Why We Invested In Smallstep: Taking The Headache Out Of Certificate Management

3 min read April 28, 2022
Spotlight Infra

by Enrique Salem

Software is increasingly becoming an interconnected web of microservices, containers, and endpoints. The connections between each of these components can be compromised, creating potential security risk. The rise of cloud computing, distributed systems, and remote work has only accelerated these trends. To ensure that software is built securely and reduce the surface area open to potential breach, companies use certificates to identify software services, devices, and users.

Certificates are credentials used to secure network connections, including the HTTPS connection our browsers establish with web servers, SSH connections between developers and remote environments, and mutual TLS connections within enterprise architecture. Today, managing these certificates is a lengthy, manual process, without auditing or observability when things go wrong. Because certificate management gets more painful as companies get bigger and ship more software, some companies compromise on certificate coverage, leaving themselves and their users at risk.

Today, Bain Capital Ventures is thrilled to announce our participation in a $26 million combined Series A and seed round in Smallstep, the leading open-source certificate management toolchain for cloud and DevOps. We are joined by our friends at Boldstart Ventures, Accel Partners, Upside Partnership, and StepStone Group in this exciting investment.

Smallstep’s open-source platform makes it fast and easy to get started with a certificate authority, administer and automate client certificates, and inspect access tokens. Smallstep scales to millions of identified identities, reaching every workload, device, and user interacting with software. Regardless of the company’s deployment model, whether it be in Kubernetes, on-premise, or across clouds, Smallstep helps developers embrace zero-trust security principles with short-lived, automatically maintained certificates, rather than manually managing long-lived, stale certificates.

But while Smallstep’s technology is incredibly sophisticated, we never invest purely in technology, no matter how groundbreaking. At BCV, we invest in teams, and Mike Malone, the founder behind Smallstep, has spent the last several years successfully grappling with security issues in distributed software environments. He was previously the CTO of Betable, and lead architect of SimpleGeo, where he tackled identity and consistency issues in the trenches. He’s also a cited research author, known for his paper on cybersecurity policy in the Canadian Foreign Policy Journal.

Software security is becoming increasingly crucial as companies scale in our distributed, software-first world. As more software is built, more services, users, and devices are stitched together, and each connection must be secured via certificates to prevent the risk of a breach. Certificate management is a hugely time-consuming and expensive task for companies today, but Smallstep solves this problem with automation.

We’re beyond excited to deepen our partnership with Mike and the Smallstep team as they build the next great developer security company. Welcome to the BCV family, Smallstep!

Related Insights

How to Lower Your AWS Bill

AWS can quickly become the second largest expense for a company (after headcount). BCV Partner Aaref Hilaly and Momento co-founder Khawaja Shams share key habits that every company should be doing to lower its AWS bill at the growth stage.

Aaref Hilaly 1 min read
Business Building Infra Growth

Momento: Data Retrieval Doesn’t Have to Be a Pain in the “Cache”

There are two big movements in infrastructure software. One is open source, epitomized by Confluent and Mongo. These are projects that often incubate in large companies, or as hobbies for their talented founders, before blossoming into independent companies.  The other is “serverless”, which asks engineers to accept closed-source in exchange for ease of use, infinite…

Aaref Hilaly 3 min read
Spotlight Infra Seed

Large Language Models Will Redefine B2B Software

“We should partner with […]. They come up in 70% of our sales calls.” That’s what the new COO at one of our companies told us last week after her second week on the job. It stuck in my mind because only a few years back, it would have been impossible for her to know…

Sam Crowder 5 min read
Domain Insights Infra