Aserto’s Playbook: How to Create a New Enterprise Software Category When Standards Don’t Exist
Creating a new enterprise software category isn’t just about building innovative technology—it’s about recognizing when an industry is ready for transformation. In a recent episode of Category Visionaries, Omri Gazitt, founder of Aserto, revealed how his team is building the cloud-native authorization category from the ground up.
The 15-Year Gap
The story begins in Microsoft’s Azure division, where a crucial insight emerged. “All the new apps were going to be written, the SAS apps. That was pretty clear even in 2007, 2008,” Omri explains. While authentication moved to the cloud with clear standards like OAuth 2 and OpenID Connect, authorization remained stuck in the past.
Finding the Right Moment
After leaving Microsoft, Omri gained perspective at companies like HP and Puppet before the opportunity became clear. “In 2020 we kind of asked ourselves what’s still hard to do as a developer?” he recalls. The answer hadn’t changed in a decade: authorization remained a persistent challenge without standardized solutions.
The Validation Pattern
Rather than diving straight into building standards, Aserto studied how major tech companies solved authorization internally. “If you look at Google, they wrote a paper called Zanzibar Intuit, has a system called Oxy. Carta has one airbnb. Netflix. They all kind of wrote publicly about how they did things,” Omri shares.
This research revealed common patterns that would become the foundation for their category-building efforts.
The Competition Paradox
Counter-intuitively, competition has helped validate the category. “We’ve gone from zero when we first started to about ten companies that are doing roughly what we’re doing, which is a blessing and a curse,” Omri notes. The emergence of competitors helps educate the market about the need for dedicated authorization solutions.
The Standards Strategy
Aserto’s approach to standards draws from historical patterns in enterprise software. “I’m old enough to go back to the days of databases, pre-SQL and pre-ODBC,” Omri explains. “The database category didn’t really take off until you had a common language SQL… that basically standardized a lot of the language elements.”
But timing is crucial. “You don’t want to kind of go in too early because pre-standardizing things before you actually have some market pull is dangerous,” he warns. “But for this to really grow as a category… we’ll have to go create some standards and then compete within those standard frameworks.”
Market Education Through Problem Definition
Rather than pushing a solution, Aserto focuses on articulating the problem. “Authorization is a more domain specific problem,” Omri explains. This helps potential customers recognize their own challenges in Aserto’s narrative.
They’ve identified two clear use cases: “B2B SaaS vendors that want to move from a coarse grained authentication model… to a fine grained authorization model” and “enterprises that want to create a common authorization control plane for a number of their internal applications.”
The Category Vision
Success in category creation requires a clear long-term vision. Omri’s is straightforward: “Our vision is to basically be the enterprise control plane for authorization in the age of SaaS and Cloud.”
The end goal? Reaching a point where “no one is confused about authorization as something that they have to go build on their own. In fact, they don’t want to because that means that their application is going to be a snowflake.”
For technical founders building new categories, Aserto’s journey offers a crucial lesson: timing and market education are just as important as technical innovation. Sometimes the biggest opportunities come not from building something entirely new, but from standardizing something that everyone has been building differently.