Q&A with OIeria CEO Jim Alkove:
Identity is the keystone to the future of cybersecurity and a critical area for companies to focus on because it’s where attackers are moving. Today 80% of all breaches involve compromised identities. Abusing valid accounts is also cybercriminals’ most common entry point.
Essentially, attackers are no longer just hacking in – they’re logging in. And they are doing so because identity security is one of the most challenging and under-funded areas of cybersecurity, leveraging legacy systems that can’t keep up with today’s modern cloud- and SaaS- centric organizations.
Even with a large budget and security team, it was difficult for me as a CISO to answer the questions of who has access to what, how that access was obtained, and how it’s being utilized. This gap is one of the biggest weaknesses facing organizations today, so it’s no wonder that bad actors have chosen to focus here. Security teams are challenged by the lack of access visibility and control due to the limitations of legacy Identity and Access Management (IAM) systems which rely on manual, costly and time-intensive workflows.
Oleria solves for this problem by providing enterprises with adaptive and autonomous identity security. Our product, Oleria Adaptive Security, provides first-of-its-kind fine-grained access visibility and access usage at an individual resource level – allowing CISOs and their teams to finally answer the critical questions: Who has access to what? How did they get it? What are they doing with it?
Oleria fills a critical gap for security teams by bringing together organization-wide access into a comprehensive access graph powered by the Oleria TrustFusion Platform. Our adaptive solution enables organizations to ensure that users have the right access at the right time only as long as they need it, so organizations can reduce risk, ensure compliance and reduce the cost of managing access.
Cybercrime statistics on the problem you solve:
In the past year, we have seen a 71% increase in identity-related attacks. Incidents with Midnight Blizzard, Snowflake, SEC and Mandiant, all stemmed from issues with MFA coverage gaps. With the rise of AI and decentralized SaaS applications, the volume of cyber-attacks continues to increase, costing U.S. companies an average of $9.48 million per breach.
Despite this, the majority of organizations (66%) are not investing enough in IAM according to Gartner. This is particularly alarming when you consider that 80% of all breaches today use compromised identities.
The reality is today most CISOs and security teams are not equipped to deal with identity access related security threats – with many leveraging legacy security solutions that require manual, costly and time-intensive work flows. At the same time Microsoft reports that 95% of access goes unused. While this over-provisioned access provides no real value to the organization or the user, it provides an unnecessarily large attack surface for a bad actor that accesses any such account.
Oleria Adaptive Security product solves this problem for security teams by giving full clarity and control of access in a single view with unparalleled insights.
Dashboard:
CEO and Customer quote:
“Oleria was created by security operators for operators to propel identity security forward, eliminating the restrictive limitations of legacy IAM technology and their related manual intensive processes,” said Jim Alkove, co-founder and CEO of Oleria. “We’ve built the first adaptive identity security product to provide visibility to both centrally provisioned and de-centrally provisioned access, as well as fine-grained individual permissions and usage insights.”
“We began seeing value quickly after implementing Oleria Adaptive Security. I was impressed by the comprehensive visibility we had into our access, including over-provisioned accounts, unintended access, and our coverage of multi-factor authentication. Oleria’s simple user-friendly experience gave us both clarity and direction on where to focus our efforts and the tools to easily detect access issues.” – Mark Carter, CIO and CISO of Vimeo
Elevator pitch:
Today’s identity technologies are holding businesses back. We started Oleria because we believe enterprises shouldn’t have to choose between business agility and security.
Today’s approaches fail to reduce the significant security risks caused by over-provisioned and misconfigured access, while costing us all the fortune to manage access using multiple tools and enormous human effort.
At Oleria, we’re building a solution in the cloud to get all your access in one place adaptively and autonomously. Oleria Adaptive Security provides first-of-its-kind access visibility across centrally and de-centrally managed applications and into access usage across all resources – allowing CISOs and their teams to finally answer the critical questions: Who has access to what? Where did they get it? How are they using it?
What does Gartner say about you? Why?
Gartner analysts have been actively engaged with Oleria, but nothing has yet been published about Oleria. We anticipate some exciting news on this front later this year.
Who are your competitors?
Oleria’s biggest competitor today is the status quo. While the issues we are solving have been painful and persistent for years, no one has yet been able to deliver a solution. So, CISOs and their teams spend countless hours and resources trying to combat the ever-growing threat of access-related cyber breaches leveraging a combination of legacy identity and access management systems coupled with significant manual administration and intervention and are not equipped for today’s threat environment.
Why is your solution better?
Oleria empowers CISOs and security teams by providing one place in the cloud to manage all of your access adaptively and autonomously. By adaptive, we mean that every account should have just the access that it needs at the right time for the right duration. By autonomous, we mean intelligent software managing access rather than humans clicking through automated workflows.
