Introducing build.security: Ready to Revolutionize Authorization Policy Management

Today I’m excited to announce the launch of build.security and their $6M seed round, led by YL Ventures with participation from CrowdStrike Cofounder and CEO, George Kurtz, and a host of value-add Angel investors. Led by Amit Kanfer (CEO) and Dekel Braunstein (CTO), build.security’s authorization policy management platform leverages Open Policy Agent (OPA) to deliver an enterprise-grade solution to help developers and enterprises protect their applications with granular policies from a single control plane.

Partnering with Amit and Dekel

Given the early stage at which YL Ventures invests, the most important factor in any investment decision for us is always the team. Markets shift and technologies evolve, and so our view is that by investing in only the very best Israeli cybersecurity teams, we will partner with Founders that have the domain expertise, drive, perseverance, adaptability and integrity to build world class companies, regardless of what challenges await. From my very first conversation with Amit and Dekel, they have displayed these characteristics at every turn, conveying a deep understanding of a very technical problem, as well as a clear vision of what it would take to build not just an impactful technology, but a game-changing business.

Our diligence process, which involves deep and honest collaboration with our core team and our roster of Venture Advisors, immediately highlighted two things for me: (1) Amit and Dekel bring a maturity and gravitas that I rarely see in first time founders, and (2) the concept of a centralized platform for developer security is of massive interest to the market. The team’s ability to synthesize feedback as they iterated on their vision was impressive, and the process of exploring and learning alongside Amit and Dekel has been a pleasure from the start. These guys always execute at the highest velocity, and they don’t cut corners.

Having already spent quite a bit of time analyzing the DevSecOps space (the theme of our Q1 2020 CISO Circuit), we knew that there were gaps to be filled when it came to empowering developers to code more securely, and so when it became clear that Amit and Dekel were the type of Founders that we NEED to be backing at YLV, we wasted no time in making our case as the best partners for them in this exciting stage of their journey. I’m glad to say that they felt the same way.

Doubling Down on Authorization

build.security’s initial vision, as validated by over a dozen YLV Advisors and by many other customers with whom Amit and Dekel shared their thinking, was that of a one-stop-shop for developer security, covering a vast range of use cases. The team saw an opportunity to provide developers with the ability to code more effectively, while adhering to security policies in an array of areas that included encryption, DLP, compliance, and (of course) authorization. As we spoke with more and more security and engineering customers, it became apparent that while this vision was a worthwhile one, there was a particularly urgent unaddressed gap within one of those building blocks: authorization.

I can still remember, not so long after our investment, Amit asking to have what sounded like a serious chat. He laid out an analysis of customer by customer feedback and a comprehensive picture of the pain that engineering and security leaders were acutely feeling. Time and time again, the team saw broader conversations converging on authorization. What the market told us was undeniable: there remains a complete absence of scalable solutions to address the time-consuming, complex and error-prone nature of authorization. Unlike, for example, authentication, developers have little (if any) standardized guidance and tooling to account for the enormous and growing set of attributes that authorization policies must account for. Rather than balk at his conclusions, I was excited. The problem, while a shift from the initial focus, is a massive one, and – if solved elegantly and at scale, has the potential to change the way developers think about authorization. I had the feeling that Amit didn’t know if he was giving me good news or bad news; it was, in fact, an exchange that gave me even more conviction in him as the company’s leader and the steady hand that continues to guide this nascent venture.

Generally at this early of a stage, it’s hard for a team to react so quickly and decisively when faced with a significant change to their hypothesis. Less experienced founders will often want to “give it more time” or “have a few more calls with different customers” when faced with a decision that will alter the trajectory of the company and inevitably render some previous work less relevant. Not here. Amit and Dekel listened to the market closely, processed that feedback objectively and critically, and as a result, the story of build.security rapidly shifted to one of policy-driven authorization. We haven’t looked back.

Leading the Authorization Charge

And so through a continuation of high-volume discussions with the market, supported by a regular cadence of strategic conversations with our very own CISO-in-Residence, Sounil Yu, and a cadre of backers that includes: George Kurtz, Michael Sutton (former CISO, ZScaler), Eran Barak (former CEO and Co-Founder, Hexadite), and my fellow Board Members Dan Amiga, (former CTO and Co-Founder, Fireglass), Eyal Gruner (CEO and Co-Founder, Cynet), and Amol Kulkarni (CPO, CrowdStrike): build.security is executing on its mission at full speed.

The company promises customers a consolidated view of their build process that decouples code through a streamlined control plane. At its core, build.security is about enabling developers to code more effectively by eliminating unnecessary complexity and providing them with capabilities to carry out authorization-related tasks in minutes, orders of magnitude faster than they could otherwise. Leveraging OPA, the company is delivering enterprise-grade tooling for implementing fine-grained access controls, bringing tremendous value to engineering and security teams.

“Shifting left” has been a theme within the security community for some time now, and we’re excited to be a part of this trend, bringing a unique focus on authorization. With a goal to be THE authorization standard for developers and enterprises alike, build.security is now serving a number of early customers (check out the demo!) with early popular authorization use cases that include end user to application, service to service & data access. The company is already bringing tremendous value to users – and we are merely scratching the surface.

Onward

My faith in Amit and Dekel as founders is strengthened every day, as their maturity is evident in both their strategic approach to company building and their day to day management of the company. This great team continues to give us confidence that they are THE people to solve this problem, and having worked closely with them for some time now, it is clear that they are on to something special. I’m honored to be along for the ride.