Cerby launched it’s security platform for unmanageable applications
June 2022 by Marc Jacob
Cerby launched it’s security platform for unmanageable applications and an approach that enhances security practices by empowering both employees and security teams. The Cerby Zero Trust architecture takes on the challenges of unmanageable applications in the shadow IT universe—technologies that are selected and onboarded by business units outside the purview and visibility of the IT department, or don’t support industry standards like SAML for authentication and SCIM for user provisioning. The Cerby offering is very different from other options on the market because it moves security automation capabilities into the hands of business users—in effect, it balances empowerment and autonomy with security and productivity.
The company, which has been operating in stealth mode since 2020, already has early customers—including Fox, L’Oréal, MiSalud, Dentsu, Televisa, and Wizeline—where the technology is used to address common application liabilities efficiently while facilitating collaboration. It also announced today $12 million in seed funding from Ridge Ventures, Bowery Capital, Okta Ventures, Salesforce Ventures and others, bringing total funding to $15.5 million.
Cerby’s enrollment-based platform combines proprietary technology, robotic process automation (RPA) and seamless integrations with identity providers like Okta and Azure AD. This powerful functionality enables the platform to understand commonly used SaaS applications in a business context, and automate security policies before they lead to breaches.
The scale of the problem is undeniable, in part because while employees choose the applications, they don’t pay for them. Analyst firms, such as Everest Group report that shadow IT spending represents 50% or more of the overall IT outlay in large enterprises. Meanwhile, teams preferring application autonomy are twice as likely to prioritize productivity over security.
Cerby’s own research confirms this trend. The company just commissioned its own study of this critical subject, and the preliminary findings show how much attitudes have hardened with regard to employee choices. The comprehensive study of over 500 business professionals in North America and the UK employed by companies with more than $100M in annual revenue, conducted in partnership with Osterman Research, reveals that a staggering 91% of respondents believe they should have full control over the applications they purchase. On a related note, 52% want the company or IT department to “just get out of the way,” and when employers disallow applications desired by end users, respondents say it will “negatively affect” the way work gets done.
To be clear, these perspectives are not emerging from a vacuum. More than three quarters of the companies surveyed, 78%, have policies in place regarding which applications employees can and cannot use, and just over half the respondents report knowledge or experience of particular applications being disallowed. These actions don’t necessarily go down well with employees: 68% ask for an alternative solution, preferably one that is stress-free and automated; 35% seek an alternative of their own, while stating that it negatively affects the way work is done; and 42% “demand a good reason” for the ban.
The issue of unmanageable applications within the organization is particularly sensitive because it puts two forces—employee autonomy and corporate security—in direct conflict. The C-suite—enterprise CIOs, CMOs, CISOs—wants security to be frictionless; when security teams take a heavy-handed approach, they often end up blocking key applications and negatively affecting productivity. This encompasses three core problems, which are sometimes contradictory. They feature: Brand risk (including errors, cyberattacks, and fraud); non-compliance (corporate policy, contracts, and industry/government regulations); and inefficient processes (insufficient resources; inconsistent, error-prone access reviews; extraneous steps and wasted time).
Cerby steps into this chasm with numerous capabilities to plug security, compliance and productivity gaps. For example, end users can log in securely to any application, even those that don’t support SSO natively, store log-in data, and share this information securely with collaborators. At the same time, IT and security teams can set policy at the application, team, and company level. Throughout this process, Cerby is actively monitoring connected applications to ensure they are securely configured to meet corporate security standards for two factor authentication, password complexity and many other commonly missed security settings.
The technology is designed to help teams in diverse disciplines use the applications they choose while ensuring security. For example, marketing teams can now securely use any social platforms they prefer—Cerby provides a single place to add and remove access for employees and third-party agencies instead of signing into multiple social accounts and sharing passwords. In other fields, such as finance, Cerby provides an easy way for CFOs and their teams to securely manage access to bank accounts and credit lines without having to share passwords. Technology
To protect the brand, stay secure and increase productivity, Cerby features numerous innovations, including:
● Detecting unmanageable applications: Because the platform enhances the user experience, enterprises can crowdsource the discovery of new and potentially unmanaged applications, taking away the burden from IT and security departments
● Protecting against breaches: Cerby assesses the risk of connected applications against established security policies and monitors applications for common misconfigurations that often lead to breaches
● Empowering end users: Because end users always outnumber IT and security professionals, the platform takes an enrollment-based approach to security, enabling users and business units to choose the best applications for getting their work done
● Reporting activity: When applications are managed individually and don’t support industry standards like SAML (Security Assertion Markup Language) and SCIM (System for Cross-domain Identity Management), activity reporting can be painful. The Cerby platform centralizes access logging and makes it available to SIEM platforms for further analysis
● Streamlining processes: Many teams manually manage access to applications; by contrast, Cerby leverages robotic process automation (RPA) to streamline the entire login process. Cerby offers a centralized portal to log in to supported applications, extending enterprise single sign-on to applications that don’t natively support SAML and SCIM. This makes organizations more efficient and security teams happy.
The platform also features:
● Unified access: Business professionals currently manage access to critical business applications like bank accounts, credit card accounts, internally built applications, paid social media applications, and many others across dozens of user interfaces; with Cerby, all access management is centralized in one UI, making it easier to onboard and offboard team members and third parties
● Single sign-on for any application: Many martech and fintech applications don’t support single sign-on, forcing users to manage their own passwords and two-factor authentication; with Cerby, any employee logged in with Okta or Azure AD has easy access to non-SSO supporting applications like Facebook, Twitter, YouTube and many others.
Cerby’s management team features an optimal mix of technology visionaries and veterans, including:
● Belsasar Lepe, Co-Founder and CEO
● Vidal González, Co-Founder and CTO
● Jyri Virkki, Co-Founder and Chief Architect
● Matt Chiodi, Chief Trust Officer
● Gabrielle Arroyo Lopez, Head of Customer Success
● Kurt Greening, Head of Sales