Permit.io has launched its new Permit Elements, a low-code solution to help companies manage their own access controls (security). To find out more, VMblog spoke with Or Weis, the company's CEO & Co-Founder.
VMblog: Can you give our
readers a reminder of the general problem Permit.io is trying to solve?
Or Weis: Every product requires
access control and permissions. However, developers keep rebuilding it from
scratch for each new product, and sometimes even multiple times for the same
product. Permit.io solves this problem by providing developers with a
full-stack access-management framework that can be easily implemented into
their product with little or no authorization knowledge. All the components,
back-office, and interfaces required for developing end-to-end application
level access-management are already built into Permit.io.
VMblog: You have a brand new
product on the market: Permit Elements. What's it about and how does it work?
Weis: Permit Elements is a
solution for developers who need to give their clients the option to manage
permissions for their own users. It provides ready-made embeddable interfaces
that provide customers with the ability to create, delete, and manage their own
access controls. This is all done with pre-built UI components and low-code
interfaces, making the solution user friendly and consistent with the rest of
the Permit.io experience.
VMblog: Why would a company
want to manage their own access controls? Isn't that what they are paying
Permit for in the first place?
Weis: Companies don't want to
build access-control, but they do want to control it. By managing their own
access controls, companies can govern which identities have access to which
resources. This enables them to secure their sensitive information, assets, and
systems according to advanced security principles like least-privilege. They
can also meet compliance standards (which is especially important in industries
like healthcare and finance). Achieving these requirements is an accelerator
and a requirement for cloud adoption.
VMblog: What role does low code
play in all of this? Do you think low code is critical for getting more teams
involved with security?
Weis: Low-code is eating the
world. Not only does it make more developers more efficient, it also empowers
other teams outside of engineering to be autonomous and remove developers as a
bottleneck. With security becoming a core requirement and an everyday concern
across organizations, all roles need to be involved in security ops. Low code
enables all users to take part in enforcing hardened security controls by
making them accessible.
VMblog: How does the Permit
team's experience from companies like Facebook and Microsoft impact how you
think about security? Are the problems different for startups and smaller
companies than they are for large enterprises -- or is everyone worried about
the same things?
Weis: The problem of building access control
is painful and resource consuming for companies of all sizes. But it can be
even worse for larger organizations like Facebook and Microsoft because these
enterprises have multiple products and convoluted architectures that are often
inter-connected, as well as tens of thousands of identities (if not more).
Their access-management controls have to take these all into account and provide
a secure and granular mechanism that enables governing access management. This
makes building authorization from scratch even harder. Working at and with
enterprises of these sizes, as well as small startups, has given us insights
into how to build a solution that enables the business while also prioritizing
the developer experience.
##