Tomer Greenwald, Uri Sarid and Ori Shoshan, software developers by trade, found themselves building and configuring software authentication and authorization mechanisms repeatedly — each time with a different tech stack. Frustrated with the process, they sought to create a platform that enables developers to focus on writing code rather than on constantly configuring server permissions.
So Greenwald, Shoshan and Sarid, the former CTO of MuleSoft, founded Otterize, which aims to allow developers to securely connect different software services to each other and infrastructure by automatically configuring existing security controls. Otterize today raised $11.5 million in a seed funding round led by Index Ventures with participation from Dig Ventures and Vine Ventures, Jibe Ventures, Crew Capital and Operator Partners.
“Most software these days is composed of multiple services that call each other,” Greenwald told TechCrunch via email. “With Otterize, developers can make those calls securely by simply declaring, alongside their code, the calls their code intends to make.”
As Greenwald went on to explain to me, Otterize uses declarations to set access controls to allow intended calls — and block any unintended ones. If one service is compromised, it can’t be used to compromise other services it wasn’t intended to call. As an added benefit, Otterize provides a real-time map — Greenwald calls it an “access graph” — of all the services in the software app’s backend and how they’re calling each other, which certificates they’re using, how they’re protected and what remains to be secured.
Developers can embed Otterize’s open source solution in their development pipeline or opt for Otterize’s newly launched fully managed solution, Otterize Cloud.
Image Credits: Otterize”The way most access control mechanisms work, someone has to keep track of what services should be allowed to access another service, data source or API. That’s tedious, error-prone and requires being an expert at every technology used for authentication and authorization,” Greenwald said. “With Otterize, no knowledge is required from developers of how these technologies work, and maintenance happens automatically based on the one source of knowledge likely to always be correct and up to date: the developers of the code making those calls declare their need when they build it.”
Otterize currently isn’t generating revenue — it has only offered a free service until recently — and wasn’t willing to talk about its customer base. Asked about the broader slowdown in tech and headwinds like the Silicon Valley Bank collapse, Greenwald expressed confidence that Otterize’s focus on “responsible growth” and “prioritizing product-market fit” position the company well.
Time will tell. But one factor in Otterize’s favor is the heightened spending on cybersecurity, particularly in the enterprise. According to a 2021 survey from JumpCloud and ESG Research, 97% of security executives planned to expand or continue existing spend on identity and access management tools.
Beyond access management, 65% of organizations plan to increase spending on cybersecurity this year, an ESG Research poll found. Gartner predicts that global spending on security and risk management will grow by more than 11% in 2023, up to $188 billion from just $158 billion in 2021.
“By taking a measured approach to growth, we’re able to ensure that we’re providing value to our customers and building a sustainable business behind that value for the long-term,” Greenwald said. “Otterize is pioneering a new approach for access controls, automating the provision and maintenance of necessary access without human coordination, in so doing also securing the entire ecosystem of services based on least-privilege principles.”