loading...
Lumos turns every app access request into a self-serve one-click approval – cutting IT backlogs and eliminating shelfware simultaneously.
ENTRY ANGLES
Reposition cloud service management platform to target security budgets instead of IT/finance · Target departmental budget silos by identifying and selling into highest-budget departments · Build SaaS management/sprawl platform for multi-cloud governance
VERTICALS
CAPABILITIES
Cloud service discovery and management across 100+ SaaS platforms, Security compliance and governance features, Budget tracking and cost optimization
Modern companies run on cloud software – and that creates two persistent headaches:
- IT staff spend significant time on access management: provisioning new employees, deprovisioning departing ones, and handling ad hoc requests when someone suddenly needs a new tool.
- IT and finance teams struggle to track whether the licenses they're paying for are actually being used – leading to spending on tools nobody touches.
To solve both problems, Lumos built what it describes as an AppStore for enterprise cloud software – a single control plane for every SaaS subscription a company runs.
On the Lumos platform, administrators can define rules that automatically provision the right software access for new employees based on their role. When employees leave, Lumos automatically revokes all their access based on data pulled from the company's HR system.
Any employee can also submit an access request for a specific tool – at a specific permission level, for a defined period. If the request fits within preset rules, access is granted automatically. If it doesn't, the request routes through an approval workflow. When the allotted time expires, access is revoked automatically.
Access is also auto-revoked when an employee hasn't used a given service for a configurable number of days – including access that was originally granted automatically.
As it manages permissions, Lumos also monitors for risk signals: for example, when only one person has admin access to a critical service (a single point of failure), or when admin access has been granted to too many people (a governance problem).
IT and finance stakeholders get a full view of all the company's SaaS contracts – prices, renewal dates, license counts, and utilization data. Underused or unused licenses show up clearly, making it straightforward to cut spending by rightsizing. Department-level spend is calculated based on the active access currently provisioned for that department's employees.
The platform sends advance alerts for upcoming contract renewals to the responsible stakeholders. Those stakeholders can also see benchmarking data: what peer companies on Lumos are paying for the same or comparable services at similar license volumes. That gives them real negotiating leverage at renewal time.
Lumos counts GitHub, Pinterest, Intercom, and Roku among its customers. A typical outcome: a client reduces IT helpdesk requests by 20% and cuts SaaS spending by $230,000 per year.
Lumos was [first covered here](/review/100-vozmozhnostej-sjekonomit-tret-deneg) in spring 2022, when it raised $30 million in its first round. Since then, revenue has grown 9x. The company has now raised another $35 million.
It's worth looking at how Lumos's core positioning has evolved.
In 2022, they talked about "productivity gains through self-service" – automating employee access requests so IT wasn't a bottleneck.
Today, they talk about "staying in control" – meaning IT and security teams can better govern who has what level of access to what.
In other words, Lumos has repositioned from a procurement productivity platform to a cybersecurity platform. The underlying product is 99% unchanged. But the website and messaging have shifted significantly.
The platform now opens with the tagline that it's "preferred by IT teams and loved by security teams." Its features are organized into two equal pillars: (a) access automation – the original core – and (b) access governance and risk control, which belongs to the security narrative.
Why lean into security? Market size.
The SaaS procurement software market was worth $5.5 billion in 2020, projected to reach $9.5 billion by 2028.
The cybersecurity market was $193 billion in 2022, projected to reach $351.7 billion by 2028. Roughly 40% of that is software products; the rest is services.
Whether Lumos belongs in the "products" or "services" bucket is debatable, but either way, the addressable market after repositioning is at least 20 times larger than before.
More practically: security department budgets dwarf procurement and IT automation budgets. Lumos's sales team now walks into a conversation with the buyer who has more money to spend – which is why they repackaged the product in the first place.
Similar repositioning tricks have been pulled before. Uber and various tech-enabled financial companies have historically insisted they were technology companies – not ride-sharing services or banks – because tech businesses command valuation multiples of 10–20x revenue, while traditional operators in the same space trade at 0.5–1x.
A similar angle was [covered here in summer 2023](/review/kak-korabl-nazovjosh-stolko-on-i-budet-stoit) in a review of Smiler, which built essentially a standard photographer marketplace – but positioned it within the travel industry, since travelers book photographers in the destinations they visit. That framing helped them raise €15.3 million, a substantial amount for a photographer marketplace.
The main takeaway: it doesn't matter what your service does – what matters is which budget line you're targeting. And as Lumos demonstrates, this can sometimes be turned in surprisingly creative ways.
This is especially important for B2B services, where departmental budgets are clearly siloed. The department you sell into determines the deal size you can expect. Find the department with the bigger budget, and then figure out how to position your product for them.
Which departments do your potential customers budget most heavily for? Could your current product be reframed to walk into that room instead of the room you're in now?
The original Lumos use case also remains genuinely compelling. Companies now use an average of around 130 cloud services, and managing that sprawl is a headache for IT, finance, and security teams alike. This problem will only get worse, which means platforms like Lumos will eventually be standard equipment for nearly every company.
Lumos isn't alone in this space. Torii ([covered here](/review/malenkim-vyruchku-bolshim-jekonomiju)) has raised $65 million, and Sastrify has raised $55.2 million – with additional funding secured after its last review. The market is real, growing, and increasingly competitive. Few of them, though, have been as deliberate as Lumos about going after security budgets. That's a move anyone building in this category could replicate.