November 16, 2022

It’s time to talk secrets: Why we invested in Akeyless

Dive into the latest perspectives, insights,
and updates from our global community.

Written by:

No items found.
No items found.

We are thrilled to announce backing the team at Akeyless and leading their Series B of $65M together with existing investors JVP and Team8. Akeyless is a cybersecurity SaaS company operating in the obscure space of secrets management–a space that far too few people in the broader tech community know about.

Secrets are the keys to the vault

As industries and value chains mature, the level of specialization and division of work between companies tends to increase. Where automotive manufacturers of the past would make their own wheels and windshields, they now tap into a network of thousands of suppliers and sub suppliers. Over time, automotive manufacturers have become integrators. While efficiency and quality increase as a result, so does complexity as the number of interfaces and interactions between suppliers grows.

Now how is this relevant to cybersecurity and secrets management? The software industry is rapidly undergoing a similar development–moving towards service-based architectures. Monolithic software is being replaced by modularity: modern software is built out of countless little “machines” i.e., microservices, databases, cloud storages, and applications that can be internally built or provided by third-party suppliers. These machines are stitched together using Application Programming Interfaces (APIs), which are accessible over the internet. And the number of machine-to-machine connections is growing exponentially. While this makes product development much nimbler, at the same time it introduces a host of novel security issues: when a service is accessing your precious database, how do you know it’s safe?

The answer is secrets. Secrets, for example, API keys, database passwords, or encryption keys, are digital credentials for authenticating machine-to-machine interactions. Secrets are the keys to the vault and help keep malicious actors out.



On the lookout for sprawling secrets

When first diving deeper into the topic of secrets management, we were bewildered to learn about its current state. The bulk of enterprises lack any centralized management of secrets, and instead, secrets are scattered across business units and teams in various tools. This has been given a fitting name in the industry: “secrets sprawl”. Safe storage and handling of secrets is often at the mercy of individual engineers and their (fingers crossed) secure ways of working. Inevitably, hardcoded secrets can be often found in configuration files (not cool), embedded in source code in public GitHub repositories (definitely not cool), or even on post-it notes attached to a nearby wall 🙈.

To address these issues, we’ve seen a surge of solutions providing secrets scanning capabilities, which help identify cases of misplaced secrets. Although this is certainly better than nothing, it’s still only treating the symptoms rather than the cause. This is where Akeyless comes into play.

Akeyless gets rid of the complexity of managing secrets

Akeyless was founded in Israel in 2018 by Oded Hareven (CEO), Shai Onn (Chairman & President), and Refael Angel (CTO). Oded, Shai, and Refael have since built a team of 70+ strong across Israel and the US. We had the pleasure of working with Oded already when he was with another NGP portfolio company, Moovit, which was acquired for $900M by Intel in 2020.

Akeyless’ vision from the beginning has been to create an easy and secure way of managing secrets for DevOps, SecOps, and security teams. Current alternatives are mainly on-premise or open source solutions requiring specialized talent and extensive efforts in deploying and maintaining them. Cloud providers themselves also have elementary secrets management capabilities, but those do not scale when working across a large organization and a hybrid/multi-cloud setup.

The secrets vault of Akeyless provides several key advantages. First, Akeyless is a fully managed SaaS solution that is easy to implement, integrate, and maintain. Akeyless plugs into services such as Okta, Terraform, and Kubernetes, and even allows migrating secrets from existing solutions onto Akeyless. Second, Akeyless is built for multi/hybrid cloud, which means it works well even for customers with complex architectures combining multiple cloud providers with on-premise. Third, all secrets are protected with strong encryption called “Distributed Fragments Cryptography” (DFC). DFC encrypts secrets using fragments of encryption keys. These fragments are never combined but distributed across multiple locations in the cloud and the customers’ premises. This ensures that no one party (including Akeyless) possesses the complete encryption key.

From secrets management onwards

Secrets management is a foundational capability for any company hoping to develop secure software, and Akeyless is the leader in the space. But we think it’s only the beginning. With secrets management as its starting point, Akeyless is creating the next-generation identity and access management company. The company has already shown proof points of this broader vision by, for example, launching a secure remote access product (see here). More to come!

We’re excited to welcome the Akeyless to the NGP Capital portfolio, and we’re very much looking forward to the journey ahead.

Oh, and Akeyless is hiring (see here)!

If you have any questions or feedback related to this post, please reach out to ossi@ngpcap.com.

Read the exclusive on TechCrunch.