Why secrets management continues to grow, Akeyless raises $65M

Every organization has secrets. Modern enterprises have a range of credentials, certificates and keys, which, if left in the wrong hands, could provide complete access to protected information. As a result, more and more vendors are looking to innovate solutions to manage these secrets, so they’re not exposed to third parties. 

Just today, software-as-a-service (SaaS)-based secrets management platform Akeyless announced it has raised $65 million as part of a series B funding round led by NGP Capital. The company’s platform enables organizations to use workloads to automatically create and rotate secrets.

The vendor’s solution uses zero-knowledge technology, so that organizations maintain exclusive ownership of their keys without the vendor having any access at all. 

Secrets management has the potential to reduce the enterprise attack surface by preventing credentials and other entities from being harvested by cybercriminals.  

Keeping secrets 

The announcement comes as more and more organizations are struggling to manage secrets. Research has found that 70% of companies say their growth of keys and certificates have increased the burden on operational processes. 

This is particularly true of machine identities that can be created and disbanded in a matter of minutes. 

“The move to the cloud and the evolution of development processes (including the rise in automation and containerization) have created a tremendous rise in machine identities. Many of these identities can be born and die within hours and minutes,” said Shai Onn, cofounder and president of Akeyless. 

Nonetheless, each of these identities needs to be managed with secrets.

“In many cases, developers simply write these secrets into their code, exposing them in unencrypted, unmonitored source code repositories, which are frequently public and vulnerable to hacks. This phenomenon is known as secret sprawl,” Onn said. 

The company’s answer to this predicament is to provide security teams with a solution to centralize and secure access to secrets. 

By leveraging automation to automatically rotate existing credentials, users can reduce their exposure to threat actors, while security teams can use a unified monitoring dashboard to identify and monitor any unusual secret use. 

The vendors shaping secrets management 

Akeyless is one of a growing number of providers looking at secrets management as the key to secure modern enterprise environments. One of its main competitors is HashiCorp, which offers a solution for managing access to tokens, passwords, certificates, API keys and other secrets. 

HashiCorp most recently raised $175 million in series E funding in March 2020, bringing its valuation to $5.1 billion. 

Another competitor is Doppler, which recently raised $20 million in series A funding and provides a SecretOps solution designed to help manage and rotate secrets, while offering an audit trail and encryption to reduce the chance of misuse. 

However, according to Onn, the key differentiator between Akeyless and other competitors is its “zero knowledge,” approach. 

“Akeyless is the only secrets management solution that combines the SaaS model with zero Knowledge, which means that our customers maintain exclusive ownership of their keys, Onn said. “Even Akeyless does not have access to our customer’s keys.”

Originally appeared on: TheSpuzz