Scalable Least Privilege
Our Investment in Opal
We are excited to announce Greylock’s Series Seed and Series A investments in Opal, an authorization and access management platform built for modern development teams and the cloud.
Large and Evolving Market, New API-Based Architecture
Every enterprise struggles to manage internal access to sensitive resources like databases, application roles, source code, and the cloud, with the burden typically falling on IT and security. Access has to be handled carefully, particularly when it involves sensitive data or company IP – in fact, privilege abuse of this access was the leading cause of data breaches in 2021. However, instituting restrictive access policies creates a Catch-22 – delayed access to resources can cause bottlenecks in employee productivity and preclude quick responses to fix issues in critical resources.
Just as Okta has consolidated authentication across applications, there is an opportunity to consolidate authorization for internal resources and create a central hub for managing employee access. Opal bridges the gap between too little and too much access, enabling enterprises to manage employee access securely and at scale without compromising productivity.
NEW APPROACH TO SCALABLE LEAST PRIVILEGE
Opal allows enterprises to adopt a just-in-time access posture – a user submits a request for access to a particular resource for a variable amount of time or requirements, and that request is routed to the owner with appropriate context and identity. This process decentralizes the employee access process across the organization so that those with the most context on the requested resources are reviewing and managing access, rather than a single, central function. After the work, access is automatically revoked, allowing the company to maintain a least-privilege stance.
Enterprises have tried a mix of tools to solve the access management challenge. Some companies attempt to solve it by extending their identity systems like SAML-based Okta or Active Directory. However, these lack the necessary visibility and granularity into the underlying resources like EC2 instances or Kube clusters, instead recognizing only holistic AWS access. On the other hand, traditional PAM and resource-focused players lack strong concepts of groups and identities, and are typically focused on-prem or rely on proxy-based architectures that are difficult to deploy and manage.
Opal is built for developers and relies on a clean API-driven approach to integration. By combining groups and resources, Opal offers best-in-class visibility and control. It also provides resource owners and security/compliance teams with visualization tools and usage data. That way they can understand who has access to what and how they’re using it, serving as a trusted source during otherwise tedious access management audits.
Today, Opal’s platform is the access management tool of choice by leading companies across a range of industries including Databricks, Blend, and Marqeta.
TEAM WITH EMPATHY FOR THE PROBLEM
Opal was founded by a team with firsthand experience dealing with access management challenges at large companies. As a developer at Dropbox, CEO Stephen Cobbe saw how much tooling had to be built and maintained because of the lack of solutions available. Today, the team is about two dozen people from companies like Okta, Hashicorp, Salesforce, Dropbox, Amplitude, and Samsara, with plans to grow the team this year. If you’re interested in joining, they are hiring!
Greylock has a special history of partnering with entrepreneurs at company formation to help build and scale leading software companies. Opal is the latest in a distinguished list of innovative security companies that Greylock has partnered with over the years, including Palo Alto Networks, Okta, Skyhigh Networks, and Imperva; and more recently Abnormal Security, Apiiro Security, Cato Networks, and Obsidian Security.
We’re thrilled to partner with Opal as they continue to help enterprises balance usability with least privilege—empowering both end users and admins.