In a $10 million Series A fundraising round headed by Greylock, Opal is a platform that decentralizes access management for business clients. Opal’s CEO Stephen Cobbe said the money raised will go toward increasing the company’s 25-person workforce.
It’s Cobbe’s belief that firms give away too much access to systems. To his point, a 2021 study by cloud infrastructure security firm Ermetic revealed that organizations with over 20,000 workers had at least 38 percent cloud data breaches due to unauthorised access. Employees utilize platforms like Amazon Web Services (AWS), GitHub, and Salesforce in their day-to-day work, and each of these services has its own means of establishing access control (e.g., via roles, groups, resources, permission sets, or rules) (e.g., via roles, groups, resources, permission sets, or policies). With so much variability, finding the correct role-based abstraction may be tough.
“Being a ‘engineer’ could have a well-defined definition in Jira, where it requires having access to the ‘engineering’ ticketing project. But in a more complex system like Amazon Web Services (AWS), being an engineer might not give you an understanding of what a user needs to get the job done. “Opal uses a more dynamic access paradigm to tackle this problem.”
Cobbe, a former Dropbox software developer, created Opal in 2019. Umaimah Khan, Opal’s other co-founder and head of product, comes from Collective Health, a self-funded employer health benefits provider.
Opal gives workers a self-serve catalog that allows them to seek and get access to systems. An analytics dashboard gives usage-based ideas, visualizations, and insights regarding access to a customer’s security team. If a user hasn’t used a resource in many months, for instance, Opal’s analytics dashboard can propose that the user’s access be terminated.
For access control, “Opal” offers a novel technique that incorporates insight and work processes. Cobbe claims that “most items are either one or the other.” From security and IT to resource owners, “Opal decentralizes away from overworked teams like as security and IT.”
Opal can automatically find databases, servers, internal tools, and apps, and then delegate access requests to the appropriate teams and administrators for each of these resources. Access may be automatically revoked by the platform, which notifies reviewers through Slack and email and keeps tabs on any alterations.
It was designed to follow the security principle of least privilege, which means that just the bare minimum of access is provided, according to Cobbe. As a whole, Opal enables organizations to develop quickly while ensuring security and compliance.” In order to do this, we develop a culture in which “least privilege,” or providing someone the least amount of access for them to execute a task, is established as a norm and everyday practice,”
DoControl is one of Opal’s main competitors in the access control market. Asked about Opal’s income, Cobbe said he was certain the firm could stand apart with a customer base that includes Databricks, Blend and Marqeta in place.
The importance of security and compliance cannot be overstated for most businesses. Although the present economic climate is challenging, we believe that the budget for value-enhancing items will continue to exist,” he said.