Aembit: Identity And Access Management Company Secures $25 Million (Series A)

By Amit Chowdhry • Sep 18, 2024

Aembit, a leading non-human identity and access management (IAM) company, has secured $25 million in Series A funding, bringing the total capital raised to nearly $45 million. Acrew Capital led the funding round, which included existing investors Ballistic Ventures, Ten Eleven Ventures, Okta Ventures, and CrowdStrike Falcon Fund.

This funding round comes in the wake of continued high-profile non-human identity attacks on organizations like Cloudflare, The New York Times, and Microsoft. And non-human identity (NHI) refers to the applications, scripts, and bots that businesses use to automate their operations, as well as the credentials used by NHIs to communicate to sensitive databases, applications, and infrastructure.

The incidents exposed secrets such as API keys, access tokens, and other non-human access credentials used to penetrate enterprise environments. Security professionals recognize the need for an access-focused approach that automates identity-driven, secretless, centrally enforced, and auditable access between distributed applications and SaaS services for sensitive resources in the cloud and on-premises.

Aembit has led the market in solving this emerging challenge by pioneering non-human IAM. And it enables policy-based access management between workloads and the sensitive resources they access, moving beyond reactive visibility and governance to proactively shrink the attack surface of rapidly growing and highly distributed non-human identities. Aembit continues advancing access management with capabilities such as MFA-strength conditional access, policy automation via infrastructure-as-code, and robust auditing for NHI access.

The company co-founders David Goldschlag and Kevin Sapp spent their careers innovating across the identity landscape, most recently creating New Edge Labs (acquired by Netskope), one of the first user zero trust products on the market.

The Aembit Workload IAM Platform enforces secure access between non-human workloads and the services that authorize access to sensitive data and infrastructure. Aembit’s policy engine grants secret-less access just in time based on the workload’s identity and posture.

Utilizing native identities and sophisticated automation, organizations use Aembit to eliminate storage of sensitive secrets within applications or vaults by moving to short-lived access tokens with a no-code auth approach. Through Aembit, businesses proactively secure non-human access while eliminating the manual and fragmented work required today by security, engineering, and DevSecOps teams.

KEY QUOTES:

“Aembit is tackling one of the most pressing challenges in modern enterprise security. The shift to cloud and SaaS, and AI has driven an order-of-magnitude expansion in non-human identities. With the proliferation of microservices and APIs across diverse environments, IAM has become the critical first line of defense for protecting sensitive data. Legacy access management approaches weren’t designed with this level of scale and automation in mind. We are thrilled to be partnering with Aembit to bring a new approach to the market.”

-Mark Kraynak, founding partner at Acrew Capital

“Kevin and I founded Aembit with a vision to help enterprises secure access between non-human workloads, applications, and software resources with the same principles used today to secure human access. Talking to hundreds of enterprises, and working closely with design partners, our approach centers on proactively securing access between non-human identities, while eliminating friction for developers and security teams.”

-David Goldschlag, co-founder and CEO of Aembit

“By solving non-human IAM, Aembit is tackling an essential security challenge. Not only is their approach to non-human access innovative, but Aembit is a provider we can rely on.”

-Brad Jones, CISO at Snowflake and an Aembit customer