Founders ExplorerOnelaunch identity and access control, both came from Octawhich itself is a single sign-on system provider based on zero trust model. In fact, they were in charge of authentication and zero-trust products and saw firsthand how companies struggled to control permissions and access in a complex environment that often included not only cloud applications but also mixed on-premises components.
They decided to move on and form a company to help solve this particular set of problems with the goal of automating many of the access control activities that up until that point had been done manually or, worse, not done at all.
The company today announced a $15 million Series A.
CTO and co-founder Paul Kerna said they are well aware of the pain points companies face with these issues. “Managing permissions and access is still very painful for end users, IT teams or the engineering group managing it all,” he told TechCrunch. This is because with a broken permissions system, you can underestimate resources by making people wait to use the tools they need to do their job, or over-provision, such as maintaining permissions for users who no longer exist. “I think many of us have personally seen this experience,” Kerna said.
Its co-founder and CEO, Alex Bovie, adds that they wanted to make it easier for companies to control these access control tasks and bring principle of least privilege to a decision. “We launched ConductorOne to automate as much as possible from an identity security standpoint how people access, retain access, and revoke access to help companies achieve low-privilege access control,” Bowie told me.
Former Okta employees see that their company is tackling a very different problem than their former employer regarding identity protection. “They do a great job of centralizing some of your enterprise users into a central directory. I think that when you think about identities in terms of security, the first thing to understand is all the identities in your environment, whether they are connected to your SSO solutions or not,” he said.
He adds: “It’s also about understanding permissions, roles, and data that these different identities can access. Thus, we adopt a much more orchestration-oriented view. Frankly, it’s just a different architecture, more like an orchestration view and visibility first in your environment to be able to give it to you as a security team and GRC (governance, risk, compliance) and then build workflows on top of that. fulfill it”
Part of how it works is through out-of-the-box integrations with popular services like Okta, GitHub, Slack, Datadog, Jira, etc. to understand what’s going on in the company and what actions might affect someone’s actions . permission to access the program. However, it is worth noting that they can work with any corporate directory except Okta.
Today, the startup has 17 employees and plans to double that number by the end of the year. Bovie says that creating a diverse workforce is written into the company’s original value documents. “We announced our company values very early on. this is one of our first blog postsand I think one of the mechanisms for attracting these talents, especially early in the search funnel, is to be open and open about how you want to run the company and emphasize that you believe in diversity and want it to was part of your corporate culture,” he said.
Today’s $15 million Series A investment was led by Accel with participation from existing investors Fuel Capital, Fathom Capital and Active Capital, as well as several prominent industry angels. The company raised $5 million seed round last year, which was also led by Accel.
The new funding should help them scale up their current solution to begin refining their long-term vision for the company. “Our vision and strategy for the long term of the product is to automate the entire access control life cycle. So not only the registration process, but eventually the disconnection process as well, and handling things like time-based access control, so it’s not even a problem in the first place, because you’re granting access for a specific period of time. , and then delete it,” Bovi explained.
Credit: techcrunch.com /