Teleport nabs $100M to provide identity-based infrastructure access
Teleport, a platform that assigns identities to hardware, software, and users to replace the need for passwords, today announced that it raised $100 million in a Series C fundraise at a $1.1 billion post-money valuation. Bessemer Venture Partners led the tranche with participation from Insight Partners, Kleiner Perkins, and S28 Capital, which brings Teleport’s total […]
Teleport, a platform that assigns identities to hardware, software, and users to replace the need for passwords, today announced that it raised $100 million in a Series C fundraise at a $1.1 billion post-money valuation. Bessemer Venture Partners led the tranche with participation from Insight Partners, Kleiner Perkins, and S28 Capital, which brings Teleport’s total raised to $169 million.
Co-founder and CEO Ev Kontsevoy says that the capital from the new round will be put toward product development and expanding the size of Teleport’s team from 200 people to around 300 by the end of the year. “The important aspect of growing our product is making Teleport more accessible,” he told TechCrunch via email. “In addition to constantly improving the open source and enterprise self-hosted downloadable versions, we will continue to invest in making our cloud-based offering globally available.”
Kontsevoy co-founded Teleport (formerly Gravitational) with Taylor Wakefield and Sasha Klizentas in 2015, with the goal of creating a product that could manage access to Kubernetes clusters. (Kubernetes clusters are a group of nodes, or worker computers, that run apps packaged with the necessary dependencies and services.) Wakefield had just exited two startups he’d helped to co-launch, including Mailgun (which was acquired by Rackspace in 2012), while Kontsevoy — a fellow Mailgun co-founder — was coming off a tenure as director of product at Rackspace. Post-Mailgun-acquisition, Wakefield also did a stint at Rackspace, where he was the site leader for the San Francisco office.
Kontsevoy, Wakefield, and Klizentas released Teleport’s flagship product, the eponymous Teleport, as an open source project in 2016. The system delivers what Kontsevoy describes as “identity-based” infrastructure access, acting as a secure proxy that understands protocols spanning SSH, HTTPS, and RDP to enable password-free route to resources such as databases, Kubernetes clusters, internal web apps, and networked servers.
The open source version of Teleport, Teleport Community Edition, remains available for download from GitHub. Teleport also offers a commercial, fully managed product that includes features like role-based access control.
“[At Rackspace,] we discovered engineers and developer teams were lacking an easy yet secure way to access their increasingly complex cloud environments. Most people we knew gravitated towards having to choose between security or convenience, and that’s frustrating. That’s why we started this project,” Kontsevoy said. “We want engineers to feel like their entire infrastructure gets ‘teleported’ into the same room with them.”
Teleport can secure communications based on certificates between machines like service accounts, servers, and custom code in apps. The system only allows certificate-based authentication by integrating with an identity manager like GitHub, Google Apps, Okta, or Microsoft Active Directory, and others, ostensibly protecting against compromised credentials.
Teleport provides a web dashboard for configuration, but requests for elevated permissions (e.g., to edit a system-level file) can be approved ad hoc via chat tools like Slack and Mattermost. System logs record events including authentication attempts, file transfers, network connections, and file system changes.
“Remote access should not be siloed — it must be consolidated, because having a single source of truth not only improves security but also lowers operational overhead and makes end-user experience better,” Kontsevoy said. “Teleport dramatically lowers the risk that compromised credentials can be used in an attack while also improving productivity for developers who need to access multiple infrastructure resources every day.”
To Kontsevoy’s point, it’s true that dev teams are being asked to keep up with a growing mix of critical infrastructure, particularly as business activities shift online during the pandemic. In a recent survey from Forrester commissioned by Sonrai Security and Amazon Web Services, more than half of IT and security professionals said that their company’s machines and digital identities were “out of control” and would require new security solutions. The consequences are becoming clear. More than 50% of companies expect a surge in reportable security incidents in 2022 above 2021 levels, according to PwC.
“Complexity is the biggest challenge our industry faces because complex systems are difficult to secure at a time when attacks are increasing and inevitable. Complexity comes as companies adopt new clouds, build new applications, and grow teams who increasingly work outside of the network perimeter,” Kontsevoy said. “Traditional solutions to these problems like VPNs, or secret vaults, or legacy privilege access management don’t solve the problem. Addressing this complexity problem means removing things from the stack, not adding even more complexity to it.”
Alternatives to Teleport include Bastion and StrongDM, the latter of which recently secured $54 million in capital. But Kontsevoy points to Oakland, California-based Teleport’s customer base as evidence of its growing traction in the market. Doordash, Elastic, Nasdaq, Snowflake, and Square currently use Teleport, as well as Samsung, NASDAQ, and IBM.
“Teleport has over 11,000 stars on Github and has been downloaded roughly 19 million times,” Kontsevoy noted. “We will continue with our unique approach of delivering industry-best security practices without sacrificing engineering productivity … By removing passwords and other secrets, Teleport eliminates the source of human error that leads to attack, and dramatically reduces the attack surface when disaster does strike.”