- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Page 5 of 5
Focus: Application user management service
Location: San Mateo
Management: Co-founder and CTO Les Hazlewood is chair of Apache Shiro project
Funding: $1.5 million seed funding from NEA, Flybridge and Andy Rachleff (as an angel)
Product availability: Public beta
Why we're watching: Stormpath is trying to make more palatable one of the peskiest parts about building an application: managing user access controls and all of the various accounts, passwords and authentication
Think about it this way: Any application that has more than one user needs a way to manage the different users' passwords, what parts of the application he or she can cannot access, as well as manage password resetting and account verification.
The problem, says co-founder and CEO Alex Salazar, is that "this stuff is hard to get right." Even for experienced developers who know how to build user access controls, it's not trivial to write code providing these features. Plus, Salazar says it's not something that is a distinguishing feature of your application, it's basically just something that applications need. Salazar points to high-profile breaches of companies like LinkedIn, Sony and eHarmony to illustrate how important user access controls can be. "If you get this stuff wrong it can be really bad."
Stormpath was born out of the vision of Salazar, a former IBM senior sales executive, and Les Hazlewood, a former enterprise architect at Bloomberg and Delta Airlines and one of the pioneers of the open source Java security framework Apache Shiro, which is a core piece of the Stormpath code. Salazar compares it to a trendy nightclub where Shiro is the bouncer standing at the door, providing the security framework, while Stormpath would be the guest list, dictating who is let in.
Stormpath is code language and framework agnostic and is priced based on the number of applications it is managing with different tiers of feature sets offered, ranging from a free version to an enterprise-grade fully supported option. Because the service is delivered through a SaaS-based model, Salazar says Stormpath is able to centrally implement the latest security patches and settings throughout the system.
Into next year, Stormpath is hoping to expand its role in the application lifecycle process beyond just developers. Stormpath hopes to extend the service to operations and IT professionals who are looking to set up user access controls within an organization. "Our goal is to help them implement a next generation user management system and help them migrate off LDAP, [Active Directory], custom systems, and home-grown scripts where they want to," he says.
Read more about cloud computing in Network World's Cloud Computing section.