Highlights:

  • Procyon Inc., a provider of secure access management for multi-cloud enterprise infrastructure, announced that it has raised USD 6.5 million in funding for the launch of its privileged access management platform.
  • The Procyon Multi-Cloud Privilege Access Management platform is a solution that gives developers instant access to what they need, with sufficient privileges to perform what they need, and without requiring passwords.

Procyon Inc., a provider of secure access management for multi-cloud enterprise infrastructure, announced that it has raised USD 6.5 million in funding for the launch of its privileged access management platform, which, according to the company, will revolutionize how DevOps teams and developers access cloud services.

Lobby Capital led the financing round, with GTM Capital and First Rays Venture Partners also participating.

As multicloud environments become the norm, said Procyon co-founder and CEO Sukhesh Halemane and Chief Business Officer Akash Agarwal, accessing them securely has gotten more complex and challenging for developers. At the same time, cybersecurity teams have been strengthening their defences since many people with access to cloud environments have the power to compromise important data.

Sukhesh Halemane stated, “One of the biggest worries is highly privileged users having access to the crown jewels getting compromised, and if you think about it in the cloud every user who has access to the database account is a privileged user. A second problem is that either developers are struggling to get access to something, meaning they’re sending email or Slack messages and two days later they finally get access, or they have too much access, such as they have too many privileges assigned.”

The Procyon Multi-Cloud Privilege Access Management platform is a solution that gives developers instant access to what they need, with sufficient privileges to perform what they need, and without requiring passwords.

On the developer access end, the platform eliminates passwords by leveraging the Trusted Platform Module present in computing environments – such as PCs, laptops, and mobile devices – to authenticate devices in conjunction with an identity management provider such as Okta Inc. Procyon attaches user identities cryptographically to the resources they will access via TPM.

The business claims that the credential itself is safe and eliminates the need for password managers or vaults, hence removing everything that can be readily stolen. For more sensitive functions, TPM can also be integrated with biometrics such as fingerprint readers and FaceID on laptops and mobile devices for even greater protection.

The average cost of a data breach is USD 4.35 million, according to the 2022 cost of data breach research by IBM Corporation and the Ponemon Institute. The most prevalent cause of data breaches was stolen or compromised credentials, which required the greatest time to discover. Some breaches of major corporations in 2022 were the result of stolen credentials, such as the September hack of Uber Technologies Inc.

In conventional cloud systems, developers may have perpetual access to cloud resources that provide them credentials to sensitive systems. This renders them vulnerable to social engineering attacks like phishing, in which a hacker attempts to deceive a victim into divulging their password and other information.

To prevent this, Procyon provides a self-service portal where developers may request access to the precise resources they require, along with the duration of their requirement, and obtain access via a password-free method. The security team may design approval policies based on a variety of parameters, including compliance requirements, resource, identity, and approver. The rights can also be programmed to expire after a certain period of time, indicating that they are temporary.

This is known as “zero standing privileges” and “just-in-time access” in the industry, because it helps avoid the possibility of an attacker gaining access to overprivileged resources or a user account.

Akash Agarwal, Chief Business Officer at Procyon said, “In olden systems, you’d be given a password and access to these systems that you would retain for some period of time, in many cases forever. And you left the company and your email is being disbanded and maybe your access to corporate, but we’re discovering that other access that you shared over Slack still remains with you. Unless the company has a super-comprehensive system to know who was given access to what, they can’t revoke that. That’s what leads to compromises and the sale of credentials on secondary markets.”

The self-service portal is compatible with all major cloud providers, including Google Cloud, Microsoft Azure, and Amazon Web Services, and keeps track of all administrative rights and responsibilities. Procyon refreshes these roles whenever they are modified on these services so that business procedures do not fail.

If anything does go wrong, such as an account or service being accessed maliciously, Procyon’s platform provides a “kill switch” that can terminate sessions, devices, and accounts from accessing the system immediately. According to the firm, this is made simple since the platform stands between the developer and every service with which they connect and has a complete view of every authentication transaction and session. Agarwal highlighted that as the complexity of multicloud systems increases, so does the value of Procyon for corporate organisations.

Akash Agarwal further said, “With businesses with large engineering teams can’t manage this. They have full-time identity management teams where it’s someone’s job to provide you identity and access and that person is just overwhelmed trying to manage it. If you think about it, Procyon’s value proposition becomes compelling because we give that person automation. We give the entire DevOps team automation to manage privileges and eliminate potential compromises with what we do.”