Opal, a platform that decentralizes access control for enterprise clients, today announced it has raised $10 million in a Series A funding round led by Greylock. CEO Stephen Cobb says the proceeds will be used to develop the product and expand Opal’s 25-person team.
Cobb argues that companies provide too much access to systems. According to him, 2021 interview Cloud infrastructure security startup Ermetic found that businesses with more than 20,000 employees experienced at least 38% of cloud data breaches due to unauthorized access. Employees use systems such as Amazon Web Services (AWS), GitHub, and Salesforce in their daily work, and each of these systems has its own way of defining access control (for example, through roles, groups, resources, permission sets, or policies) . With so much variety, determining the right role-based abstraction can be a daunting task.
“The term “engineer” can have a well-defined meaning in Jira, where it implies access to an “engineering” ticketing project. However, in a more complex system like AWS, being an “engineer” can provide little insight into what the user needs to do their job,” Cobb explained. “Opal addresses this issue by using a more dynamic access model.”
Opal was founded in 2019 by Kobbe, a former Dropbox software engineer. Umaima Khan, Opal’s other co-founder and head of products, comes from Collective Health, a self-funded firm that provides health services to the employer.
Opal offers employees a self-service catalog that allows them to query and access systems. The analytics dashboard provides usage-based suggestions, visualizations, and access information to the customer’s security team. For example, if a user has not accessed a resource for many months, the Opal Dashboard may recommend that the user’s access be removed.
“Opal offers a unique approach to the problem of access control, combining ideas with workflows. Most products are one or the other,” Cobb said. “Opal decentralizes overburdened teams like security and IT to resource owners with the most context.”
Opal can automatically discover databases, servers, internal tools and applications by delegating access requests to the appropriate teams and managers. The platform can also automatically remove access when it’s no longer needed, sending reminders to reviewers via Slack and email and keeping track of any access changes.
“Opal was created to provide teams with a single window for scalable access control in line with the principle of least privilege security, where only the minimum necessary amount of access is granted,” said Kobbe. “Overall, Opal helps businesses move quickly while maintaining security and compliance… [We do] it is by creating a culture in which least privilege, the act of giving the least amount of access to anyone to perform a task, is the established norm and daily practice.”
Opal competes with large and small companies in the field of access control, including DoControl. But Kobbe, declining to answer questions about Opal’s earnings, said he was confident his company could stand out thanks to a customer base that includes Databricks, Blend and Marqeta.
“Security and compliance are critical for most companies. We believe that even in the current economic climate, the budget for products that add value in these areas will continue,” he added.
Credit: techcrunch.com /