Why Secret Management Keeps Growing, Akeyless Raises $65M

Check out the Low-Code/No-Code Summit on-demand sessions to learn how to successfully innovate and achieve efficiencies by enhancing and scaling citizen developers. Watch now.


Every organization has secrets. Modern businesses have a variety of credentials, certificates, and keys that, if left in the wrong hands, could provide complete access to protected information. As a result, more and more providers are looking for innovative solutions to manage these secrets so that they are not exposed to third parties.

Just today, Software-as-a-Service (SaaS)-based secrets management platform Akeyless announced that it has raised $65 million as part of a Series B funding round led by NGP Capital. The company’s platform enables organizations to use workloads to automatically create and rotate secrets.

The provider’s solution uses zero-knowledge technology, so organizations maintain sole ownership of their keys without the provider having any access.

Secrets management has the potential to reduce the attack surface of the enterprise by preventing cybercriminals from obtaining credentials and other entities.

Event

smart security summit

Learn about the critical role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.

Register now

keep secrets

The announcement comes as more and more organizations are struggling to manage secrets. Research has found that 70% of companies say their growth in keys and certificates has increased the burden on operational processes.

This is particularly true for machine identities that can be created and dissolved in a matter of minutes.

“The shift to the cloud and the evolution of development processes (including increased automation and containerization) have created a tremendous increase in machine identities. Many of these identities can be born and die in a matter of hours and minutes,” said Shai Onn, co-founder and president of Akeyless.

However, each of these identities must be managed with secrets.

“In many cases, developers simply write these secrets into their code, exposing them to unencrypted and unmonitored source code repositories, which are often public and vulnerable to attack. This phenomenon is known as secret expansion,” Onn said.

The company’s response to this situation is to provide security teams with a solution to centralize and protect access to secrets.

By leveraging automation to automatically rotate existing credentials, users can reduce their exposure to threat actors, while security teams can use a unified monitoring dashboard to identify and monitor any unusual covert use.

The providers that shape the management of secrets

Akeyless is one of a growing number of vendors who view secret management as the key to securing modern business environments. One of its main competitors is HashiCorp, which offers a solution to manage access to tokens, passwords, certificates, API keys, and other secrets.

HashiCorp most recently raised $175 million in Series E funding in March 2020, bringing its valuation to $5.1 billion.

Another competitor is Doppler, which recently raised $20 million in Series A funding and offers a SecretOps solution designed to help manage and rotate secrets, while also offering an audit trail and encryption to reduce the potential for misuse.

However, according to Onn, the key differentiator between Akeyless and other competitors is its “zero knowledge” approach.

“Akeyless is the only secret management solution that combines the SaaS model with zero knowledge, which means that our customers maintain sole ownership of their keys,” Onn said. “Even Akeyless doesn’t have access to our customers’ keys.”

VentureBeat’s mission is to be a digital public square for technical decision makers to gain insights into transformative business technology and transact. Discover our informative sessions.

Leave a Comment