February 15, 2022
TEL AVIV, Israel – Permit.io, the full-stack authorization framework helping developers bake access control into their cloud-native applications in minutes, today launches out of stealth with $6Million in seed funding. The company was co-founded by Or Weis, former CEO and Co-Founder of Rookout; and Asaf Cohen, former software engineer at Facebook and Microsoft.
The round was led by the venture capital firm NFX with follow-up investment from Rainfall Ventures, as well as a long list of angel investors from industry veterans including: Amir Jerbi, CTO and Co-Founder of Aqua Security; Cheryl Hung, Engineering Manager at Apple and former VP of Ecosystem at the Cloud Native Computing Foundation (CNCF); Danny Grander, Co-Founder of Snyk; Idan Tendler, CEO & Co-Founder of Bridgecrew; John Kodumal, CTO & Co-Founder of LaunchDarkly; Nitzan Shapira, CEO & Co-Founder of Epsagon and more.
Access control interfaces are a must have in modern applications, which is the reason many developers are spending time and resources trying to build them from scratch without prior DevSec experience. Permit.io provides all of the required infrastructure to build and implement end-to-end permissions out of the box, so that organizations can bake in fine-grained controls throughout their organization. This includes all of the elements required for enforcement, gating, auditing, approval-flows, impersonation, automating API keys and more empowered by low-code interfaces.
“As an industry, we needed to solve the problem of authentication before we started to think more seriously about permissions,” said Or Weis, CEO and Co-Founder of Permit.io. “If I were to use an analogy, authentication is like the security receptionist at the front-desk checking IDs – it’s the first layer of protection and there’s great tooling already available here. But at Permit.io we are focused on the next step, which is a bit more complicated – determining what people are allowed to do once they are inside the application.”
According to the latest research from the Open Web Application Security Project (OWASP), broken access control presents the most serious web application security risk. Failures typically lead to unauthorized information disclosure, modification, destruction of data, or performing a business function outside the user’s limits. The report states that “94% of applications were tested for some form of broken access control.”
Permit.io is built on top of the open source project OPAL, also created by Or Weis and Asaf Cohen, which acts as the administration layer for the popular Open Policy Agent (OPA). OPAL brings open policy up to the speed needed by live applications; as an application state changes via APIs, databases, git, Amazon S3 and other 3rd-party SaaS services, OPAL makes sure in real-time every microservice is in sync with the policies and data required by the application.
“Permit.io’s founders have a unique vision that doesn’t just look at what’s broken and needs to be fixed, but rather envisions a new and completely different reality,” said Gigi Levy Weiss, General Partner at NFX. “By understanding what engineers are dealing with today and the impact that has on organizations, they were able to create a solution that reorganizes the ecosystem, and how it’s interconnected safely through access controls.”
Quotes of Support
Permit.io’s team has deep, industry-leading experience with the problem of building and rebuilding authorization from scratch. Their vision for authorization as a service presents an incredible opportunity for software companies everywhere to avoid this headache and easily adopt secure, scalable, interfaceable access-control. – Ron Rofe, Co-Founder & General Partner at Rainfall Ventures
Permit.io provides an efficient, adaptable, and powerful authorization system that includes a microservices-based application layer. It’s amazing how easily this can be implemented into your product with little or no authorization knowledge. – Ran Ribenzaft, CTO & Co-Founder of Epsagon
Just like with feature-flags, permissions have been something developers have been building over and over again. Permit.io’s authorization puts an end to this struggle once and for all. You basically just have to plug it in, and you’re done – a simple, elegant, and time-saving solution. – John Kodumal, CTO and Co-Founder of LaunchDarkly
Read the launch blog: permit.io/blog/announcing-permit
Get started for free: permit.io/start