Aembit, a Maryland-based security startup focused on helping devOps and security teams communicate with federal workloads, is officially launching its services today and announcing a $16.6 million seed round of funding from Ballistic Ventures and Ten Eleven Ventures.
At its core, Aimbit’s workload identity and access management service applies industry expertise from user and device access to managing cloud workloads such as APIs, databases and other cloud resources.
Image Credits: Ambit
Co-founders David Goldschlag and Kevin Sapp have spent the past 17 years working together. Among other startups, they co-founded New Age Labs, a zero-trust platform acquired by Netscope, and Trust Digital, a mobile device management platform acquired by McAfee.
“Along the way, people have always asked us: What about workload-to-workload application-level access? It’s always been something that’s been there and that’s important, but we haven’t delivered,” Goldschlag said. The founders will leave Netskope in summer 2021. When they came out, they finally decided to take on this challenge. “It was important, because all these things were in the ecosystem, right? You had all these APIs that were part of people’s applications,” he said. “If you thought about open source a few years ago, people built applications that included open source. Today, people build applications that include databases and APIs—and now you need to enable secure access between those.
Aembit co-founders David Goldschlag (L) and Kevin Sapp (R). Image Credits: Ambit
AMbit’s mission is distinct from API Gateways and Security Services, he noted. These services live in front of an API and help developers build and securely expose those APIs to internal and third-party developers. But Aimbit’s focus is on the client accessing the API and ensuring that this client is authorized to access it. Compare that to what today’s identity management systems help enterprises provide to their users. When a user uses Okta to sign in to Microsoft 365, for example, the user connects to Okta and is then authenticated to access the service.
To do all of this, AMbit needs to be a system of record not only for all these workload accounts, but also for the workloads themselves (those workloads are now obsolete, which makes it even more of a problem).
Image Credits: Ambit
“You want to start at the base level, which is you have an identity and you have a policy. You have enabled access and entered this. But you’re going to want to get more and more workloads from all these scattered places — and then you’re going to want access patterns, Goldschlag explains. “Our system can do that. We can deploy the system in passive mode – discovery mode – to tell what accesses are happening.
Then, using this as a roadmap, it becomes easier to see how these workloads typically interact and take action when something changes.
“Enterprises have devoted significant resources to securing the connection between people and the software they use. But, as businesses move to the cloud, a new and rapidly growing attack surface has emerged,” said Jake Seid, founder and general partner of Ballistic Ventures. Workload and workload relationships need to be identified, maintained and managed. Ambit It is defining this new workload IAM category to protect enterprises’ most critical digital assets. It is an honor to work with you. Ambit Founders from Day 1 and to continue to support them on their journey.”
Aembit currently has 11 full-time employees, almost all of whom are in engineering. With the new funding, the company plans to grow its marketing team and build its product. AMbit, which is doing particularly well in selling to large enterprises, plans to launch a self-service product soon, which will allow it to expand to small and medium-sized businesses as well.
