PlainID Uses Policies for Access Control


By: Mary Jander

When it comes to identity governance and administration (IGA), there are two functions that stand out. One is authentication, which verifies that a user is who they claim to be. A second is authorization, which ensures that once admitted to a network, a user can only access data and applications for which they are authorized by corporate policy.

Startup PlainID says that second aspect of IGA has long been left in the hands of developers. So the company has made a mission of addressing the need for authorization as-a-service, configured automatically, managed centrally, and enforced in a distributed fashion. The need for this has grown as enterprise workflows move to the cloud.

“We address a crucial gap in the security posture,” said Gal Helemski, co-founder and CTO/chief information and product officer at PlainID, in an interview with Futuriom. “Our platform manages the authorization process. We manage what identities can do once they are authenticated.”

Gal Helemski. Source: PlainID

A doctor, for example, might have access to patient records. But she doesn’t have access to all records, and she’s limited in what she can do with the records she can access. Depending on company policy, PlainID will allow her to access records of patients in a specific hospital in her field of specialty. For those patients only, she will be able to update their records and manage their medication lists.

Policy-Based Authorization

PlainID enables security personnel not just in information technology (IT) but within the lines of business to control access through policies set via natural language in a graphical user interface. This ensures that IT alone isn’t responsible for authorization policies, a situation that has resulted in time constraints and blockages within organizations.

Policies are governed by a range of factors, including time, place, device, or security status, and access is provided in real time, dynamically, based on attributes such as name, title, pattern, and/or other characteristics. The system has the smarts to determine whether a specific user meets a set of policy-based criteria and then allows access. In the event of a breach on the network, access can automatically shut off.

The wizard-based interface lets administrators, for instance, allow specific users to access an account and then offer privileges to view it, edit it, approve changes, or deny changes. This is in contrast with legacy systems that link databases of privileged users to specific applications through provisioning connectors, PlainID says. In those cases, development is required to fine-tune the access credentials.

External Links Supported

PlainID is integrated with a range of third-party products. The platform works with API gateways such as Apogee. It runs in conjunction with authentication tools from Okta, SailPoint, and others. It interacts with SAS business intelligence. And it works with Snowflake and Dremio data management platforms and is also integrated with MySQL, PostgreSQL, and a variety of other databases, APIs, and interfaces. But the vendor insists that its approach is no code. The goal is to provide support for leading solutions without requiring development to authorize access to applications, data, or APIs.

PlainID claims 100 customers, including Wells Fargo and Fannie Mae. It enters a market for identity access management (IAM) that has a number of competitors, including Ping Identity and Axiomatics. But Helemski says she’s confident that PlainID’s support of both business intelligence and operational data make it a tough contender.

Startup Profile: PlainID

HQ location: Tel Aviv, Israel, and New York, N.Y.

Year founded: 2014

Employees: About 100

Founders: Oren Ohayon Harel, Gal Helemski

CEO: Oren Ohayon Harel

Target market: Enterprise security authorization for zero-trust identity access management (IAM)

Prominent investors: Insight Partners, Viola Ventures

Funding raised to date: $100 million, including $75 million Series C in 2022

Note: Futuriom extends our deepest thoughts and support to our friends and partners in Israel. 🇮🇱