessly working to transform nearly every facet of our organization. Guiding LastPass through its evolution into an independent company has been both a profound challenge and an extraordinary privilege.
Today, I am proud to share the story of our evolution and the bright future that lies ahead.
Establishing our Foundation
Our journey began with the challenge of establishing LastPass as a standalone, independent company. This presented our team with a unique opportunity to redesign our organization’s core systems, including recreating and modernizing our infrastructure to better meet the needs of our customers, many of whom use our product daily. The separation also gave us the unique opportunity to assess each platform and system across our business, optimizing ones that were critical and also introducing innovative business platforms and processes designed to help set us up for future growth.
Establishing an independent company also created a rare opportunity to assess and reboot our organization’s culture. We used this moment to strengthen our organization with a new executive team and hundreds of talented employees who came ready to drive a culture deeply rooted in accountability. But accountability, in its best form, comes not from what people say, but from what they do!
Which is why I’m proud to say that we’ve done the work required to reimagine LastPass from the ground up – accelerating our separation plans while responding to a security incident and emerging as a standalone cybersecurity company.
Securing our Core
In our new chapter as an independent company, we committed to a multi-year, multi-million-dollar investment in security - across people, process and technology.
This investment started with people. Under the leadership of LastPass’ first Chief Secure Technology Officer (CSTO), Christofer Hoff, we assembled a new, fully-dedicated security team – sourced largely from our network of industry veterans, with deep expertise in cybersecurity – to help us scale our operations and better defend against the evolving tactics of threat actors. This included establishing a new Privacy Operations, Safety and Trust (POST) team, focused on safeguarding customers’ privacy and protecting them from fraud and abuse. We also launched a new Threat Intelligence, Mitigation and Escalation (TIME) team – which we believe is the first of its kind among password managers – tasked with ensuring that LastPass stays on top of ever-evolving adversaries while also delivering actionable security insights and advanced threat intelligence on LastPass Labs, our content hub for the industry and our customers.
With the right people in place, we conducted a comprehensive, company-wide assessment of our operations, ultimately resulting in the establishment of new processes, policies and access controls tailored specifically for the new LastPass. This work has allowed us to continue to maintain the important third-party security certifications that our customers expect, such as SOC2 Type II and ISO 27001, while also allowing us to achieve new privacy and security standards such as SOC3, BSI C5, TRUSTe, and Independent Security Review by Google Play.
Lastly, we completed a full assessment of our technology stack, across our infrastructure, products and devices. We moved to a new purpose-built, highly available and secure cloud platform; designed, built and deployed a new secure software factory and implemented new security tooling across our newly deployed development and production environments. We also invested in issuing every employee new company-managed devices to better secure each of our endpoints.
I’ve often said to our customers, partners and prospects that it’s easier to describe what hasn’t changed than what has, given the broad scope of the investments we have made to transform LastPass.
Charting our Future
Since joining LastPass, I’ve had the good fortune of meeting with hundreds of business customers and hearing from even more consumer customers on LinkedIn and social media platforms – your feedback is invaluable for building the future together.
While a lot has changed at LastPass since then, we remain focused on our mission to enable our 100,000+ business customers and millions of consumer users to access their online services and apps securely and effortlessly. And I believe that the substantial investments we've made aren't just about the present—they're also setting the stage for what's next. With the foundation for the new LastPass firmly in place, we're turning our sights back towards innovation, aiming to help solve one of the biggest challenges businesses face today: managing the sprawling landscape of SaaS applications and the risks they bring. Now more than ever, there’s a critical need for simple to use solutions that can offer real visibility and governance across all the various apps, accounts, and data in use, while also helping to maintain security, compliance and cost-efficiency.
That’s why we are working to extend our solutions beyond password management, to enable new identity and access management (IAM) use cases, helping businesses better manage their cloud activity. It’s a natural step forward in our mission to simplify IAM, making logins more secure and easier for organizations of all sizes, not just large enterprises, to manage.
In the coming months and quarters, I expect to deliver new LastPass features and capabilities designed to provide businesses with greater visibility into the SaaS applications being used across their organizations and make it easier for your employees to securely access those applications. For our consumer customers, we have plans to deliver new capabilities designed to further secure and protect your digital lives. For all our customers and partners, you can expect to experience LastPass products that are easier than ever to try, buy and use.
Our journey is far from over—in fact, it's just beginning. The challenges ahead excite us, and we believe that we're more prepared than ever to meet them. Together, we're not just adapting to the future—we're shaping it.
Thank you for your continued trust and support of LastPass.