To achieve this, we deliver three things: visibility, insights and action.
Visibility: Oleria brings all of your access and usage information into a universal access graph so that you can understand who has access to what, how they got it, and what they’re doing with it.
Insights: Once you have all of your access in one place, Oleria empowers your identity, incident response and compliance engineers with unparalleled insights, helping them explore your access graph, investigate access related incidents and identify unused or unintended access. Oleria makes intelligent recommendations to remediate access including removal of unused access without negatively impacting your business operations.
Action: Finally, CISOs and security teams are looking for a partner to help them fix problems accurately and quickly. Through action, Oleria provides a single control point for autonomously remediating access risks and managing access independent of applications.
How does your solution fit into a company’s Cyber stack? What does it pair well with?
Oleria’s adaptive and autonomous identity security solution seamlessly integrates into a company’s cybersecurity stack providing one place to manage access across all cloud applications, identity and HR systems. Oleria brings all of your access and usage information into a universal access graph allowing CISOs and security teams to understand who has access to what, how they got it, and what they’re doing with it.
Most organizations today have blind spots when it comes to de-centrally managed access and access usage. With Oleria, companies have complete visibility into all access types: centrally managed access (managed through identity providers like Okta or AD), de-centrally managed access, which is managed directly in applications or infrastructure, and fine-grained access control at the resource level.
By delivering a composite view of identity and access, Oleria empowers CISOs and security teams to identify and remediate over-provisioned or misconfigured access, significantly reducing security risks.
How are you funded?
Oleria has raised over $40 million from key investors including Evolution Equity Partners, Salesforce Ventures, Tapestry VC and Zscaler, and several notable individual investors including Assaf Rappaport, CEO, Wiz and Microsoft COO Kevin Turner.
How do you keep your Key Developers around?
Oleria retains its key developers by fostering a culture of trust and innovation. Our dev team is inspired by our mission and aligned to our values – which we created before a single line of code was ever written. We believe in creating a world where every organization is trusted to protect the data of all people. Oleria offers competitive compensation packages, professional development opportunities, and a collaborative environment that values input and creativity.
Oleria was also recently named a Built In Best Place to Work and Best Startup to Work For in Seattle. We believe in diversity and empowering our team. We are fostering a culture that empowers Olerians to do the best work of their careers. We emphasize work-life balance and provide incentives for long-term commitment, ensuring our developers feel valued and motivated.
Tell me about a customer who implemented your solution and what metrics show they are happy with the solution.
Oleria is quickly building momentum with partners and onboarding enterprise and Fortune 500 customers onto our Trustfusion Platform. Vimeo is one of our early customers. Below is a quote from Vimeo CISO Mark Carter on the impact Oleria has made for his team:
“We began seeing value quickly after implementing Oleria Adaptive Security. I was impressed by the comprehensive visibility we had into our access, including over-provisioned accounts, unintended access, and our coverage of multi-factor authentication. Oleria’s simple user-friendly experience gave us both clarity and direction on where to focus our efforts and the tools to easily detect access issues.” – Mark Carter, CIO and CISO of Vimeo
What is your 3-year product roadmap?
Oleria is building a solution in the cloud to control all of your access in one place, adaptively and autonomously. By adaptive, we mean that every account should have just the access that it needs at the right time for the right duration. By autonomous, we mean intelligent software managing access rather than humans clicking through automated workflows.
Oleria’s TrustFusion platform and product roadmap spans identity and access governance, as well as identity security posture management and identity threat detection and response.
About the Author
Dan K. Anderson Bio, Winner Top Global CISO of the year 2023. Dan currently serves as a vCISO and On-Call Roving reporter for CyberDefense Magazine. BSEE, MS Computer Science, MBA Entrepreneurial focus, CISA, CRISC, CBCLA, C|EH, PCIP, and ITIL v3.
Dan’s work includes consulting premier teaching hospitals such as Stanford Medical Center, Harvard’s Boston Children’s Hospital, University of Utah Hospital, and large Integrated Delivery Networks such as Sutter Health, Catholic Healthcare West, Kaiser Permanente, Veteran’s Health Administration, Intermountain Healthcare and Banner Health.
Dan has served in positions as President, CEO, CIO, CISO, CTO, and Director, is currently CEO and Co-Founder of Mark V Security, and Cyber Advisor Board member for Graphite Health.
Dan is a USA Hockey level 5 Master Coach. Current volunteering by building the future of Cyber Security professionals through University Board work, the local hacking scene, and mentoring students, co-workers, and CISO’s.
Dan lives in Littleton, Colorado and Salt Lake City, Utah