by Enrique Salem

Software is increasingly becoming an interconnected web of microservices, containers, and endpoints. The connections between each of these components can be compromised, creating potential security risk. The rise of cloud computing, distributed systems, and remote work has only accelerated these trends. To ensure that software is built securely and reduce the surface area open to potential breach, companies use certificates to identify software services, devices, and users.

Certificates are credentials used to secure network connections, including the HTTPS connection our browsers establish with web servers, SSH connections between developers and remote environments, and mutual TLS connections within enterprise architecture. Today, managing these certificates is a lengthy, manual process, without auditing or observability when things go wrong. Because certificate management gets more painful as companies get bigger and ship more software, some companies compromise on certificate coverage, leaving themselves and their users at risk.

Today, Bain Capital Ventures is thrilled to announce our participation in a $26 million combined Series A and seed round in Smallstep, the leading open-source certificate management toolchain for cloud and DevOps. We are joined by our friends at Boldstart Ventures, Accel Partners, Upside Partnership, and StepStone Group in this exciting investment.

Smallstep’s open-source platform makes it fast and easy to get started with a certificate authority, administer and automate client certificates, and inspect access tokens. Smallstep scales to millions of identified identities, reaching every workload, device, and user interacting with software. Regardless of the company’s deployment model, whether it be in Kubernetes, on-premise, or across clouds, Smallstep helps developers embrace zero-trust security principles with short-lived, automatically maintained certificates, rather than manually managing long-lived, stale certificates.

But while Smallstep’s technology is incredibly sophisticated, we never invest purely in technology, no matter how groundbreaking. At BCV, we invest in teams, and Mike Malone, the founder behind Smallstep, has spent the last several years successfully grappling with security issues in distributed software environments. He was previously the CTO of Betable, and lead architect of SimpleGeo, where he tackled identity and consistency issues in the trenches. He’s also a cited research author, known for his paper on cybersecurity policy in the Canadian Foreign Policy Journal.

Software security is becoming increasingly crucial as companies scale in our distributed, software-first world. As more software is built, more services, users, and devices are stitched together, and each connection must be secured via certificates to prevent the risk of a breach. Certificate management is a hugely time-consuming and expensive task for companies today, but Smallstep solves this problem with automation.

We’re beyond excited to deepen our partnership with Mike and the Smallstep team as they build the next great developer security company. Welcome to the BCV family, Smallstep!