Opal Security, which helps companies manage access and identities, raises $22M | TechCrunch

VC investment trends in the cybersecurity market suggest a sector in decline — at least within the context of recent months. According to Crunchbase, cybersecurity deal count fell during Q3 to 153 deals from 181 in Q2. In a more detailed report, Crunchbase suggests that, with Q3 cybersecurity venture funding down 30% compared to the year-ago period, investment in the category could fall to its lowest level since 2019.

Some cybersecurity startups are escaping the industry downturn somehow, however — like Opal Security. Today, Opal, a vendor taking an automated approach to identity access management, announced that it raised $22 million in a Series B round led by Battery Ventures with participation from Greylock and Box Group.

Bringing Opal’s war chest to $32 million, the new tranche will be put toward doubling Opal’s 30-person team by the end of 2024, scaling its enterprise customer support org and ramping up product development, founder and CEO Umaimah Khan told TechCrunch in an email interview. The product ramp-up, she added, will include a new suite of visualization and AI-powered tools designed to remediate identity and access risk.

Khan founded Opal in 2020. Prior to it, she studied cryptography at MIT and worked in defense research as well as at startups, including Amplitude and Collective Health.

During her stints in the private and public sectors, where Khan was responsible for building internal authentication and authorization services, particularly on the policy layer, Khan said that she began to notice common issues around visibility and a lack of understanding of user access behavior.

“I saw firsthand how lack of good infrastructure and mundane issues like overblown access result in totally avoidable cascading failures,” Khan told TechCrunch in an email interview. “The reality is that most best-in-class security engineering teams understand this and have built these systems internally to the best of their abilities — but it’s a huge lift to scale and maintain these systems even for a large enterprise, and unrealistic for smaller organizations.”

To address what she perceived as a need for a more scalable access and identity orchestration platform, Khan founded Opal, a suite that offers companies a consolidated view and control of employee access to internal tools, apps, platforms and environments. Using Opal, customers with upwards of thousands of employees can create policy workflows to automate access policies and set approval flows for the access requests that can’t be automated.

Opal doesn’t stand alone in the market for access management. Besides incumbents (e.g. Okta), vendors including Veza, SailPoint, Cyber-Ark and Saviynt are among the competition. Some have raised substantial venture capital. But Khan asserts that, unlike some of its rivals, Opal has laid the foundation for more analytics and AI features aimed at preventing identity-based threats, which she believes will ultimately attract more companies to Opal’s solution.

“Because we’re a data platform, we have both granular ground truth understanding of system policies, users and groups in addition to metadata on usage, approvals, denials, creation and alteration of policies over time — along with log data from certain end systems,” Khan said. “This gives us a unique and rich data set to provide baselines on various forms of risk-related to access, as well as to identify potentially anomalous actors and systems … We’ve put a lot of thought into how to build a generalizable [access management] layer that’s both read-and-write, and we prioritize enterprise readiness from an infrastructure and a feature standpoint.”

Customers agree, it seems. Opal’s annual recurring revenue has increased 4x since the company’s Series A in June 2022 across a customer base of around 40 brands, including Databricks, Scale AI and Figma. Khan wouldn’t say whether Opal was profitable, however.

“Our technology addresses the challenges of scaling access management with limited information in complex, enterprise environments — a major pain point for technical decision-makers across industries,” Khan said. “Large organizations have fragmented data and systems. Increasingly, these organizations need usable, scalable data and workflow processes for identity access management … Our platform very neatly fits that need, giving CISOs and CSOs the tools they need to view and control their systems.”

Asked if he was concerned about challenges in cybersecurity VC funding or the broader startup ecosystem, Khan pointed to the new U.S. Securities and Exchange Commission rule that requires companies to more rapidly disclose cybersecurity incidents as well as other, related policy announcements as tailwinds for Opal.

“Ongoing challenging market dynamics are forcing companies to become as efficient as possible; our platform enables increased efficiency for security, compliance and IT teams,” Khan said. “Also, as more companies have digitally transformed in the wake of the pandemic, we saw a parallel shift in the sophistication and scale of cyber breaches. Our platform is a defense layer against these breaches, and this bucket is quite sticky … This latest funding round will enable us to weather the ongoing market challenges while investing meaningfully in our team and product development.”