Ory lands $22.5M for zero trust security powered by open source

Ory, which today announced a $22.5 million series A funding round, said it plans to bring its cloud identity security platform assembled largely from open source components into general availability in the third quarter of 2022. The platform ultimately focuses on “solving zero-trust security, which is a complex set of security challenges for customers,” Ory founder and CEO Thomas Aidan Curran told VentureBeat.

The commercial Ory Cloud platform, which is currently in closed beta, leverages a handful of open source projects started by the company’s founders—bringing an “open source advantage” that includes greater transparency and peer reviews from developers, Curran said in an email.

“If it’s not open, it’s not secure,” he said. “Ory believes that open source software is not a fad. It’s an artisan creation model that will shape an entire generation of applications in the cloud.”

Ory runs open source projects including Kratos (for identity and user management); Hydra (for securing application access and APIs); Keto (for authentication and access control); and Oathkeeper (for zero-trust networking). The projects have been used by 10,000 customers in total—including Salesforce, SAP, and Adobe—and have received 30,000 GitHub stars and 40 million Docker pulls, according to Ory.

Zero trust

The commercial Ory Cloud platform combines many of the elements found in the open source projects—bringing together identity management, authorization, and access control, as well as protections for APIs and applications.

The platform makes it easier and faster for developers to set up identity infrastructure, ultimately simplifying the process of ensuring zero trust security for cloud-native applications, according to the company.

Ever-rising cyberattacks, especially ransomware, have prompted a growing number of companies to consider deploying a zero trust architecture. The concept typically involves taking a new approach with identity authentication, where users are never inherently trusted, even after they’ve made it onto the network. According to a recent report from Symmetry Systems and Osterman Research, deploying a zero-trust architecture can enhance security efficacy at stopping data breaches by 144%.

With the Ory Cloud platform, users benefit from getting a common infrastructure for access control, authorization, and identity, which is needed for effectively managing identities and associated data in cloud applications and enabling zero trust, according to the company.

An open approach

Ory “mainly” uses open source components within Ory Cloud, though some of Ory’s deployment infrastructure is “visible or transparent instead of pure open source,” Curran noted. Features supported in Ory Cloud include multifactor authentication (MFA), permissions and roles, custom branding and flows, and support for the OAuth 2.0 authorization protocol and its associated identity layer, OpenID Connect 1.0.

Along with the security, transparency, and peer review advantages of Ory Cloud, the platform will also be “a fraction of the price of other available service provided at the same scale,” Curran said.

The Doylestown, Pa.-based company was founded in 2019 in order to build the Ory cloud business, four years after Curran and cofounder Aeneas Rekkas launched the initial open source project. Curran previously held positions including chief technology officer of SAP’s Hybris division, while Rekkas previously worked in cloud product development at Deutsche Börse Group.

The open source projects run by Ory have 100 contributors, and Ory itself employs 12, Curran said.

Growth funding

The series A funding round was led by Insight Partners, Balderton Capital, and In-Q-Tel. Ory has now raised a total of $25 million in funding.

Ory plans to use the funding to build out its global network infrastructure, ahead of the general availability launch of Ory Cloud in Q3 of 2022, Curran said. The company also intends to set up data privacy and GDPR-compliant processes, launch a Security Operations Center and add to its staff, he said.

Additionally, Ory aims to use part of the funding to help foster a “larger base of support for open source learning materials, documentation, online seminars, and solution engineering,” Curran said.

Source link