Back in 2018, Refael Angel, a former security software engineer at Intuit, had an idea for a new approach to protect encryption keys — the random string of bits created to scramble and unscramble data — on the cloud. He met with Shai Onn and then Oded Hareven, with whom Angel had worked five years earlier, to look for signs of product-market fit. After finding it, the three co-founders together built a service for managing passwords, API keys and digital certificates, which evolved into a fully fledged business — Akeyless — over the course of the next several years.
Today, Akeyless is thriving, Angel tells me — despite fierce competition from incumbents like Hashicorp Vault, AWS Secrets Manager and Google Cloud’s Secret Manager. Akeyless has customers across the retail, fintech, insurance and gaming sectors, among others, including Wix and Outbrain. And the company’s revenue has increased 350% over the past year.
“The pandemic and resulting workforce trends, such as work-from-home initiatives, have only increased the need for employees to access corporate IT resources remotely and have accelerated the adoption of cloud technologies and increased the number of secrets needed,” Shai told TechCrunch in an email interview. In software development, “secrets” refer to credentials like passwords and access tokens. “Similarly, the economic downturn and tech slowdown stand to only further encourage organizations to seek software-as-a-service-based solutions that offer faster deployment, low to zero maintenance, global auto-scalability, lower total cost of ownership and higher adoption rates.”
To lay the groundwork for future growth, Akeyless today closed a $65 million Series B round — $45.5 million in equity and $19.5 million in debt — led by NGP Capital with participation from Team8 Capital and Jerusalem Venture Partners. Bringing Akeyless’s total funding to date to $80 million, the new capital gives the company at least two and a half years of runway and will be put toward various sales, marketing, customer service and product development initiatives, Hareven said via email.
“This will allow us to navigate the current economic climate and continue to provide our much-needed solution to the market,” he added.
Akeyless’s co-founders attribute the startup’s success in part to the comprehensiveness of its product offerings. Akeyless both encrypts and signs the certificates, credentials and keys that organizations use to provide access to their systems, apps and data. The platform performs cryptographic operations using fragments of an encryption key that reside across different regions and cloud providers. The fragments are never combined — not even during the encryption and decryption process, Hareven claims — and one of the fragments is created on the customer side to ensure Akeyless has zero knowledge of the keys.
The core problem Akeyless attempts to tackle is what Hareven refers to as “secret sprawl.” As a company’s IT environment expands, so does the amount of passwords, API keys and certificates that the company uses to enable authentication between processes, services and databases, he notes. Those passwords and keys are found in code, configuration files and automation tools, introducing risk that could result in data breaches.
According to a 2021 survey from code security platform GitGuardian, three code commits out of 1,000 expose at least one secret. GitGuardian estimates that app security engineers on average have to handle over 3,400 secrets occurrences. And in a separate report from Forrester published in the same year, developers revealed that 57% of their employers experienced a security incident related to exposed secrets within the past two years.
Akeyless’s solution is centralizing secrets through plug-ins for existing IT, dev, and security tools and capabilities like disaster recovery, Hareven continued. Secrets stored by the platform are made accessible in all of a company’s environments.
“While modern secret management solutions address the security challenges of [development] environments, many organizations are still forced to rely on siloed and disconnected tools for securing secrets in legacy environments,” Hareven said. “Our customers are expressing a need for the convergence of legacy tools to reduce risks and improve compliance across all environments and use cases.”
Akeyless certainly occupies a large and profitable sector — Grand View Research predicts that the market for password management software will be worth up to $2.05 billion by 2025. But it’ll have to fend off rivals like Doppler, which recently raised $20 million for its platform to help companies manage their app secrets. Another challenge will be convincing holdouts to embrace secrets management as a discipline; according to one report, only 10% of organizations were using secrets management solutions as of 2019.
If Akeyless’s co-founders have concerns, they didn’t show it. To the contrary, Hareven pointed to the team’s track record in cybersecurity — Onn’s previous security venture, Fireglass, was acquired by Symantec for $250 million — and noted that Akeyless is expanding, with plans to double its 80-person workforce by the end of next year.
Hareven didn’t mention during our conversation, but Akeyless is also likely to benefit from the continued broader VC interest in cybersecurity. Venture capital investments in security startups eclipsed $13 billion this year, according to PitchBook data, up from $11.47 billion in 2020.
“The fact that we are a software-as-a-service provider and free of the ‘on-premise technical debt’ of versioning and support makes our economics much more efficient, allowing us to respond faster to market needs and rapidly innovate,” Harvey said.