Tag: access management

Posted on

Pitching access management on the fly, Los Angeles-based Britive raises $5.4 million

It seems Los Angeles is becoming an enterprise software hotspot.

LA saw its first big enterprise exit in recent memory with the recent acquisition of Signal Sciences for $775 million, and less than a month later a hometown startup, Britive has raised $5.4 million from LA’s own venture fund, Upfront Ventures and a clutch of security experts.

LA gets a big SaaS exit as Fastly nabs the Culver City-based Signal Sciences for $775M

For chief executive Artyom Poghosyan and chief technology officer Alex Gudanis, Britive is simply the latest initiative in a decades-long effort to reshape security technology.

Both Poghosyan and Gudanis have long histories in identity and access management, back in 2009 Poghosyan founded Advancive Technology Solutions, which was acquired by Optiv in 2015 to bulk up its identity access management service.

Now, he and Gudanis are trying to solve the issues of identity access management that the new, ubiquitous cloud computing model presents for security officers and developers.

“When Optiv acquired us, we were already seeing interesting and strong signals in the technolog space about the disruption that was being driven by cloud technologies,” said Poghosyan.

Those cloud technologies presented new challenges for the kind of privileged access management technologies that Poghosyan had developed.

The solution that Britive pitches is a dynamic model for granting permissions for access, Poghosyan said. Instead of granting permanent access to, there re policy-based pre authorizations that a company can set up defined for specific tasks and roles.

Based on a developer’s role and work, they can request and receive access automatically based on the specific parameters defined by a company or security officer.

The company already has over a dozen customers using its technology after launching merely two years ago. It’s a customer base that includes one of the world’s largest carmakers and a global clothing brand — companies Poghosyan declined to identify, citing contractual obligations.

The company charges based on the number of users who are requesting permission for access, Poghosyan said.

As more companies move to remote work in the COVID-19 era and distributed teams become the norm, streamlining the provisioning and access management process for companies is going to become even more important.

Undoubtedly, that’s why Britive was able to land investors like Upfront Ventures and why their partner, Kara Nortman is joining the company’s board of directors. It’s also the reason the company was able to attract some of LA’s leading enterprise executives to back the company, including Andrew Peterson, CEO of Signal Sciences and Dave Cole, CEO of Open Raven.

 

Posted on

‘One day we were in the office and the next we were working from home’

Scott Kinka Contributor
Scott Kinka serves as CTO for Evolve IP. An award-winning, 20-year technology veteran with expertise in virtualization, cloud security and telecommunications, he designs the Evolve IP roadmap, leads its project team and works closely with customers and partners.

Ryan Easter couldn’t believe he was being asked to run a pandemic business continuity test.

It was late October, 2019 and Easter, IT Director and a principal at Johnson Investment Counsel, was being asked by regulators to ensure that their employees could work from home with the same capabilities they had in the office. In addition, the company needed to evaluate situations where up to 50% of personnel were impacted by a virus and unable to work, forcing others to pick up their internal functions and workload.

“I honestly thought that it was going to be a waste of time,” said Easter. “I never imagined that we would have had to put our pandemic plan into action. But because we had a tested strategy already in place, we didn’t miss a beat when COVID-19 struck.”

In the months leading up to the initial test, Johnson Investment Counsel developed a work anywhere blueprint with their technology partner Evolve IP. The plan covered a wide variety of integrated technologies including voice services, collaboration, virtual desktops, disaster recovery and remote office connectivity.

“Having a strategy where our work anywhere services were integrated together was one of the keys to our success,” said Easter. “We manage about $13 billion in assets for clients across the United States and provide comprehensive wealth and investment management to individual and institutional investors. We have our own line of mutual funds, a state-chartered trust company, a proprietary charitable gift fund, with research analysts and traders covering both equity and fixed income markets. Duct taping one-off solutions wasn’t going to cut it.”

Easter continued, “It was imperative that our advisors could communicate with clients, collaborate with each other and operate the business seamlessly. That included ensuring we could make real-time trades and provide all of our other client services.”

Five months later, the novel coronavirus hit the United States and Johnson Investment Counsel’s blueprint test got real.

