Remember when a Twitter contractor deactivated Donald Trump’s personal account for 11 minutes in 2017? Opal co-founder Stephen Cobbe says that is one example of an instance where certain employees were provided too much access to the inner-workings of the company.
His company, based in San Francisco and New York, is working with enterprises to design intelligent user access policies and automate reviews of current company access points. Cobbe explained that companies either grant access that is too broad or restrict it too much.
Cobbe and his founding team come from companies like Dropbox, Scale, Brex, MuleSoft and Palo Alto Networks. He personally saw at Dropbox some of the pain points of managing access at scale. What happens is that organizations have access policies around which roles do what, but in reality, life doesn’t fit perfectly into those access structures, he added.
Opal dashboard. Image Credits: Opal
“Employees can have too much access, which is how the Twitter employee was able to go rogue,” Cobbe told TechCrunch. “When companies that we talked to tried to deal with the problem, they weren’t happy with existing solutions. We interviewed 100 companies and found that they all have versions of the same internal tool that they were individually updating each time.”
The tools are also typically based on SAML, or Security Assertion Markup Language, and not up to the task of managing the diverse systems companies have. Instead, Opal’s approach is to turn a once rigid model into a needs-based one through API integrations.
Companies can log in and see a list of engineering infrastructure, SaaS apps and internal tools. When access requests are made, they are routed to an owner for approval. On the flip side, when an employee leaves the company, an owner can go in and remove access with the push of a button.
To continue developing its platform, Opal closed on a $1.8 million seed round led by Greylock. Angel investors participating in the deal include Expanse CEO Tim Junio, Abnormal Security CEO Evan Reiser and Signal Sciences CEO Andrew Peterson.
"Every enterprise knows that managing permissions at scale is challenging,” said Saam Motamedi, partner at Greylock, in a written statement. “More systems mean more attack vectors, places to audit, and overhead to ensure engineers have the access they need. Opal is tackling these problems with a strong team of security experts, and I look forward to partnering with them on their journey."
Opal was founded in 2020, but came out of stealth mode a few months ago. It already touts a list of customers including Blend and Coffee Meets Bagel. The company used the new investment to hire on both the engineering and business side, Cobbe said.
He did not disclose growth metrics, but did say the company is poised to raise another round of funding in the future.