Our mission is to help organizations secure identities by achieving least privilege.
We believe:
Data is the most valuable asset of an organization. Think about all the assets of your tech stack: infrastructure, compute, apps, and the network are increasingly commoditized, bought as on-demand services, and have value because they move, transform, and store data. Data is at the top of the value pyramid of any organization that leverages technology.
Data needs to be secured and protected. Over the last 2+ decades, the industry has innovated modern cyber solutions across the network-compute-endpoint stack, but we haven’t cracked the code on the principle of least privilege – the core foundation to securing access to data everywhere.
Permissions are the foundation of the principle of least privilege to access data. Understanding and managing the relationships between resources, actions, and identities is a central requirement for Identity Governance and Administration (IGA), Privileged Access Management (PAM), Data Access Governance (DAG), Identity and Access Management (IAM), SaaS Security, NHI Security, and Agentic AI Security. None of the existing identity solutions answers “who can, has, and should take what action on what resource” comprehensively, and we believe that doing this effectively will disrupt and transform the practice of Identity Security. Once you truly understand permissions, then (and only then) can you tackle the problem of the principle of least privilege.
AI technologies (including LLMs, Gen AI, and Agentic AI) will be the centerpiece of the next generation of great companies. Intelligently collecting, using, and combining data to solve specific problems will be the key to creating a strategic AI moat for companies. These will be the most transformative technologies over the next decade, and the winning companies in any technology space will be heavily weighted toward those that can leverage this technology most effectively. Managing Identity Security effectively for AIs is currently the largest impediment to widespread utilization and will be a key in extracting value from AI initiatives.
Non-humans, machines, and workloads are at the new frontier of Identity. People matter, but service accounts, keys, and secrets are growing more quickly, and legacy approaches don’t give good visibility or insight “beyond the human.” People have traditionally been siloed in IAM systems, and service accounts have been an afterthought in identity programs. A modern approach to identity security has to connect both to human identities and non-human identities, which connect primarily via service accounts.
IAM and Cyber are converging. Securing access to data is rooted in a core identity problem: understanding “who can take what action on what data.” To crack this code, we need to go beyond user and group directory services to understand the system-specific permissions. Permissions and entitlements are the purest form of access, and all this data set needs to be normalized.
Data architectures have changed forever. In earlier stages of digital transformation, the areas of infrastructure, identity, apps, and compute went through massive change. Now, data is moving to the cloud, and the transformation to cloud-native data systems is in full swing. Data is the fundamental core kernel for the Gen AI era to realize the full potential. Nevertheless, enterprises still rely on a range of on-prem systems and will continue to for years, if not decades. Data is everywhere, not just in “data systems.” Data has broken free of databases; it lives and travels through multiple cloud-based and on-prem systems. For example, mission-critical company data is flowing through compute services like AWS EC2, created in apps such as GitHub, accessed through secret managers such as Hashicorp Vault, and visualized in apps such as Tableau.
Great products must be practical and rooted in customer needs. Customers know their problems, and you must be guided by them. Your solution must not just look good on a datasheet, but must also be deployable and usable, and not force a rebuild or re-architecture. For example, cloud may be driving change, but hybrid on-prem is often still the reality for many.
New solutions should not introduce new potential points of failure into the customer infrastructure. Designing solutions that add new dependencies and risk to data infrastructure (e.g., in-line or proxy architectures) is doomed to be only adopted for side projects. Solving one problem by introducing a new and bigger one isn’t helpful and practical for wide adoption.
Open Extensibility > Closed Ecosystem. Although we love Apple products, we believe that for organizations, extensibility wins over a walled garden. Connecting to many things and allowing others to do so as well ultimately creates more value for our customers.
Compliance should actually improve security. Audit and compliance are a “necessary but not sufficient” business process. The vast majority of victims of cyberattacks passed all their security audits! Since you need to do compliance anyway, you should make it reduce your security risk in a meaningful way, vs. relying on “security theater.”
We are determined optimists. When faced with an unsolved problem, we start with the belief that we can solve it with a first principles mindset, rather than assuming it is too difficult to be solved. When inevitably faced with adversity along the way, we welcome the challenge that will make us stronger and dissuade others from following behind.
Iterative mindset. By design, we do not deliver products that are perfect in their first iteration, and we iterate quickly to improve based on real-world customer feedback and usage.