Posted on

6 CISOs share their game plans for a post-pandemic world

Oren Yunger Contributor
Oren Yunger is an investor at GGV Capital, focused on enterprise IT infrastructure, development tools and cybersecurity. He was previously chief information security officer at a SaaS company and a public financial institution.

Like all business leaders, chief information security officers (CISOs) have shifted their roles quickly and dramatically during the COVID-19 pandemic, but many have had to fight fires they never expected.

Most importantly, they’ve had to ensure corporate networks remain secure even with 100% of employees suddenly working from home. Controllers are moving millions between corporate accounts from their living rooms, HR managers are sharing employees’ personal information from their kitchen tables and tens of millions of workers are accessing company data using personal laptops and phones.

This unprecedented situation reveals once and for all that security is not only about preventing breaches, but also about ensuring fundamental business continuity.

While it might take time, everyone agrees the pandemic will end. But how will the cybersecurity sector look in a post-COVID-19 world? What type of software will CISOs want to buy in the near future, and two years down the road?

To find out, I asked six of the world’s leading CISOs to share their experiences during the pandemic and their plans for the future, providing insights on how cybersecurity companies should develop and market their solutions to emerge stronger:

The security sector will experience challenges, but also opportunities

The good news is, many CISOs believe that cybersecurity will weather the economic storm better than other enterprise software sectors. That’s because security has become even more top of mind during the pandemic; with the vast majority of corporate employees now working remotely, a secure network has never been more paramount, said Rinki Sethi, CISO at Rubrik. “Many security teams are now focused on ensuring they have controls in place for a completely remote workforce, so endpoint and network security, as well as identity and access management, are more important than ever,” said Sethi. “Additionally, business continuity and disaster recovery planning are critical right now — the ability to respond to a security incident and have a robust plan to recover from it is top priority for most security teams, and will continue to be for a long time.”

That’s not to say all security companies will necessarily thrive during this current economic crisis. Adrian Ludwig, CISO at Atlassian, notes that an overall decline in IT budgets will impact security spending. But the silver lining is that some companies will be acquired. “I expect we will see consolidation in the cybersecurity markets, and that most new investments by IT departments will be in basic infrastructure to facilitate work-from-home,” said Ludwig. “Less well-capitalized cybersecurity companies may want to begin thinking about potential exit opportunities sooner rather than later.”

Posted on

Passbase grabs $3.6M to power privacy-preserving online ID checks

Digital identity startup Passbase has closed a $3.6 million seed round, led by Cowboy Ventures and Eniac Ventures, with participation from Seedcamp and other European investors.

The 2018 founded startup bagged a $600k pre-seed round earlier this year for its full-stack identity engine with a privacy twist.

The latest tranche of funding will go on growing the team and sales channels in the US and Europe, says co-founder Mathias Klenk. “Our goal is to build an API-first company, so building a strong core organization is key for us to be able to fully focus on securing partnerships with complementary services,” he tells TechCrunch.

“By the end of next year, we aim to have our consumer application rolled out so that individuals can leverage the core value proposition of our service and businesses can reap the rewards of seamless reauthentication,” he adds. In terms of clients, our goal is to move up in scale and conduct pilots with some of the larger players in our target segment.”

Passbase launched an open beta in May and has been running tests over the summer, according to Klenk, who says around 15 companies have been actively testing the platform — claiming 300+ businesses have “expressed interest” in the product.

Earlier testers hail from industries including healthcare, gig economy and mobility, with “exciting use cases in the pipeline from recruitment to financial services that will launch soon”, per Klenk.

What is the product? Passbase dubs it ‘Stripe for identity verification’ — meaning it’s offering APIs to make it easy for developers to plug and integrate a range of consumer-friendly identity checks into their digital services. Such as selfie video scans and identity document scanning. (Passbase is itself plugging into ID document verification services from a range of partners, augmented with add-ons such as a liveness check.)

It touts “NIST-certified facial recognition, forensic ID authenticity analysis, and a patent-pending zero-knowledge sharing architecture” as forming part of its stack. 

The overarching goal is to become a trusted intermediary exchange later between businesses and end users — aka a “consent layer” — by building out a developer platform to support the integration of verification technologies into web services, while — on the consumer end — allowing web users to limit who gets access to their actual data. Hence the promise of privacy baked in.

“Our vision is to build out an open identity system that encourages services to hold less information, yet be sure of the quality of the result they are receiving,” adds Klenk.

