Security automation startup Cerby is exiting stealth mode with the public launch of a security platform designed to help companies deal with shadow IT—information technology products that are used by staff without prior approval or knowledge of IT decision makers.
Such products are either selected and onboarded by business units other than the IT department, and may not support industry standards like SAML (security assertion markup language) and SCIM (system for cross-domain identity management) for logging and exchanging identity data.
Cerby has its own term for applications that fall within the realm of shadow IT.
“After two years of operating in stealth, we are launching a first-of-its-kind platform dedicated to the detection and protection of what we call unmanageable applications,” says Belsasar Lepe, co-founder and CEO of Cerby. “One out of every two applications enterprises use today is an unmanageable application which contributes to a little under two-thirds of cybersecurity attacks.”
A driving force behind shadow IT is the desire by end users to have complete control over the selection and usage of applications.
Citing an in-house study done in partnership with Osterman that sampled more than 500 business professionals in North America and the UK from companies with more than $100 million in annual revenue, the company reported that 91% of the participants wanted full control over applications.
Cerby aims at minimizing friction between users and IT teams by taking an enrollment-based approach to the detection and protection of applications that combines employee autonomy and corporate security.
Cerby centralizes access, streamlines compliance
The platform allows users to enroll, or register, applications that up to date have not been managed by their IT or security team, according to Cerby. In the background, the system then monitors connected applications for secure configuration and corporate compliances policies such as two-factor authentication, password complexity, and other common security settings.
The platform enables centralized access to applications, allowing users to log in securely to any application, even those that don’t support SSO (single sign-on) natively, store log-in data, and share this information securely with collaborators.
Consequently, the platform addresses the problem of employers disallowing or limiting end-user access to applications, which can cause a “negative effect” on the way work gets done, according to the Osterman Research poll. Fifty-two percent of respondents wanted IT teams to just “get out of the way.”
Lepe noted that the platform performs two main functions: detect and protect. While detection refers to the process of seeding agents in browsers and devices to identify applications as they are enrolled, protection involves profiling the new applications for possible misconfigurations from a security viewpoint.
For instance, Lepe explained, if the platform discovers social media accounts with two-factor authentication turned off, it notifies and autoenables authentication to always-on.
Cerby uses RPA to streamline login process
Apart from detection and protection of “unmanageable” applications and implemention of an enrollment-based approach, the platform uses RPA (robotic process automation) to streamline the login process through activation of single sign-on across applications not supporting SAML and SCIM. Additionally, it centralizes access logging and sends related data to SIEM systems for further analysis.
As part of the announcement, the company revealed that it has raised $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures, and others, bringing total funding till date to $15.5 million.
“As we have a lot of big brands that we’re working with, now the focus is on two things—after proving our sales process, we want to bring on a sales and marketing team. So, we’re investing a part of our capital into just gearing up our commercial efforts. The other area where we’re going to be investing is around increasing the number of integrations,” says Lepe.
The company exited stealth mode with the announcement that is has already chalked up a decent portfolio of customers, onboarding brands such as L’Oreal, MiSalud, Dentsu, Televisa, and Wizeline.
For L’Oreal, Cerby provides a secure and centralized place to manage paid social accounts and allows integration with L’Oreal’s single sign-on technology for connecting to the social media APIs, according to Cerby.
Cerby has also enlisted integrations with identity technology providers such as Okta and Azure ID.