Founders in Focus: Oliver Friedrichs of Pangea
Welcome to our Founders in Focus series, where each month we highlight one of the founders of Okta Ventures’ portfolio companies. You’ll learn more about them and how they work with Okta. This month, we’re getting to know Pangea and their mission to arm developers with security tools.
What is Pangea, and what is your mission?
Pangea is the world’s first-ever Security Platform as a Service (SPaaS) provider. We’re delivering the most comprehensive collection of security services for cloud and mobile app developers, SaaS platform providers, and security operations centers. Our mission is to make security a core part of every developer’s toolset.
What were you doing prior to Pangea that led you to this moment?
Prior to Pangea, I had the opportunity to build a handful of enterprise security products across multiple startups and large enterprise security vendors — both on-premise, and later cloud-based, which ultimately protected some of the world’s most important organizations. This included McAfee, Symantec, Cisco, and Splunk, to name a few!
Our last company was Phantom — where we integrated with over 300 different API-based applications and data sources ... across hundreds of vendors ... essentially stitching these products together. We were essentially the customers of the emerging API-first ecosystem that was forming, with an emphasis on the Security Operations Center.
After Phantom was acquired in 2018, I spent three years as VP of Security Products at Splunk. Then, in early 2021, after the transition was finished, I moved on and decided to take some time off. I had the chance to talk with a lot of friends and colleagues who were actively building new cloud applications.
One thing became evident — in every single product that we had built, and in every product that they were building, we had to re-invent key security features that the enterprise needed. Whether it was basic authentication and authorization needs, or specific features like malware scanning, PII management, audit logging, and so on. We were reinventing the wheel every time and it became evident that there was an opportunity to provide these building blocks out of the box.
At the same time, companies like Twilio and Stripe had proven you could deliver parts of a cloud application as an external API for developers to embed into their apps ... and that worked really well for communications and payment processing … so why not for cybersecurity?
Forrester projects a possible one million software companies by 2027. If they’re all rolling their own security features by developers who aren’t security experts, there’s a lot of room for error.
It became clear that there was a massive problem to solve, and my next call was to my past co-founder and CTO from Phantom, Sourabh Satish, to talk about building a unified security framework for developers. That’s when we got started.
What is Pangea’s solution? What challenges does it solve?
At Pangea, we’re building the world’s first SPaaS — giving developers the building blocks to add security easily to any cloud application. Everything from authentication to authorization, secrets management, a secure audit log, cryptography, secure file storage, and much more. As mentioned above, we’ve seen this model work to redefine software delivery in other categories:
We’ve seen PaaS providers like AWS, GCP, and Azure that now provide hundreds of APIs for computing, storage, and database.
We’ve seen Twilio lead the Communication PaaS (CPaaS) space by providing APIs for messaging and communications and Stripe for payment processing.
But we haven’t seen this in cybersecurity. There is no single place to go to embed security functions into your application. This is what Pangea is solving - making it dead simple to integrate security with just a few lines of code.
Why did Pangea want to work with Okta?
Okta clearly understands authentication and understands how developers want to use authentication in their applications. Every secure application starts with authentication; it’s literally the first line of code that people tend to write when building a new cloud app. Nobody does this better than Okta with Auth0. But after a developer integrates authentication, what should they do next? Securing an application doesn’t end with authentication. An obvious next step is audit logging to log important security events in a simple and tamper-proof manner. Pangea’s APIs and services are a natural extension of Okta’s industry-leading authentication platform. I see Pangea being complementary to Okta by delivering the long-tail of services necessary for a developer to complete their effort on integrating security into their applications. It’s really a perfect match.
What trends do you expect to see in the Application Security industry?
We’ve seen shift-left become a big theme in cybersecurity as more and more emphasis is placed on solving the root cause of security issues — the code itself. This has created a huge market for companies focused on code security — static and dynamic code analysis and on the security of the software supply chain (SCA, SAST, DAST, SBOM). We now also see dozens of companies focused on securing raw APIs themselves.
But what if we could shift even further left? Or “left of left”, and provide a trustworthy framework of secure code building blocks out of the box for developers to embed from the start?
This next progression is for developers to embed out-of-the-box security functions directly into their app runtime code. We’re calling this “left of left” because it’s bringing security into the development stage of the app, and far left of the build phase. Pangea’s introducing SPaaS is what makes this unbelievably easy for developers to do when building their applications.
Interested in joining Okta Ventures? Check out our FAQ here and feel free to reach out to our team or submit your business for review.