Consumers can submit personal data to verify their ID, such as a facial biometric scan and identity document scan via their webcam, without having to rely on their data being exposed to and potentially mishandled by non-specialists — instead they have to trust Passbase’s tech architecture.

It also plans to launch a (free) consumer app early next year that will provide end users with controls over the information they’re sharing for ID verification and also serve up insights on how it’s being used — to give people “a holistic view and analytics of their data exposure online”, as Klenk puts it. 

Though it won’t be requiring such highly engaged participation from end users — to ‘claim their digital identity’ by downloading its app.

“Our aim is to incorporate your digital identity into the verification flow,” he says, adding: “If you do not care enough about your digital footprint, you do not have to claim your digital identity and can process through a transactional relationship like with any other identity verification provider. However, with a combination of your biometrics and unique identifier, we have the first building blocks of creating a universal digital identity.”

Klenk says he expects access management and account recovery to become an important area for Passbase as — or, well, if — consumers adopt its idea of a “verified digital identity” which they can control.

“In terms of businesses accepting this, of course there are network effects in play,” he goes on. “That being said, identity works as a stack and if we manage to tie the root identity to additional credentials (through partnerships) like background checks, credit scores etc, it would be difficult to pass on using such a system. So at the end of the day, it comes down to who can offer the most full-stack solution.”

There’s plentiful and growing competition in the digital identity management space — including for privacy-protecting sign-ins now Apple has skin in the game — so Passbase certainly has its work cut out to get traction. Though it’s targeting fuller ID checks, arguing that a username and password are inadequate for many of the authentication checks which digital services now demand, given there’s a platforms offering to connect you to pretty much anyone these days, be it a medical professional, babysitter, taxi driver, cleaner, delivery driver or potential life partner.

Klenk says Passbase’s defensibility “comes from the B2B2C approach whereby we are creating a useful service for businesses from day 1, while enabling data ownership for consumers in order to create a more secure and privacy-preserving digital future”.

It does also have patents pending in the US.

“For some of the incumbents in the market, it is complicated to completely shift their business model, whereas for newer competitors, it comes down to the operating model and execution,” he also argues of the competitive landscape.

If Passbase can make their full-stack stick, the plan is to monetize via the developer platform where they’ll offer businesses their first 50 verifications for free.

“Afterwards, our pricing has a platform access fee combined with a per verification cost. The reason being that as we build out more and more modules (ID document verification, phone number, living address, email, work permit) we plan to move towards a SaaS model, offering businesses all kinds of identification services for a predictable cost,” he says. “This is why our pricing also reflects a lower variable cost and increased subscription fee, as volumes grow.”

A self-service b2b product will launch next month — meaning any business will be able to tap Passbase’s APIs and integrate its verification service. The consumer app will naturally follow later.

“For the consumer, the product will always be free as we believe that the data needs to be given back and belong to consumers,” Klenk adds.

Posted on

WeWork acquires Waltz, an app that lets users access different spaces with a single credential

WeWork announced today that it will acquire Waltz, a building access and security management startup, for an undisclosed amount. Waltz’s smartphone app and reader allows users to enter different properties with a single credential and will make it easier for WeWork’s enterprise clients, such as GE Healthcare and Microsoft, to manage their employees’ on-demand memberships to WeWork spaces.

WeWork’s announcement said “with deep expertise in mobile access and system integrations, Waltz has the most advanced and sophisticated products to provide that single credential to our members and to help us better connect them with our spaces.” Waltz was founded in 2015 by CEO Matt Kopel and has offices in New York and Montreal. After the acquisition, Waltz will be integrated into WeWork, but maintain its current customer base.

WeWork has been on an acquisition spree over the past year as it evolves from co-working spaces to a software-as-a-service provider. Companies it has bought include office management platforms Teem (for $100 million) and Managed by Q, as well as Euclid, a “spatial analytics platform” that allows companies to analyze the use of workspaces by their employees and participation at meetings and other events.

Likewise, Waltz isn’t just an alternative to keys or access cards. Its cloud-based management portal gives companies data about who enters and exits their buildings and also allows teams to set “Door Groups,” which restricts the use of some spaces to certain people. According to Waltz’s help site, it can also be used to make revenue through ads displayed in its app.