Tozny introduces encrypted identity tool as part of security service platform

Tozny, a Portland, Oregon startup that wants to help companies more easily incorporate encryption into their programs and processes, introduced TozID today. It is an identity and access control tool that can work independently or in conjunction with the company’s other encryption tools.

“Basically we have a Security as a Service platform, and it’s designed to help developers and IT departments add defense in depth by [combining] centralized user management with an end-to-end encryption platform,” Tozny CEO and founder Isaac Potoczny-Jones told TechCrunch.

The company is introducing an identity and access solution today with the hope of moving beyond its core developer and government audience to a broader enterprise customer base.

Under the hood, TozID uses standards identity constructs like single sign-on, SAML and OpenID, and can plug into any existing identity framework, but the key here is that it’s encryption-based and uses Zero Knowledge identification. This allows a user (or application) to control information with a password, while reducing the risk of sharing data because Tozny does not store passwords or send them over the network.

In this tool, the password acts as the encryption key, which enables users or applications to control access to data in a very granular way, only unlocking information for people or applications they want to be able to access that information — and nobody else.

As Potoczny-Jones points out, this can be as simple as one-to-one communication in an encrypted messaging app, but it can be more complex at the application layer, depending on how it’s set up. “It’s really powerful to have a user make that decision, but that’s not the only use case. There are many different ways to enable who gets access to data, and this tool enforces those kinds of decisions with encryption,” he explained.

Regardless of how this is implemented, the user never has to understand encryption, or even know that encryption is in play in the application. All they need to do is enter a password as they always have, and Tozny deals with the complex parts under the hood, using standard open source encryption algorithms.

The company also has a data privacy tool geared towards developers to build in end-to-end encryption into applications, whether that’s web, mobile, server and so forth. Developers can use the Tozny SDK to add encryption to their applications without a lot of encryption knowledge.

The company has been around since 2013 and hasn’t taken any private investment. Instead, it has developed an encryption toolkit for government agencies, including NIST and DARPA, that has acted as a de facto kind funding mechanism.

“This is an open source toolkit on the client side, so that folks can vet it for security — cryptographers like that — and on the server side it’s a SaaS-type platform,” he said. The latter is how the company makes money, by selling the service.

“Our goal really here is to bring the kind of cybersecurity that we’ve been building for government agencies into the commercial market, so this is really work on our side to try to, you might say, bring it down market as the threat landscape moves up market,” he said.


By Ron Miller

Scytale grabs $5M Series A for application-to-application identity management

Scytale, a startup that wants to bring identity and access management to application-to-application activities, announced a $5 million Series A round today.

The round was led by Bessemer Venture Partners, a return investor which led the company’s previous $3 million round in 2018. Bain Capital Ventures, TechOperators and Work-Bench are also participating in this round.

The company wants to bring the same kind of authentication that individuals are used to having with a tool like Okta to applications and services in a cloud native environment. “What we’re focusing on is trying to bring to market, a capability for large enterprises going through this transition to cloud native computing to evolve the existing methods of application to application authentication, so that it’s much more flexible and scalable,” Sunil James, company CEO told TechCrunch.

To help with this, the company has developed the open source, cloud native project, Spiffe, that is managed by the Cloud Native Computing Foundation (CNCF). The project is designed to provide identity and access management for application-to-application communication in an open source framework.

The idea is that as companies transition to a containerized, cloud native approach to application delivery, there needs to a smooth automated way for applications and services to prove they are legitimate very quickly in much the same way individuals provide a username and password to access a website. This could be, for example, as applications pass through API gateways, or as automation drives the use of multiple applications in a workflow.

Webscale companies like Google and Netflix have developed mechanisms to make this work in-house, but it’s been out of reach of most large enterprise companies. Scytale wants to bring this capability to authenticate services and applications to any company.

In addition to the funding announcement, the company also announced Scytale Enterprise, a tool that provides a commercial layer on top of the open source tools that the company has developed. The enterprise version helps companies, who might not have the personnel to deal with the open source version on their own by providing training, consulting and support services.

Bain Capital Venture’s Enrique Salem sees a startup solving a big problem for companies who are moving to cloud native environments and need this kind of authentication.”In an increasingly complex and fragmented enterprise IT environment, Scytale has not only built Spiffe’s amazing open-source community but has also delivered a commercial offering to address hybrid cloud authentication challenges faced by Fortune 500 identity and access management engineering teams,” Salem said in a statement.

The company, which is based in the Bay area, launched in 2017 and currently has 24 employees.


By Ron Miller