In the year In 2018, Rafael Angel, a former security software engineer at Intuit, had an idea for a new approach to securing encryption keys — random strings of bits used to spoof and decrypt data — in the cloud. He met with Shay On and Oded Hareven, where Angelu worked five years ago, to look for suitable signs for the product market. After finding it, the three co-founders together built a service for managing passwords, API keys and digital certificates, which turned into a full-fledged startup business – Achilles – over the next several years.
Today, Achilles is thriving, Angel told me — despite stiff competition from incumbents like Hashicorp Vault, AWS Secrets Manager and Google Cloud’s Secret Manager. Achilles has clients in the retail, fintech, insurance and gaming sectors, including Wix and Outbrain, among others. And the company’s revenue increased by 350% last year.
“The pandemic and resulting workforce trends, such as work-from-home initiatives, have only increased the need for workers to access corporate IT resources remotely and accelerated the adoption of cloud technologies and increased the amount of privacy required,” Shai told TechCrunch. Email interview. In software development, “secrets” refer to credentials such as passwords and access tokens. “Amidst the same recession and technology slowdown, organizations will only be more encouraged to look for software-as-a-service-based solutions that offer rapid deployment, low-to-zero maintenance, global automation, low cost of ownership, and high adoption rates.”
To lay the groundwork for future growth, Achilles today closed a $65 million Series B round — $45.5 million in equity and $19.5 million in debt — led by NGP Capital, along with Team8 Capital and Jerusalem Venture Partners. Bringing Achilles’ total funding to $80 million, the new capital will give the company at least two and a half years of runway and will be used for various sales, marketing, customer service and product development initiatives, Hareven said in an email.
“This will allow us to navigate the current economic climate and continue to bring to market the solution we so desperately need,” he said.
Achilles’ co-founders attribute the startup’s success in part to the comprehensiveness of its product offerings. Akeyless encrypts and signs the certificates, credentials, and keys that organizations use to secure their systems, applications, and data. The platform performs encryption operations using encryption key fragments available in different regions and cloud providers. The pieces are never combined — not even during the encryption and decryption process, Hareven claims — and one of the pieces is created by the client to ensure that Achilles has zero knowledge of the keys.
An overview of the Akeyless Secrets Management Dashboard. Image Credits: Akeyless
The main problem with attempts to tackle Akeyless is what Hareven calls “mysterious expansion.” As the company’s IT environment expands, the amount of passwords, API keys, and certificates that the company uses to enable authentication between processes, services, and databases increases. Those passwords and keys are found in code, configuration files, and automation tools, introducing the risk of a data breach.
According to a study from code security platform GitGuardian, three in 1,000 codes will expose at least one secret by 2021. GitGuardian estimates that application security engineers must handle more than 3,400 security incidents on average. And in a separate report by Forrester, published in the same year, developers found that in the last two years, 57% of their employers have experienced a security problem related to exposed secrets.
Akeyless’ solution is to leverage encryption through plugins for existing IT, dev and security tools and capabilities like disaster recovery, Hareven continued. Secrets stored in the platform are made accessible to all company environments.
“Modern password management solutions when solving security challenges [development] “Many organizations are still forced to rely on security and deprecated tools to protect secrets in legacy environments,” Hareven said.
Achilles certainly holds a large and lucrative sector – Grandview Research predicts that the password management software market will reach $2.05 billion by 2025. But it will have to fend off rivals like Doppler, which recently raised $20 million for its platform. To help companies manage their application privacy. Another challenge will be convincing holdouts to embrace privacy management as a discipline. According to one report, as of 2019, 10% of organizations were using password management solutions.
If Achilles’ co-founders were worried, they didn’t show it. In contrast, Hareven pointed to the group’s cybersecurity history — its previous security operation, Fireglass, was bought by Symantec for $250 million — and Achilles said it was expanding. year.
Hareven didn’t mention it during our conversation, but Achilles could benefit from broader VC interest in cybersecurity. Venture capital investments in security startups have surpassed $13 billion this year, up from $11.47 billion in 2020, according to Pitchbook data.
“Being a software-as-a-service provider and free from ‘early technical debt’ makes our economy more agile, allowing us to respond faster to market needs and innovate faster,” Hareven said.
