Permit.io Raises $6 Million Seed to Streamline Permissions in Cloud-Native Applications

Permit.io, the full-stack authorization framework that enables developers to quickly integrate access control into cloud-native applications, emerged from stealth today with $6 million in venture funding.

Or Weis, former CEO and Co-Founder of Rookout, and Asaf Cohen, a former software engineer at Facebook and Microsoft, co-founded the company.

The round was led by venture capital firm NFX and included Rainfall Ventures and a long list of angel investors from the industry, including Amir Jerbi, CTO and Co-Founder of Aqua Security; Cheryl Hung, Engineering Manager at Apple and former VP of Ecosystem at the Cloud Native Computing Foundation (CNCF); Danny Grander, Co-Founder of Snyk; Idan Tendler, CEO & Co-Founder of Bridgecrew; John Kodumal, CTO & Co.

Access control interfaces are a must for modern systems, which is why many developers spend time and resources building them from scratch without prior DevSec experience.

Permit.io includes all of the infrastructure necessary to develop and implement end-to-end permissions, allowing enterprises to incorporate fine-grained restrictions throughout their organization. This contains all of the features required for enforcement, gating, auditing, approval procedures, impersonation, and automating API key management, as well as additional capabilities enabled by low-code interfaces.

“As an industry, we needed to address the authentication challenge before we could truly consider permissions,” explained Or Weis, CEO and Co-Founder of Permit.io. “To use an analogy, authentication is similar to the security receptionist verifying IDs at the front desk – it’s the first layer of defense, and there is excellent tooling currently available.” However, at Permit.io, we’re focused on the second stage, which is a little more complicated: defining what users are permitted to do while within the application.”

According to the Open Web Application Security Project’s (OWASP) most recent research, failed access control poses the most critical web application security risk. Typically, failures result in illegal information disclosure, data change, or destruction, or the performance of a business function beyond the user’s capabilities. According to the report, “94 percent of programs were evaluated for some type of access control failure.”

Permit.io is built on top of Or Weis and Asaf Cohen’s open source project OPAL, which serves as the administration layer for the popular Open Policy Agent (OPA). OPAL takes open policy up to the speed demanded by live applications; as the state of an application changes via APIs, databases, git, Amazon S3, and other 3rd-party SaaS services, OPAL ensures that each microservice is in sync with the policies and data required by the application in real time.

“Permit.io’s creators have a singular vision that looks beyond what is broken and in need of repair to create a new and entirely different reality,” said Gigi Levy Weiss, General Partner at NFX. “By comprehending the challenges engineers face today and the ramifications for companies, they were able to develop a solution that reorganizes the ecosystem and its secure interconnection via access controls.”