Founders in Focus: Bel Lepe of Cerby

Each month we’ll highlight one of the founders of Okta Ventures’ portfolio companies. You’ll get to know more about them and learn how they work with Okta. This month we’re speaking with Bel Lepe of Cerby.

What is Cerby and what is your mission?

Cerby is a security automation company and our focus is on making security every employee’s business.

In today’s climate, our employees are trusted to do more work on their own, typically on their own devices, and on their own networks. Cerby helps protect them by automating away the common security hygiene tasks that employees often forget or simply don’t know to carry out. This frees up both IT and security teams to focus on getting work done versus playing the cat-and-mouse game of, who is using which app, while hoping the app administrators configured it correctly.

What were you doing prior to Cerby that led you to this moment?

The idea for Cerby came from working with customers at one of our previous companies (Wizeline, co-founded by Vidal Gonzalez, also a Cerby co-founder). A key leader at that company highlighted a growing issue with certain business-critical apps: they kept getting hacked because they lacked SAML and SCIM support. This meant they couldn’t interface with their identity provider. Based upon this discussion, we took a deeper look into the problem space and found what we thought was a great idea to develop into a company.

What is Cerby’s solution? What challenges does it solve? 

Cerby provides businesses of all sizes with a registration and automation platform. Employees can register apps that are not managed by their IT team, add their own permissions, then the Cerby system automatically identifies and addresses security gaps for these apps—whenever and wherever they emerge.

Different from other solutions which often rely on employees to carry out business-critical tasks (like enabling 2FA or disabling a feature that violates an IT policy), the Cerby system automatically detects a noncompliant state and automatically corrects it. This allows for a much higher security posture for the apps, especially when non-IT users are the primary administrators of them. 

Below are some of the most common actions we can automate:

• SSO for any app, especially for non-SAML, non-OIDC supporting systems
• Password rotation based on external triggers (deprovisioned employee, account breach, etc.)
• 2FA enrollment supporting common 2FA types like TOTP, SMS, Email, and others
• Provisioning and deprovisioning account access, especially for non-SCIM supporting systems
• Per-app permissions mapping and reconciliation with IT policies (e.g., disabling root user access if IT has a policy which disallows this)
• “Containerizing” apps and then layering on roles that are non-native to the app (e.g., a third party can only access a certain part of the app)

Why did Cerby want to work with Okta?

We have had several opportunities to connect with other Okta Ventures portfolio companies and the feedback was always positive. Okta truly puts the full weight of its reach and knowledge behind its companies and we’ve already started to see that play out in real-time. We’ve been able to leverage their customer base for leads and have been able to leverage their leaders across HR and engineering to gain knowledge on how we should approach building our product and our team given their collective experiences. 

Moreover, Cerby as a product also works best when deployed alongside an identity and access management platform, like Okta. In fact, most of our customers leverage Okta as their internal (and external) IAM system. The opportunity to work more closely with a critical player and leader in our ecosystem simply made too much sense to pass up.

How is Cerby working with Okta? What support do you look for in a corporate partner?

When evaluating a partnership with a corporate partner, our experience tells us that a successful corporate partnership requires:

• shared values
• a certain number of product synergies
• the ability for those product synergies to drive value for customers

Okta is one of the rare corporate partners where all three were clear and accessible from the beginning. Especially on the product synergies front, many of our customers use us on top of Okta, which has allowed our customers to extend their visibility and control over the apps used across their enterprise ecosystem. 

What trends do you expect to see in the security automation industry? 

Below are trends that influence our approach to security automation:

• Product Led Growth will create many more, non-IT technology buyers inside the average enterprise. Today, these purchases represent one out of every two purchases and will eventually account for three out of every four. 
• As Millennials and Gen Z workers start to make up more than half of the workforce, we’ll see further consumerization of enterprise tech. This will directly lead to app usage that is further out-of-sync with standard security practices, resulting in 2 out of every 3 cyber security attacks originating from apps managed outside of IT.
• The average cost of each cyber security attack will also continue to grow beyond the global average of $4.37M today. This will be due to more sensitive data shared in more “unmanaged” apps across the enterprise. 

We believe the above trends point to a significant and growing attack surface that  can only be addressed through security-focused automation. This is why we built the Cerby platform.

Interested in joining Okta Ventures? Check out our FAQ here and feel free to reach out to our team or submit your business for review.