We are excited to announce that Scale has led the $8M Series A round at Permit.io, creator of the full-stack authorization-as-a-service platform.
Where Auth0 is famous for authentication (who is this user?), Permit enables access control (what can this user do?). Their Product Hunt launch video describes it more memorably than I can.
Permit fills a hole in the broader identity market we’ve been tracking for a long time. Permission management has always been a drag on engineering teams and a top contributor to technical debt. But recent changes have made it both more difficult to manage and easier to outsource:
Microservices: As companies move from monoliths (single deployable app in a single language) to microservices (hundreds of mini apps developed independently and in different languages), keeping authorization logic consistent across microservices is hard. Libraries need to span languages and microservices deployments that are supposed to be independent become coupled, eroding the benefits of microservices.
Standardization: As with other categories, Google and other big tech companies ran into and solved the fragmented authorization problem before others. Google’s 2019 Zanzibar paper describes how such a system underpins file-sharing across all its applications. Uber, Reddit, Intuit, Carta, Airbnb and Netflix have followed with similar systems. It seems once you reach a certain scale of complexity, regardless of industry, you’ll end up needing to build a centralized permission management system for your users.
We like startups that build engineering services typically found only in big tech companies and offer them for everyone else. Previous Scale investment Honeycomb took inspiration from Facebook’s internal monitoring suite, and Datastax operates Cassandra, which also emerged from Facebook.
Or Weis, Permit’s CEO, is a student of product-led sales for developers. I first met him as CEO of Rookout, which sold to observability and security platform Dynatrace. At Rookout, he built and rebuilt the permissions system five times. He and Asaf, co-founder and CTO out of Facebook, have proven an early GTM strategy that serves both developers and the enterprise. They’ve excelled at open source GTM and community building, with clear signal coming from their success on Product Hunt and social traction.
The Permit platform takes a batteries-included approach to authorization. Rather than build yet another policy engine, they let you choose from any existing one (OPA, Cedar and others), and give you all the additional functionality you need to operationalize it, from deployment to synchronization. This last part is powered by their open source project, OPAL, which you can hear Or and I discuss in this freshly minted podcast interview.
If you think my enthusiasm is a little high, that’s because the vibe from customers is contagious. One said, “The last time I was this excited about a new product was my first use of Auth0.” Don’t believe me? Join their active Slack group and ask. Better yet, take Permit for a spin and you’ll never build permissions again.