Running a web business that stores data in the cloud is becoming more and more popular, but many of the security aspects of a large user base — the authentication of users, the handling of passwords, audit logging and so on — are things that companies still want to do on their own premises, and connecting that to the cloud in a secure way is not an easy task. Stormpath, a startup that won the “people’s choice” award as part of the Launchpad at GigaOM’s Structure conference in San Francisco, was founded to solve that problem, CEO and co-founder Alex Salazar said in an interview last week at Structure 2012.
Stormpath provides a cloud-based security API that developers can integrate into their services and apps as a plug-and-play solution. It handles all of the authentication processes, including the management of passwords, and provides analytics that both large companies and startups can use to see how their service is performing. And it prevents companies who are focused on other things from having to reinvent the wheel, which Salazar says can lead to embarrassing security screwups.
“Even companies like Sony have problems with this kind of thing — one of the vectors they got attacked on was their password reset process,” he said. “And LinkedIn was storing passwords in a really insecure way. This stuff is hard.”
Stormpath, which was founded in the fall of last year by Salazar and his partner Les Hazlewood, raised $200,000 from a number of angel investors including Andy Rachleff, CEO of Wealthfront and co-founder of Benchmark Capital (who was one of Salazar’s professors at Stanford business school), and then closed a $1.5-million seed round in March from a group of investors including Flybridge Capital Partners and New Enterprise Associates. The company offers a freemium service in which users get a certain number of features for free and can then pay a monthly subscription for added functionality or customization.
In order to make communication between on-premise systems and cloud servers easier and more secure, Stormpath mirrors all of its clients’ data on its own secure infrastructure and then handles the communication back-and-forth between the two, Salazar said. The company’s hardware and software offers military-grade security, he said, and is much more secure than most companies would be able to build themselves.
Salazar said that the company is focused on solving problems for developers — either working on their own services, or within larger corporations — because “they have the biggest pain.” The chief information officer of their company may direct that they use the cloud, but doesn’t have to deal with the difficulties of implementing or managing user security. Using Stormpath allows them to provide a secure and efficient way of adding those abilities to an existing service without having to deploy a lot of extra development resources.