The relationship between the developer experience and security, two priorities that have historically been at odds with one another, is about to enter a new era. This tension has only been exacerbated as of late as computing infrastructure has become more complex, cyber threats have increased, and DevOps has become a best practice. However, that's about to change.
Aligned with our Open Source, Developer Platform, and Cybersecurity roadmaps, we believe Teleport will be the defining solution to this emerging massive problem, granting infrastructure access seamlessly without compromising security.
That’s why Bessemer Growth is leading a $110 million Series C in Teleport, the easiest, most secure way to access infrastructure.
Why secure access is mission-critical
Most people think access is simple—just set up port forwarding for a web app, server, or other computing resource, and magically you’re working. The reality, though, is that the technology that allows for an access request to be granted is incredibly sophisticated: connectivity, authentication, authorization, and audit—making it work across all protocols on top of elastic infrastructure is not easy. The art of access is a technological feat only amplified by the heterogeneity of companies’ infrastructure environments, which now consist of multiple clouds, Kubernetes clusters, databases, monitoring tools, and CI/CD applications. As an example, the average enterprise uses nearly three public clouds, nearly three private clouds, over 100 cloud applications today, and nearly one-third of all backend developers use Kubernetes. Every piece of the technology stack has different configuration formats and primitives, requiring access to be configured and maintained discreetly.
Yet in this context of access becoming increasingly difficult, the need to provide secure access is more pressing than ever. 2021 saw a 50% increase in attacks on corporate networks, and nearly 80% of cyberattacks today leverage identity-based attacks to compromise legitimate credentials. These attacks hit the companies we would least expect, including some of the world’s most popular websites like Twitter and the largest cybersecurity companies like SolarWinds and Okta.
Hackers’ abilities to penetrate some of the world’s seemingly most secure organizations clearly demonstrates that the incumbent security model of VPNs and shared credentials is flawed. Just because a user is behind a corporate firewall does not necessarily make them secure, just because your passwords or private keys are in a vault does not make them secure, and access levels should not be uniform across an employee base. As a consequence, companies (and even the US government itself) are increasingly adopting the Zero-Trust Security model, which grants and continuously verifies access solely based on the identity and intent of a user. This is a world of “least-privileged” access, which is the right security posture for most, if not all, companies. Yet it, too, introduces complications to the access problem: security and IT administrators have needed to configure and maintain access on an individual-by-individual and app-by-app basis.
Meanwhile, organizations who take security seriously have always struggled to implement industry best practices without disrupting the way engineers work. Oftentimes having good security comes with enforcing too much red tape, slowing everything and everyone down.
Insights into the Unified Access Plane
Built on the widely-adopted open-source project created by its founders, Teleport’s security platform establishes an identity-based Unified Access Plane as a singular way for developers to access infrastructure—from databases to servers to web apps to Kubernetes clusters to remote Windows desktops—without compromising engineering productivity. Developers at companies from DoorDash to Nasdaq to Snowflake to Square have achieved tremendous productivity gains as access is simplified to a single command via the command line or web UI via Okta or IDP credentials.
But beyond productivity gains, the Unified Access Plane strengthens security via its ephemeral credential architecture, i.e. Teleport doesn’t employ any form of secrets in its design and doesn’t rely on network topology or even location of the infrastructure it’s protecting. This approach simplifies the shift to Zero-Trust, and thereby gains the trust of Chief Information Security Officers (CISOs) and compliance officers, while also empowering back-end administrators to configure access by role via a single command. Features like role-based access control and audit logs also enforce compliance with the likes of SOC 2, FedRAMP, and HIPAA, providing larger-scale business benefits. Teleport therefore succeeds in empowering developers with quick, easy access, taking a Zero-Trust approach to ensuring security, and reducing administrative overhead. Teleport’s DevSecOps approach to identity enforces best-in-class security while keeping the end user—the developer—in mind.
As Ev Kontsevoy, CEO of Teleport shared: “Passwords or private keys do not scale, and certainly don’t scale security. Instead, Teleport, gives every engineer, piece of hardware, and application an identity, a certificate. Identity-based access is both simpler and more secure than the traditional combination of network security and encrypted credentials. Assigning identity for everyone and everything, neutralizes more security threats and dramatically reduces the impact of breaches without impacting developer productivity.”
A team of credibility and integrity
Teleport’s deep understanding of its dual developer and security constituencies was abundantly clear in our first meeting with founders CEO Ev Kontsevoy, COO Taylor Wakefield, and CTO Sasha Klizhentas. As open source pioneers, the trio has credibility amongst developers and an understanding of the changing security landscape for enterprises. This powerful combination has primed Teleport to solve the access problem. We found Ev, Sasha, and Taylor to be not only product visionaries who impressed us with their rapid pace of innovation, but also leaders of high integrity who have recruited an equally exceptional team, including CMO Michael Ferranti and CRO Hector Hernandez. We look forward to working closely with the entire Teleport team as they continue to extend the access plane.
Teleport took a material step in that direction with the recent launch of Teleport 9 and MachineID, which delivers identity-based access and audit capabilities for infrastructure resources (servers, microservices, custom code, databases, etc.) in addition to engineers. Now the Unified Access Plane can aggregate and administer access to both humans and machines with an equal amount of confidence. Teleport also launched Teleport Connect, a dedicated, secure web browser that can be used to establish a single session for your entire computing environment.
Bessemer’s Growth team looks to partner with companies that will define the next century of how we live and work. We have spent over a decade investing in best-in-class developer-first platforms including Netlify, Imply Data, LaunchDarkly, Auth0, Twilio, HashiCorp, Prefect and more, and we are beyond excited to back another. We believe Ev, Sasha, Taylor, Hector, Michael, and the entire Teleport team will write the next chapter of the Unified Access Plane.
Sources: Slash Data’s State of Cloud Native Development Report; Flexera 2021 State of the Cloud report; Check Point Research: Cyber Attacks Increased 50% Year over Year; 2022 CrowdStrike Global Threat Report; Executive Order on Improving the Nation’s Cybersecurity, May 12, 2021 and Office of Management and Budget Releases Federal Strategy to Move the U.S. Government Towards a Zero Trust Architecture, January 26, 2022.