The Story of Aserto: Building the Future of Cloud Authorization
Some of the biggest opportunities in enterprise software come from identifying what’s broken in existing systems. In a recent episode of Category Visionaries, Omri Gazitt shared how his experience building Azure Active Directory revealed a critical gap in enterprise security that would eventually lead to founding Aserto.
The Azure Years: Spotting the Gap
The story begins fifteen years ago at Microsoft, where Omri was leading what would become Azure Active Directory. “I was the general manager for what was the Azure Access Control service,” he explains. His team recognized a fundamental shift: “All the new apps were going to be written, the SAS apps. That was pretty clear even in 2007, 2008.”
This shift meant authentication and authorization needed to move to the cloud. While working alongside industry peers, Omri’s team helped develop crucial standards like OAuth 2, OpenID Connect, and JWT. The result? Authentication became a solved problem, with companies like Okta and Auth0 providing robust solutions.
But authorization—determining what users can do once they’re logged in—remained stubbornly complex.
From Observation to Action
After leaving Microsoft in 2011, influenced partly by Steve Jobs’ famous Stanford commencement address about staying hungry and staying foolish, Omri gained broader perspective working at companies like HP and Puppet. These experiences reinforced his observation about the authorization problem.
“In 2020 we kind of asked ourselves what’s still hard to do as a developer?” Omri recalls. The answer was clear: authorization remained just as challenging as it had been a decade earlier. This realization led to founding Aserto.
Building the Solution
Studying how companies like Google, Intuit, and Netflix handled authorization internally revealed common patterns. “We coined that phrase,” Omri explains, referring to the principles of authorization that would guide Aserto’s development.
These principles included building authorization as a distributed system, moving from coarse-grained roles to fine-grained permissions, and enabling real-time authorization decisions rather than relying on static tokens.
Finding Their Market
Today, Aserto serves two distinct customer segments. First are “B2B SaaS vendors that want to move from a coarse grained authentication model… to a fine grained authorization model.” Second are “enterprises that want to create a common authorization control plane for a number of their internal applications.”
This dual market focus has helped validate the widespread need for better authorization solutions across the enterprise software landscape.
The Road Ahead
Looking to the future, Omri’s vision is clear: “Our vision is to basically be the enterprise control plane for authorization in the age of SaaS and Cloud.” The goal isn’t just to solve authorization for individual applications, but to transform how enterprises manage permissions across their entire software ecosystem.
This ambitious vision could redefine how organizations handle access control. As Omri explains, success means reaching a point where “no one is confused about authorization as something that they have to go build on their own. In fact, they don’t want to because that means that their application is going to be a snowflake.”
While the category is still emerging, with about ten companies now competing in the space, Omri recognizes that “software is typically a winner takes most type of endeavor.” The race is on to become the standard for cloud-native authorization, just as companies like Okta became the standard for authentication.
For technical founders, Aserto’s story demonstrates how deep domain expertise, combined with patience in identifying the right moment to build, can unlock opportunities to create entirely new categories in enterprise software. Sometimes the biggest opportunities aren’t in building something entirely new, but in finally solving a persistent problem that everyone has learned to live with.