Founders in Focus: David Goldschlag of Aembit
Each month we’ll highlight one of the founders of Okta Ventures’ portfolio companies. You’ll get to know more about them and learn how they work with Okta. This month we’re speaking with David Goldschlag of Aembit.
What is Aembit and what is your mission?
Aembit is the first Workload Identity and Access Management (IAM) company. Aembit’s Workload Identity Platform secures access between workloads in distributed applications, supporting APIs, databases, multi-cloud, and B2B. We make it easier and more secure for applications and services to connect across enterprise and service boundaries while removing a significant security engineering burden from developers.
Aembit’s mission is to enable every business to safely build the next generation of applications by inherently trusting how it connects to partners, customers, and foundational services. In the process, we're empowering the DevOps and security communities to do their jobs much more efficiently, while making secure access part of the platform.
What were you doing prior to Aembit that led you to this moment?
I firmly believe that we’re in the age of Identity, and it’s creating a significant change in how applications are built and secured. Let’s take a step back, and I’ll tell you more.
My co-founder, Kevin Sapp, and I previously co-founded New Edge Labs, which was acquired by Netskope and became Netskope’s Zero Trust platform. New Edge solved the problem of giving users fine-grained access to applications based on their identity and other characteristics, as opposed to network access via a VPN.
Along the way, people often asked us: What about workload-to-workload access? Users were the primary focus of Identity back then, but the sentiment is shifting because application design has changed. While applications of the past tended to be monolithic, or encompassing a three-tier architecture that was under your control, applications now are typically composed of distributed services across multiple clouds, connecting to third-party APIs and SaaS services and to sensitive databases with multiple levels of access. As a result, your typical application today is much more sophisticated – but also comes with higher risk and a greater attack surface.
So the needs have changed. Where before a static secret or password was sufficient for workload-to-workload access – and management of these secrets may have been left to individuals – now DevOps teams want to centrally authorize access with policies based on the identity of the workload, and security wants to be able to set guardrails and audit access.
What is Aembit’s solution? What challenge does it solve?
Enterprise applications are becoming more distributed. They include software the enterprise develops, along with databases, cloud, and SaaS APIs, and third-party APIs from customers’ and partners’ applications.
Many companies today still rely on secrets and secret managers to secure workload-to-workload access among these services. But those secrets are brittle and hard to manage. More importantly, you really don’t want to manage secrets; you want to manage access. You want to create policies that specify which workloads can access particular data or services. Think about secrets in the clear in your GitHub repo, or worse the Post-It note on your DevOps engineer’s monitor. Your security teams have limited visibility into access, and your engineers are forced to become security specialists – in addition to creating your product. It’s a difficult situation that is holding companies back. It's like user password management before single sign-on and workforce IAM existed.
To solve this, Aembit has pioneered the first cloud service for Workload IAM. Much like user Identity is the core idea behind Zero Trust access, we provide you the ability to identify workloads based on a range of characteristics and define policies that determine workload access rights. And then we dynamically enforce those policies and log all accesses. Along the way, we eliminate static secrets, alleviate the need for developers to code workload-to-workload auth, and make it easy for DevOps and security teams to centralize visibility and control.
Caption: The Aembit Workload IAM Platform verifies the identity of the application before allowing policy-based access to your sensitive data and applications. It takes away the burden of coding auth for developers while making secure access more scalable, centralized, and auditable.
Why did Aembit want to work with Okta?
Aembit and Okta have a shared sense of purpose. Both companies have taken an Identity-first view of the world, and consider modern IAM as a fundamental capability for enterprises to secure their data, their business, and by extension their customers. It’s a natural partnership because, together, we can secure all the identities that a business deals with across its organization: workforce, customers – and workloads.
This shared viewpoint, combined with Okta’s market-leading position in Identity, assures they would be a strong investment partner with a track record of helping their portfolio companies grow.
How is Aembit working with Okta? What support do you look for in a corporate partner?
The ideal corporate partner is one that shares your philosophy and can help you grow effectively. Okta meets both of these characteristics for us.
From a go-to-market perspective, we are leveraging Okta’s deep industry connections to bring Workload IAM to Okta customers who want to extend Identity beyond managing user identities.
There is also ample opportunity for technical innovation and integration between us. Enterprises want the simplest and most streamlined way to manage all the identities that impact their business, while also recognizing that the workflows surrounding those identities are significantly different. We believe that, combining our strengths and technical capabilities, we can create this future for our customers.
What trends do you expect to see in the IAM industry?
Identity-based attacks constitute the majority of incidents reported by businesses today, cementing the importance of sound IAM. Securing access also mitigates the consequences of non-Identity-based attacks, such as malware, by limiting what can be accessed or modified once an application or system is compromised. As a result, Identity-first security will continue to rise in importance. And like Zero Trust has brought a focus on least-privilege access for users, we’ll start to see Zero Trust concepts applying to workload-to-workload use cases too.
Finally – and this may be more of something we’d like to make happen versus something that is already happening – it must become easier for developers to consistently implement secure access within their applications. Developers should be able to focus on business functions, and Identity and secure workload access should become a seamless part of every enterprise’s security platform. That will vastly improve enterprises’ security posture while accelerating innovation and product development.
Interested in learning more about Okta Ventures? Check out more info here
