P0 Security – the company building the industry’s first unified solution to secure cloud access and developer entitlements – recently announced it has secured $5 million in seed funding led by Lightspeed Venture Partners, SV Angel, and multiple angel investors. With the new funding round, P0 Security plans to build out its solution with additional functionality and bring it to market.
The company also recently announced the general availability of its flagship product for security practitioners to secure cloud access. By doing this, P0 Security is targeting those organizations that find that a traditional network perimeter cannot secure their cloud-native infrastructure and aims to help them secure critical services and data.
The shift toward cloud-native app development brings many benefits for developers, including scalability, resiliency, and accelerated product development. But cloud complexities have also presented challenges for security teams. A network perimeter (a longtime staple to secure on-premises infrastructure) is not robust enough to secure cloud infrastructure for several reasons.
1.) Whereas previously, mostly human users accessed infrastructure from a single location, now, human and hundreds of machine users (or service accounts) can access infrastructure from multiple locations and devices. 2.) An organization’s critical resources are spread across multiple clouds, with hundreds of microservices interacting with thousands of ephemeral resources. And third, the number of services provided by each cloud provider has exploded, making security using legacy approaches difficult.
To solve this problem, most organizations use a patchwork of point solutions. For instance, they could use a CNAPP or CIEM solution for identity visibility, a PAM solution for controlling privileged access, and yet another for controlling service account keys, etc. And this fails to solve the access security problem because of a couple of reasons. Firstly, organizations do not adopt many tools primarily due to engineering pushback. Secondly, most of these tools were built for simpler infrastructure and failed to accurately piece together the complexity in cloud-native access.
P0 Security is the first solution to give security engineers a unified offering to secure cloud access for all identities, without impacting developer productivity. And out of the box, P0 Security’s solution provides deep visibility into which identities (whether human or machine) have excessive and possibly dangerous permissions to sensitive cloud resources such as virtual machines, storage buckets, cloud services, or production Kubernetes clusters. And security engineers can use P0’s dashboard to right-size roles and permissions for all identities and identify attack paths to critical resources. Security teams can use P0 Security to automate privilege access escalations: Engineers can use P0’s Slackbot to request just-in-time and time-bound, break-glass access to granular cloud resources. This automation reduces the average approval times from hours to mere minutes across customers.
KEY QUOTES:
“Providing secure access to the cloud has repeatedly ranked as one of the foremost concerns across CISOs. This problem is only getting worse with the increasing complexity of cloud infrastructure. With their background, we believe that the P0 team has a unique opportunity to solve this critical problem in a well-differentiated manner. In less than a year, they have assembled a fantastic team and are working with several paying customers, who absolutely love their product. We are proud to lead their seed investment, and believe they have a massive market available to them.”
– Raviraj Jain, partner at Lightspeed Venture Partners
“P0 is a game-changer. Previously, to provide engineers safe access to critical resources in Snowflake and Kubernetes, we created a patchwork of static groups and roles, used Azure PIM to provide escalated access, and spent a lot of time managing group membership. We had to choose between access granularity and ease of use. P0 gives us the best of both worlds by scoping permissions exactly to what our users need, when they need it. I sleep well at night knowing that long-standing escalated access is not lurking in any group. Most importantly, the developer experience with P0 is amazing. Unlike most security products, where it is very hard to drive engineer adoption, the ROI on P0 is clear and almost instantaneous.”
– Eugene Yedvabny, senior staff software engineer at Afresh
“We store sensitive customer data in GCP Cloud Storage buckets. P0 is a mission-critical tool for us to control which engineers and service accounts have access to this data, and for our engineers to request just-in-time and short-lived access to these buckets for their daily work. P0’s adoption was seamless, and it is widely used in our organization.”
– Sumeet Khullar, VP of Engineering at Level AI
“Companies understand the limits of their network perimeter against the backdrop of increasing cloud-native app development, paving the way for P0 Security. With seed funding and the GA of our solution, P0 Security is the first to address a critical need among businesses for a unified solution to secure access in a cloud-native environment. We believe that secure access is always a priority-zero problem for security teams, and we want to give them tools to solve it.”
– Shashwat Sehgal, CEO and Co-founder of P0 Security
