Why We Invested In Smallstep: Taking The Headache Out Of Certificate Management

3 min read April 28, 2022
Spotlight Infra

by Enrique Salem

Software is increasingly becoming an interconnected web of microservices, containers, and endpoints. The connections between each of these components can be compromised, creating potential security risk. The rise of cloud computing, distributed systems, and remote work has only accelerated these trends. To ensure that software is built securely and reduce the surface area open to potential breach, companies use certificates to identify software services, devices, and users.

Certificates are credentials used to secure network connections, including the HTTPS connection our browsers establish with web servers, SSH connections between developers and remote environments, and mutual TLS connections within enterprise architecture. Today, managing these certificates is a lengthy, manual process, without auditing or observability when things go wrong. Because certificate management gets more painful as companies get bigger and ship more software, some companies compromise on certificate coverage, leaving themselves and their users at risk.

Today, Bain Capital Ventures is thrilled to announce our participation in a $26 million combined Series A and seed round in Smallstep, the leading open-source certificate management toolchain for cloud and DevOps. We are joined by our friends at Boldstart Ventures, Accel Partners, Upside Partnership, and StepStone Group in this exciting investment.

Smallstep’s open-source platform makes it fast and easy to get started with a certificate authority, administer and automate client certificates, and inspect access tokens. Smallstep scales to millions of identified identities, reaching every workload, device, and user interacting with software. Regardless of the company’s deployment model, whether it be in Kubernetes, on-premise, or across clouds, Smallstep helps developers embrace zero-trust security principles with short-lived, automatically maintained certificates, rather than manually managing long-lived, stale certificates.

But while Smallstep’s technology is incredibly sophisticated, we never invest purely in technology, no matter how groundbreaking. At BCV, we invest in teams, and Mike Malone, the founder behind Smallstep, has spent the last several years successfully grappling with security issues in distributed software environments. He was previously the CTO of Betable, and lead architect of SimpleGeo, where he tackled identity and consistency issues in the trenches. He’s also a cited research author, known for his paper on cybersecurity policy in the Canadian Foreign Policy Journal.

Software security is becoming increasingly crucial as companies scale in our distributed, software-first world. As more software is built, more services, users, and devices are stitched together, and each connection must be secured via certificates to prevent the risk of a breach. Certificate management is a hugely time-consuming and expensive task for companies today, but Smallstep solves this problem with automation.

We’re beyond excited to deepen our partnership with Mike and the Smallstep team as they build the next great developer security company. Welcome to the BCV family, Smallstep!

Related Insights

Jamstack and Modern Web Dev

All areas of infrastructure software change rapidly, but perhaps none of them quite as quickly as the web development stack. The rate of innovation in other categories of infra can be limited by a few things, including relative technical depth (e.g. databases) or reluctance in depending on new players (e.g cybersecurity). Web dev tools, on […]

Sam Crowder 4 min read
Spotlight Infra

BCV Leads $105M Series C In Docker: Enabling Modern Software Teams To Ship Quickly And Securely

By Enrique Salem, Partner at Bain Capital Ventures Today, BCV is excited to announce our Series C investment in Docker, the leader in container packaging, distribution, and security. These activities are so core to a software developer’s process that we expect Docker to become one of the generational companies in the space. Docker exploded onto the scene in March […]

Enrique Salem 3 min read
Spotlight Infra

A (Recent) History of Batch Data

One of the most interesting shifts in technology began twenty years ago with Google’s release of MapReduce, a programming model and reference implementation for distributed processing of big datasets on clustered computers. Throughout the 20th century, most cutting edge technologies coming out of the US were either invented or made viable in government research labs. The […]

Sam Crowder 5 min read
Spotlight Infra