PlainID offers an online authorization-as-a-service platform. It allows companies and organizations to monitor user identity and control web access in real-time. The company was founded in 2014 and is based in Tel Aviv, Israel.
Expert Collections containing PlainID
Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.
PlainID is included in 1 Expert Collection, including Cybersecurity.
These companies protect organizations from digital threats.
Latest PlainID News
Sep 28, 2023
By Gal Helemski , Co-Founder and CTO/CPO at PlainID Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Gal Helemski of PlainID examines how Dynamic Authorization fulfills the promise initially made by zero-trust architecture. Cybersecurity is a tough business for many reasons, foremost among them the fact that nine times out of ten, your most paranoid fears turn out not to be paranoid enough. Whatever worst-case scenario you might be worrying over, you can be sure a hacker is hard at work bringing something even worse to life. It’s for this very reason that, for the last decade-plus, the reigning defensive philosophy of the cybersecurity world has been zero-trust architecture. Its guiding principle is that no one can be automatically trusted. Everyone is a potential bad actor until proven otherwise. The mass adoption of these principles over the last decade has been a highly positive development. The proliferation of network access control and advanced authentication tools has been hugely beneficial. But there are indications that most companies haven’t taken things far enough in securing their assets— especially when it comes to entry points that aren’t network-centric. In fact, 40 percent of respondents to a recent survey said they’re still using homegrown, customized solutions to authorize user identities, leaving perilous gaps in their security infrastructure. The only response to our current threat environment — in which ransomware attacks are continually on the rise — is an unflagging investment in true zero-trust network architecture. Only dynamic, granular, ultra-responsive authorization can truly keep businesses and consumers safe. Dynamic Authorization Fulfills the Promise of Zero-Trust Architecture What Current Zero-Trust Gets Wrong Again, we should applaud businesses for their investments in zero-trust architecture. In general, authentication processes circa 2010 were unbelievably crude compared to the more sophisticated methods businesses are deploying today. But that doesn’t mean we can just rest on our laurels, especially when bad actors are waiting to take advantage of the slightest slip-up. The fact is that zero-trust architecture, as currently practiced, has serious problems that put us all at risk. Per the National Institute of Standards and Technology (NIST) report on zero trust architecture, zero trust is not just about things like network access, assessing risk, detecting intrusions, etc. Current zero-access tools do a relatively good job of taking care of things like that, but they’re only part of the story. To meet the true definition of zero trust, per the NIST report, a given company’s architecture also requires dynamic decisions and authorization, the ability to grant access on a per-session basis, and the ability to strictly enforce these decisions before access is granted. And when it comes to those components of the zero-trust architecture, most businesses still have a long way to go. In a nutshell, the reason the above-listed specifications matter is that—in the decade since zero trust thinking rose to prominence, and especially in the years since the pandemic—the digital enterprise has grown ever more complex. Peer into the inner workings of any organization, and you’ll find hundreds of interconnected applications, countless systems, on-premises and remote multi-cloud storage, and thousands of continually shifting roles belonging not just to employees but also to partners, contractors, customers, and more. In an environment like this, every attempted interaction with your business, no matter how small, needs to be treated as its own potential threat event and evaluated accordingly in real-time. Static authorization approaches like role-based access control (RBAC) can only take you so far here— they’re a blunt hammer when what’s needed is something much more sophisticated. Why Dynamic Authorization is the Answer Suppose traditional RBAC functions much like an old-fashioned keycard. You plug in your user information, and if you’ve been preassigned access, you’re waved in. Dynamic authorization takes in a much more complex set of variables– not just for the network but also for application resources, data assets, and any other assets. Thus, for the first time making NIST’s definition of zero trust architecture an attainable reality for most businesses. Where RBAC is 2D, dynamic authorization, like policy-based access control (PBAC), is 4D, considering not just who but also what and when before making an access decision. It evaluates not just the person making the request but also what that person is trying to access, what that access enables them to do within the system, and —taking a bird’s eye view— the established system-wide conditions for that access, and only then does it come to a final access decision. This hugely complex process—which, in practice, is completed in seconds—is repeated every single time someone attempts to make contact with your environment. The key word here is granularity: making a decision with the highest levels of granularity possible in order to keep your company (and your customers) safe. Again, this technology exists right now, but far too few companies are taking advantage of it. According to the survey referenced earlier, only 31 percent of respondents said they have sufficient visibility and control over authorization policies intended to enforce appropriate data access. Dynamic authorization can provide that visibility and more— finally fulfilling the promise of zero trust architecture and keeping their assets out of the hands of bad actors. Gal Helemski Gal Helemski is the Co-Founder and CTO/CPO of PlainID and a highly recognized and acclaimed cybersecurity expert. She plays a key role at PlainID as a strategic leader, visionary, and evangelist while overseeing product development, including leading the product architecture, strategy, and engineering teams. During the last 20+ years, Gal has defined solutions for customers and created and defined project specs, technical documentation, presentations, and training focused on identity and access management. As an early member of the CyberArk team, Gal has been highly influential in the identity space for most of her career. She earned a bachelor of science degree in physics and computer science from Bar-Ilan University after serving six years in the Israeli Defense Force’s prestigious Mamram computing unit. Related Posts
PlainID Frequently Asked Questions (FAQ)
When was PlainID founded?
PlainID was founded in 2014.
Where is PlainID's headquarters?
PlainID's headquarters is located at Yigal Alon 94, Tel Aviv.
What is PlainID's latest funding round?
PlainID's latest funding round is Series C.
How much did PlainID raise?
PlainID raised a total of $99M.
Who are the investors of PlainID?
Investors of PlainID include Viola Ventures, Springtide Ventures, Capri Ventures, INcapital Ventures, SAP and 7 more.
Who are PlainID's competitors?
Competitors of PlainID include ConductorOne, Immuta, SailPoint, 443ID, Permit.io and 7 more.
Compare PlainID to Competitors
Aserto bridges the gap for business owners who cannot afford to create in-house authorization software by offering cloud-native software that can easily be integrated into any system.
Silverfort provides a unified identity protection platform for consolidating security controls across corporate networks and cloud environments to block identity-based attacks. It monitors all access of users and service accounts, analyzes risks in real-time using artificial intelligence (AI)-based engines, and enforces adaptive authentication and access policies. The company was founded in 2017 and is based in Tel Aviv, Israel.
Entitle offers a permission management and automation platform. It provides features such as self-serve access requests, policy definitions, insights, and permissions reviews. It integrates with applications such as AWS, Slack, Gmail, DropBox, and Google Drive. The company primarily serves commercial customers and businesses. The company was founded in 2021 and is based in Tel Aviv, Israel.
Saviynt offers enterprises to scale cloud initiatives and solve security and compliance challenges in time. It provides various services such as data access governance, application access governance, and more cloud-based services. Saviynt was founded in 2010 and is based in El Segundo, California.
SailPoint (SV7:FRA) provides an identity security cloud platform that discovers, manages, and secures identities and access. Through its AI-driven intelligence, SaaS-based security, cloud access management, file access management, password management, and real-time access risk analysis it enables the enterprises to gain complete access visibility to all their systems. The company was founded in 2005 and is based in Austin, Texas. In August 2022, SailPoint was acquired by Thoma Bravo at a valuation of $6.9B.
Futurae creates multi-factor user authentication solutions for online applications. The company offers a portfolio of authentication products based on machine learning and sound. It provides solutions such as transaction confirmation, fraud detection, smart assistant, passwordless authentication, and more. It serves banking, payment, insurance, retail, and other industries. The company was founded in 2016 and is based in Zurich, Switzerland.