Permit.io Launches with $6 Million Seed Funding to Streamline Permissions in Cloud-Native Applications
Permit.io, the full-stack authorization framework helping developers bake access control into their cloud-native applications in minutes, launches out of stealth with $6 Million in seed funding. The company was co-founded by Or Weis, former CEO and Co-Founder of Rookout; and Asaf Cohen, former software engineer at Facebook and Microsoft.
The round was led by the venture capital firm NFX with follow-up investment from Rainfall Ventures, as well as a long list of angel investors from industry veterans including: Amir Jerbi, CTO and Co-Founder of Aqua Security; Cheryl Hung, Engineering Manager at Apple and former VP of Ecosystem at the Cloud Native Computing Foundation (CNCF); Danny Grander, Co-Founder of Snyk; Idan Tendler, CEO & Co-Founder of Bridgecrew; John Kodumal, CTO & Co-Founder of LaunchDarkly; Nitzan Shapira, CEO & Co-Founder of Epsagon and more.
Access control interfaces are a must have in modern applications, which is the reason many developers are spending time and resources trying to build them from scratch without prior DevSec experience. Permit.io provides all of the required infrastructure to build and implement end-to-end permissions out of the box, so that organizations can bake in fine-grained controls throughout their organization. This includes all of the elements required for enforcement, gating, auditing, approval-flows, impersonation, automating API keys and more empowered by low-code interfaces.
“As an industry, we needed to solve the problem of authentication before we started to think more seriously about permissions,” said Or Weis, CEO and Co-Founder of Permit.io. “If I were to use an analogy, authentication is like the security receptionist at the front-desk checking IDs – it’s the first layer of protection and there’s great tooling already available here. But at Permit.io we are focused on the next step, which is a bit more complicated – determining what people are allowed to do once they are inside the application.”
According to the latest research from the Open Web Application Security Project (OWASP), broken access control presents the most serious web application security risk. Failures typically lead to unauthorized information disclosure, modification, destruction of data, or performing a business function outside the user’s limits. The report states that “94% of applications were tested for some form of broken access control.”
Permit.io is built on top of the open source project OPAL, also created by Or Weis and Asaf Cohen, which acts as the administration layer for the popular Open Policy Agent (OPA). OPAL brings open policy up to the speed needed by live applications; as an application state changes via APIs, databases, git, Amazon S3 and other 3rd-party SaaS services, OPAL makes sure in real-time every microservice is in sync with the policies and data required by the application.
“Permit.io’s founders have a unique vision that doesn’t just look at what’s broken and needs to be fixed, but rather envisions a new and completely different reality,” said Gigi Levy Weiss, General Partner at NFX. “By understanding what engineers are dealing with today and the impact that has on organizations, they were able to create a solution that reorganizes the ecosystem, and how it’s interconnected safely through access controls.”
[To share your insights with us, please write to email@example.com]