Akeyless cashes in to help businesses manage their passwords, certificates, and keys businesskinda.com

In 2018, Refael Angel, a former security software engineer at Intuit, had an idea for a new approach to protecting encryption keys — the random sequence of bits created to encrypt and decrypt data — in the cloud. He met with Shai Onn and then Oded Hareven, with whom Angel had worked five years earlier, to look for signs of a product-market adjustment. After finding it, the three co-founders built a service for managing passwords, API keys and digital certificates together, which grew into a full-fledged company — Shaftless – in the course of the coming years.

Today, Akeyless is thriving, Angel tells me, despite stiff competition from incumbents like Hashicorp Vault, AWS Secrets Manager, and Google Cloud’s Secret Manager. Akeyless has customers in the retail, fintech, insurance and gaming industries, including Wix and Outbrain. And the company’s revenue is up 350% in the past year.

“The pandemic and ensuing workforce trends, such as work-from-home initiatives, have only increased the need for employees to access corporate IT resources remotely and have accelerated the adoption of cloud technologies and increased the number of secrets needed,” said Shai. to businesskinda.com. in an email interview. In software development, “secrets” refer to credentials such as passwords and access tokens. “Similarly, the economic downturn and technical slowdown will only further encourage organizations to seek software-as-a-service based solutions that offer faster deployment, little to no maintenance, global auto-scalability, lower total cost of ownership and higher adoption. prices.”

To lay the foundation for future growth, Akeyless today closed a $65 million Series B round – $45.5 million in equity and $19.5 million in debt – led by NGP Capital with participation from Team8 Capital and Jerusalem Venture Partners. Bringing Akeyless’ total funding to $80 million to date, the new capital will give the company at least two and a half years of runway and will be used for various sales, marketing, customer service initiatives. and product development, Hareven said via email.

“This allows us to navigate the current economic climate and continue to provide our much-needed solution to the market,” he added.

The co-founders of Akeyless attribute the startup’s success in part to the comprehensiveness of its product offerings. Akeyless encrypts and signs the certificates, credentials, and keys that organizations use to access their systems, apps, and data. The platform performs cryptographic operations using fragments of an encryption key that reside in different regions and cloud providers. The fragments are never combined — even during the encryption and decryption process, Hareven claims — and one of the fragments is created on the client’s side to ensure that Akeyless has no knowledge of the keys.


An abstracted view of the Akeyless secret management dashboard. Image Credits: Shaftless

The core problem that Akeyless is trying to address is what Hareven calls “secret sprawl.” As a company’s IT environment grows, so does the number of passwords, API keys and certificates the company uses to enable authentication between processes, services and databases, he notes. Those passwords and keys can be found in code, configuration files, and automation tools, creating risks that can lead to data breaches.

According to a 2021 questionnaire from code security platform GitGuardian, three code commits out of 1,000 reveal at least one secret. GitGuardian estimates that app security engineers have to handle more than 3,400 secrets on average. And in a separate one report from Forrester, published the same year, developers revealed that 57% of their employers have experienced a security incident related to publicly disclosed secrets in the past two years.

Akeyless’ solution is to centralize secrets through plug-ins to existing IT, development and security tools and capabilities such as disaster recovery, Hareven continued. Secrets stored by the platform are made accessible in all environments of a company.

“While modern secret management solutions address the security challenges of [development] environments, many organizations are still forced to rely on isolated and disconnected tools for securing secrets in legacy environments,” Hareven said. improve all environments and use cases.”

Akeyless is certainly located in a large and profitable sector – Grand View Research predicts that the password management software market will be worth up to $2.05 billion by 2025. But it will have to fend off rivals like Doppler, which recently raised $20 million for its platform to help companies manage their app secrets. Another challenge will be convincing holdouts to embrace secret management as a discipline; according to an reportIn 2019, only 10% of organizations used secret management solutions.

If the co-founders of Akeyless are concerned, they haven’t shown it. Rather, Hareven pointed to the team’s track record in cybersecurity — Fireglass, Onn’s previous security venture, was acquired by Symantec for $250 million — noting that Akeyless is expanding, with plans to expand its 80 -stubborn workforce to double by the end of next week. year.

Hareven didn’t mention it during our conversation, but Akeyless is also likely to benefit from the continued broader VC interest in cybersecurity. Venture capital investments in security startups surpassed $13 billion this year, according to to PitchBook data, an increase of $11.47 billion in 2020.

“Being a software-as-a-service provider and free of the ‘on-premise technical debt’ of version control and support makes our economy much more efficient, allowing us to respond more quickly to market needs and innovate quickly,” said Harvey.