June 20, 2022

Why we invested in Pangea

Security services and APIs for app builders

By Barmak Meftah, Co-founder and General Partner

Think about a brand new company, looking to build a new application. Where would you go to start building the foundation of your app? It’s not a trick question, it’s pretty obvious: you would likely go to AWS or GCP. The cloud providers have everything you need to get started. They give you compute, storage, networking, and database access, among other things, with great APIs to manage all of the above and more. It’s pretty easy nowadays. AWS alone on-boarded 50,000 new startups just last year.

Now, where would you go to start building security into your app? This question isn’t as easy to answer. That’s because there is no one place you can go to build security into your application. To build security into your application would require you either to build these security capabilities from scratch, or to research and segment the thousands of vendors in security to identify what capabilities you actually need. Then comes the process of down-selecting vendors. Once this is done, you will discover that these vendors build their security products primarily for enterprise consumption with a UI-first mindset. APIs are an afterthought, making it challenging for an application builder to adopt. Back to the question of how to build security into your app? It’s not so easy.

This is what has me so excited about the vision and the team at Pangea. They want to solve this problem and make it simple to add security to any app, even if you are not a security expert. Pangea is building a core set of API-first security services that can quickly and easily be added to any cloud application so you can confidently deliver a secure experience to your customers no matter what you are building. It’s similar in nature to AWS for Compute APIs, Twilio for Communications APIs, Stripe for Billing APIs. Now, we have Pangea for security APIs.

Ballistic Ventures is proud to announce our investment in Pangea. There is a veteran team at Pangea, led by Oliver Friedrichs and Sourabh Satish, that understands how to build security from the inside out. This team has a proven track record of delivering amazing technology to the market with a customer-first approach. At Ballistic, we started talking to Oliver about this idea two years ago and could not wait to get started. This is where Pangea really stood out to us:

Uniting security APIs for builders

Pangea is that single place you can go to get everything you need to build security into your application. Here is the list of services they will be starting with:

  • Secure Audit Log
  • Embargo Check
  • Redact
  • Secure Object Store
  • Secure File Share
  • Sanitize
  • Object Scan
  • File Reputation
  • IP Reputation
  • Geolocation
  • Authentication
  • Authorization

The team has a great roadmap of more to come after these initial services. All of this is built with an API-first methodology and a uniform API layer, making it very easy for a builder to consume. It’s also cost effective to get started. There is a generous free tier for each of the services, with pay-as-you-go pricing beyond the free tier.

Helping applications become compliant, faster and easier

Becoming compliant in GDPR, SOC2, PCI, HIPAA, and ISO27001 is hard and takes a lot of time, especially when you are building an application from scratch. The security services and APIs from Pangea can help remediate many gaps in your compliance assessment. The Pangea team has built many of these services, like secure audit log, to meet the requirements defined in the end controls from these compliance frameworks.

Every Pangea service is globally accessible and regionally intelligent. Services are available on AWS and GCP (Azure coming soon), across multiple geos and availability zones, to maximize availability and minimize latency. This manages the complexity of GDPR data residency, service resiliency, redundancy, regional availability, and performance — so you don’t have to.

Simple integrations save you time

Pangea manages the services and infra, storage, compute, operations, upgrades, and maintenance. Not the builder. Their API-first plug and play services mean less time procuring and customizing code. And Pangea’s SDK makes it easy to integrate these services into any development environment. With all of this, builders buy back more of their time that can be spent building their app, rather than building security features. All of this adds up to getting your app into production faster.

These capabilities are just the introduction to Pangea. We’re excited for the potential this has in helping the builder community deliver secure applications, as well as contributing to our global, collective effort in delivering a secure digital world.Our partners at Ballistic are excited to work with Pangea, where we can offer support and share perspectives throughout the growth of the technology. Our experience and network at Ballistic is unmatched in the cybersecurity industry, offering a great support system for and partnership with the talented team at Pangea. My excitement is reinforced by joining the Board of Directors of Pangea and supporting the team effort in delivering API-first security services to the builder community.

We’re driven by urgency

We have a profound sense of moral responsibility to address the growing threats to society’s cyber infrastructure. Learn more about why we exist.