Aviva Zacks of Safety Detectives sat down with Dotan Bar Noy, Co-Founder and CEO of Authomize, and asked him about his company’s platform. She found out that it is their AI-based model of automated threat-detection that sets Authomize apart.
Safety Detectives: What motivated you to start Authomize?
Dotan Bar Noy: I like working on startups. I like this early stage of the ideation, of building the company, of growing fast, that everything is a win-lose scenario, and that everything is relatively very, very quick. I am almost addicted to that.
The other thing is that, when we did the ideation process, the potential of Authomize seemed so big, and that’s what drives us. There’s a huge opportunity to build a big company.
SD: Can you tell me about the Authomize platform?
DBN: Authomize is a software as a service (SaaS) solution that helps organizations manage their identity lifecycle and enforce security and compliance policy. Our solution increases operational productivity and reduces the attack surface and risk. I would probably divide the world into authentication and authorization. Authentication is to make sure that you are who you say you are—for example when you have a card that lets you into the office. Authorization is what you are allowed to do once you are inside the application or the office in this case.
The authentication side of things has been a huge wave hype in the last three to five years. However, the authorization side was left behind. Authomize, which stands for authorization and automation, has the vision of solving the authorization management in the manner that enables every customer, every company to very easily deploy a solution to manage the identity lifecycle. Identity lifecycle means employees who join the organizations or moved between departments or left the organizations. We also deal with the processes of permission requests, certification, and policy enforcement. We make sure. In the end, it is all about controlling the permission sprawl and making sure you achieve and keep just enough permission.
SD: What verticals use your services?
DBN: It’s usually mid-market—1,000-2,000 users and more—depending on the segment market. We focus on advanced tech companies with a large cloud footprint that uses solutions like Office 365, G Suite, Salesforce, AWS, Azure, GCP, GitHub, and that have a lot of different applications in the cloud they are using. This is where we shine. However, we do address the on-prem as well, but this is what drives the procurement in our case.
SD: What sets you apart from your competition?
DBN: The category that we are under is called IGA—identity and government administration. This category, IGA, has different layers. Most and all of them are based on a model that is called RBAC—role-based access control. In order to support and manage this RBAC within an organization, there’s a lot of manual work, manual configuration, ongoing process that never ends. We built an AI-based model that enables us to automate those processes to make the operation of the organization streamline better, faster, reduce the friction with users, we do not only automate identity processes but also deliver security and operational recommendations to reduce organizational risk and ensure a secured environment, the result is a reduction in MTTR—the meantime to resolution—in the help desk, which all help the organization manage permissions in a better way.
SD: What would you say are the worst cyberthreats?
DBN: Gartner and other analysts mention that the number one cause for security risks today is over privilege. This is a direct result of inadequate management of identity, access, and privileges. Imagine that the organization left critical resources open to the public, or a user left the organization and still have privileges to organizations crown jewels. In the end, it all comes down to the attack surface.
In order to reduce the attack surface to have a better security hygiene, you need to manage your permissions across the organization better. The model, most likely people are familiar with is the least privilege model. The idea that everyone will have only the permission they need. However, this means that you get strong security, but there is an operational burden because every time you need something you will need to open a ticket and ask for that permission. This back and forth, this friction, between security and operation creates a lot of frustration and harm productivity. Authomize is positioned to help enable them to work together.
SD: How do you think cybersecurity is going to change now that we’re living through this pandemic?
DBN: We are already seeing many more phishing attacks. We are seeing a movement in adopting SaaS and a move to decentralized management. The fact that everything is remote, that everything is done in a manner that was not done at this scale before, gives a lot of opportunities for any malicious actor to try to compromise your network.
In addition, an organization needs to adapt to this new domain much more quickly, and one of the ways to do that is to adopt the SaaS application. Organizations need to focus on their crown jewels and solution that enables greater efficiency and cooperation.