Remember when a Twitter subcontractor disabled Donald Trump’s personal account for 11 minutes in 2017? Opal Co-founder Stephen Cobbe says this is an example of where some employees have had too much access to the inner workings of the company.
His company, based in San Francisco and New York, works with companies to design intelligent user access policies and automate reviews of the company’s current access points. Cobbe explained that companies grant too much access or restrict it too much.
Cobbe and his founding team come from companies like Dropbox, Scale, Brex, MuleSoft and Palo Alto Networks. He has personally seen some of the issues with managing access at scale at Dropbox. What is happening is that organizations have access policies around what roles do what, but in reality, life does not fit perfectly into those access structures, he added.
“Employees can have too much access, that’s how the Twitter employee got to go rogue,” Cobbe told TechCrunch. “When the companies we spoke to tried to solve the problem, they weren’t happy with the existing solutions. We surveyed 100 companies and found that they all had versions of the same internal tool that they updated individually each time.
The tools are also generally based on SAML, or Security Assertion Markup Language, and are not up to the task of managing the various systems that organizations have. Instead, Opal’s approach is to transform a once rigid model into a needs-based model through API integrations.
Companies can log in and see a list of engineering infrastructures, SaaS applications, and internal tools. When access requests are made, they are routed to an owner for approval. On the other hand, when an employee leaves the company, an owner can enter and remove access with the push of a button.
To continue to develop its platform, Opal closed a $ 1.8 million funding round led by Greylock. Angel investors participating in the deal include Expanse CEO Tim Junio, Abnormal Security CEO Evan Reiser, and Signal Sciences CEO Andrew Peterson.
“Every business knows that managing permissions on a large scale is a challenge,” said Saam Motamedi, partner at Greylock, in a written statement. “More systems means more attack vectors, places to audit and overhead to give engineers the access they need. Opal is tackling these issues with a strong team of security experts, and I look forward to partnering with them along their journey.
Opal was founded in 2020, but came out of stealth mode a few months ago. It already boasts a list of customers, including Blend and Coffee Meets Bagel. The company used the new investment to hire from both the engineering side and the business side, Cobbe said.
He did not disclose any growth metrics, but said the company is set to raise another round of funding in the future.