Ambita Maryland-based security startup that focuses on helping security and DevOps teams manage how federated workloads communicate with each other, officially launches its service today and announces a $16.6 million seed funding round from Ballistic Ventures and Ten Elven Ventures.
At its core, Aembit’s workload identity and access management service applies industry knowledge from managing user and device access to cloud workloads such as APIs, databases, and other IT resources. the cloud, all without the need for developers to make changes to their code.
Image Credits: Ambit
Co-founders David Goldschlag and Kevin Sapp have spent the last 17 years working together. Among other startups, they co-founded the zero trust platform New Edge Labswhich was acquired by Netskope, and the Trust Digital mobile device management platform, which was acquired by McAfee.
“Along the way, people were always asking us: what about access at the application level from workload to workload? It has always been something that is there and that is important, but we had not addressed it, ”explained Goldschlag. When the founders left Netskope in the summer of 2021, they decided to finally address this challenge. “It was important, because you had all these things going on in the ecosystem, right? You had all these APIs that were becoming part of people’s applications,” he noted. “If you think about open source a couple of years ago, people built applications by including open source. Today, people build applications by including databases and APIs, and now you need to enable secure access between them.”
Aembit co-founders David Goldschlag (left) and Kevin Sapp (right). Image Credits: Ambit
He noted that Aembit’s mission is different from API gateways and security services. These services reside in front of the API and help developers build them and expose them securely to internal and external developers. But Aembit’s focus is on the client accessing the API and ensuring that this client is authorized to access it. He likened it to the way today’s identity management systems help companies authorize their users. When a user uses Okta to sign in to Microsoft 365, for example, that user interacts with Okta and then gets the credential to access the service.
To do all this, Aembit also has to become the system of record not only for all of these workload identities, but also for the workloads themselves (and these days, those workloads are often ephemeral, which makes this an even more difficult problem).
Image Credits: Ambit
“You want to start with the fundamental level, which is that you have identities and you have politics. You enable access and register it. But you probably want to discover more and more workloads from all these fragmented places, and then you want to discover access patterns,” Goldschlag explained. “Our system can already do that. We can implement the system in a non-compliance mode, a discovery mode, to tell us what breaches are occurring.”
Then, using this as a roadmap, it becomes much easier to see how these workloads interact and take action when something changes.
“Businesses have spent significant resources to ensure connections between people and the software they use. However, as enterprises move to the cloud, a new and rapidly growing attack surface has emerged,” said Jake Seid, co-founder and general partner of Ballistic Ventures. “The mesh of workload-to-workload connections created when software communicates with other software must be identified, protected, and managed. Ambit is defining this new category of Workload IAM to defend companies’ most critical digital assets. It has been an honor working with him. Ambit founders from day 1 and continue to support them on their journey.”
Aembit currently has 11 full-time employees, virtually all of whom are in engineering. With the new funding, the company plans to grow its marketing team and develop its product. Specifically, Aembit, which has done well selling to large companies, plans to launch a self-service product soon, allowing it to expand to more small and medium-sized businesses as well.
