Cerbos, a startup with an open-source platform for managing user access to applications, today announced that it has raised $7.5 million in seed funding.

OMERS Ventures led the round with participation from multiple angel investors. Cerbos, officially Zenauth Ltd., previously raised $3.5 million in 2021. The London-based startup said it will use the proceeds from its latest round to enhance its technology.

When users log into an application, the application has to determine which features they can access. An administrator, for example, might require access to a broader set of features than business users. The process of determining who can interact with what section of an application’s interface and how is known as authorization.

Cerbos provides an open-source authorization platform of the same name. It allows developers to write policies that define who can access what application features in YAML, a relatively simple programming syntax. When a user logs into an application, Cerbos checks the YAML-based authorization policies defined by developers and provisions feature access accordingly.

Historically, software teams embedded authorization logic directly into their applications’ code files. According to Cerbos, that approach can complicate software maintenance. The startup’s platform stores authorization policies separately, which allows developers to easily change them when needed without having to update their applications’ core code.

“Decoupling authorization makes life easier for both developers as well as product managers and security teams who create the requirements,” said co-founder and Chief Executive Officer Emre Baran. “Once implemented, the developers can focus on the rest of their job without having to deal with every change in access control logic.”

When a Cerbos instance launches, it loads authorization policies into memory to speed up processing. Keeping data in memory removes the need to fetch it from storage, which reduces application response times. The company says its platform is an “order of magnitude” faster than some competing tools.

For debugging purposes, the startup has included a built-in auditing tool. The tool logs each authorization request that Cerbos processes as well as the reason it was allowed or denied. Developers can use the logs to troubleshoot potential errors in an application’s authorization policies.

The company says that its platform is used by hundreds of companies to process tens of millions of authorization requests per week. It plans to monetize the platform with a commercial, managed version dubbed Cerbos Cloud. The startup announced the service today in conjunction with its new funding round. 

Cerbos Cloud is designed to reduce the amount of manual work involved in managing Cerbos deployments. It also includes a built-in CI/CD, or continuous integration and continuous delivery, tool. According to the startup, software teams can use the tool to quickly update the authorization policies of their Cerbos-powered applications.

Image: Unsplash