Permit.io, the full-stack authorization framework helping developers apply access control into their cloud-native applications, today (Feb. 15th) launches out of stealth with $6 million in seed funding. The funding round was led by venture capital firm NFX with a follow-up investment from Rainfall Ventures. Many well-known angel investors including, Amir Jerbi, CTO and Co-Founder of Aqua Security; Cheryl Hung, Engineering Manager at Apple, and former VP of Ecosystem at the Cloud Native Computing Foundation (CNCF); Danny Grander, Co-Founder of Snyk; Idan Tendler, CEO & Co-Founder of Bridgecrew; John Kodumal, CTO & Co-Founder of LaunchDarkly; Nitzan Shapira, CEO & Co-Founder of Epsagon also participated in the financing round.

All modern applications need an access control interface but broken access control is the most serious web application security risk. Such breaches or failures in access control can lead to unauthorized information disclosure, modification, destruction of data, or performing a business function outside the user's limits. Because of these risks, many developers spent lots of time and resources trying to build proper access control interfaces from scratch, without having any prior experience in DevSec. However, Permit.io is trying to help those companies in need, by providing the required infrastructure to build and implement end-to-end permissions, so that companies can integrate fine-grained controls throughout their organization. But what makes them stand out from the great authentication protection software already on the market is that they focus on the next step: determining what people are allowed to do once they are already inside an application. As their name suggests, Permit.io determines what permissions users may have.

To provide the necessary infrastructure developers need for access control, Permit.io implements elements required for enforcement, gating, auditing, approval-flows, impersonation, automating API keys and more empowered by low-code interfaces. Permit.io is built on top of the open-source project OPAL which acts as the administration layer for the popular Open Policy Agent (OPA). OPAL brings open policy up to the speed needed by live applications; as an application state changes via APIs, databases, git, Amazon S3 and other 3rd-party SaaS services, OPAL makes sure in real-time every microservice is in sync with the policies and data required by the application. OPAL and Permit.io work together to give developers the full-stack authorization framework they need in their cloud applications.

Permit.io (and OPAL) was founded by Or Weis, former CEO and Co-Founder of Rookout; and Asaf Cohen, former software engineer at Facebook and Microsoft. Since its founding last year, the company went straight to raising funds for the seed round they announced today. With the $6 million in financing, Permit.io plans to grow their team in Israel and abroad, and support more open-source projects both in development and sponsorships, to help evolve the IAM ecosystem.