July 17, 2020
Customer Health Insights with Looker’s Colin Zima
In this Speaker Series, Looker’s Chief Analytics Officer and VP Strategy Colin Zima outlines how to define customer health and use it to i...
We’re pleased to welcome our newest Heavybit portfolio company, Aserto.
Aserto is a cloud-native authorization service providing enterprise-ready permissions and RBAC for SaaS applications. The platform satisfies complex enterprise requirements while avoiding the pitfalls of outdated and insecure authorization. Aserto’s opinionated framework handles the heavy lifting required for RBAC and ABAC, while its policy-as-code approach lets customers independently customize their authorization policy.
With 2020’s widespread shift to remote work, IT and security teams saw identity and access control challenges magnified many times over. Although broad early adoption of Zero Trust initiatives address some coarse-grain access control challenges at the edge, there’s still a need to solve for fine-grained authorization as a core part of the application – something that each SaaS application vendor currently customizes in-house.
This is a massive undertaking: unlike authentication, which has standardized on OAuth 2, SAML, and OpenID Connect, there are no standards for authorization — each application has to invent its own permissions and roles, and implement authorization and access control in a one-off fashion. App developers waste time building and maintaining internal RBAC systems, app admins navigate multiple directory consoles and policies to avoid accidental role elevation and data leaks, and security and compliance teams grapple with disparate app authorization models and manual audit trails. Teams find themselves on a requirements ramp, having to reimplement authorization every 3-4 quarters.
Aserto aims to solve that. Cofounders Omri Gazitt and Gert Drapers have tons of experience building enterprise-grade systems in roles as prestigious as CPO at Puppet, VP of HP’s Cloud Native Platform, Chief Software Architect at Azure Active Directory and Hulu, and Director of Developer Platform at Splunk.
Their decision to build an authorization plane and separate authorization policy from application code is unique. The platform makes authorization as easy as an API call, by supporting REST/gRPC APIs with native language and framework bindings and flexible deployment via a hosted service, local service or sidecar. Aserto utilizes a standard source code control system letting teams express authorization policy in one place, and evolving it through a modern GitOps workflow complete with automated authorization audit trail.
And finally, and perhaps most importantly, it applies zero-trust architecture principles to a real-time centralized decision log, eliminating the risk of stale permissions and unauthorized access. By decoupling policy from code, Aserto lets SaaS teams continue to ship updates and make enterprise policy changes, while still reliably serving their enterprise customers.
We’ll be working closely with the founders on their approach and on a much broader rollout in the coming months. To request early-access to Aserto visit: https://aserto.com
Omri Gazitt | CEO | LinkedIn
Omri is the CEO of Aserto, and this is his third entrepreneurial venture. He’s spent the majority of his 30-year career working on developer and infrastructure technology, most recently as the CPO of Puppet. Previously he was the VP and GM of HP’s Cloud Native Platform (with business, product, and engineering oversight for OpenStack, Cloud Foundry, CloudSystem products and services), and a General Manager at Microsoft with responsibilities for Azure, SQL Server, Application Server, and the .NET Framework.
Gert Drapers | CTO | LinkedIn
Gert is the CTO of Aserto and has 30+ years of experience architecting and building customer-focused software, services and teams. In the past he’s held positions as the Chief Architect and VP Engineering at Puppet, Chief Software Architect at Hulu, and he’s held countless engineering leadership positions at HPE Cloud Native, Azure Active Directory, and Splunk.