VentureBeat recently published an article taking the wrapping off one of Bowery Capital's stealthy investments from 2020 called Cerby. You can read more about the company and new fundraising here. We were excited to participate alongside Ridge Ventures and Founders Fund and see some old strategic friends like Okta Ventures and Salesforce Ventures come into the round. We've been long the information security ecosystem since the formation of the firm in 2013 and continue to make investments in and around it. Our fascination has been around the Security Orchestration Automation & Response (SOAR) market in recent years, and the Cerby investment was one of the outputs of our thinking and research. Below lays out some specifics surrounding our involvement and the investment in the company.
Cerby was founded in 2020 by Bel Lepe and Vidal Gonzáles. Both founders were interested in the shadow IT problem that persisted in many Fortune 2000 companies. They began thinking in earnest about building a more secure and automated system to manage apps outside of the traditional centralized environments that we see today. Bel had been building products in the data, automation, and advertising spaces coming from Impira and Ooyala. Vidal had been in the Bowery Capital portfolio for some time as the Co-Founder and CTO of Wizeline. Before that he was a Senior Engineer at Ooyala. Both Bel and Vidal had known each other through these networks for some time and what started as a friendship and ideation turned into the creation of the company.
At it's core, Cerby offers enterprises a registration and automation platform where users can register apps not managed by the IT team, add permissions, and automatically identify and address security gaps whenever they emerge. They specialize in identifying app accounts outside of the managed ecosystem and provide automation around the complete lifecycle of those apps so users don’t have to worry about rotating passwords, enrolling 2FA, removing users, or turning off certain non-IT compliant settings. Many of the tools that focus on this category of applications still rely on the user to carry out important security tasks. In addition, users and managers usually still have to wait on app developers or internal teams to close a gap around SSO or deprovisioning. With Cerby, everything is automated. There is no wait.
The number of non-IT managed apps used in the workplace has skyrocketed to the degree where a high number of applications that organizations rely on a day-to-day basis aren’t properly managed or secured. Bel says it best in his quote to VentureBeat: "Nowadays one out of every two apps used in the workplace is purchased by a non-IT buyer. Globally, this is about $400 billion in technology spending. While this is great for productivity, it is bad for security since these apps are several times more likely to be hacked by malicious third parties."
Cerby is based in San Francisco, CA and Guadalajara, México.