Smallstep takes a big step towards authenticating machine-to-machine communications

- Advertisement -

small step Founder and CEO Mike Malone calls large distributed systems his happy place, but these systems require a lot of machine-to-machine communications, and identity providers haven’t been able to solve that problem. The central problem is that when there is no human involvement, how do you authenticate machine-to-machine handover to make sure it goes to the right place?

- Advertisement -

“In essence, identification in distributed systems is an unsolved problem. So all these different components that need to interact with each other have to identify each other in the same way as a person visiting a website,” Malone explained.

- Advertisement -

“All of these connections need to be mutually authenticated, which means you have to identify and issue credentials and manage credentials for everything — and that’s the problem we’re trying to solve,” he said.

Malone’s solution involves using certificates, the same concept as websites, to pass credentials between systems. Smallstep provides an open source solution for creating and managing these certificates at scale, as well as a commercial version where they manage the underlying infrastructure for the customer.

- Advertisement -

The company was launched in 2016 and launched its first open source product a couple of years ago. He said that it was not easy to solve this problem and they spent time creating it and developing the open source community.

“The open source part is the underlying technology. So, if you want to issue certificates, and especially if you want to follow current best practices, our open source solution is really built to cater for those short-term certificates that are automatically provisioned, automatically rotated,” he said.

He says the open source part is critical because he believes that everyone should have access to this underlying technology from a philosophical point of view. The commercial part comes into play when companies want or need someone else to manage the underlying infrastructure.

The company currently has 17 employees and plans to double that number next year. By adding employees, he wants to create a diverse organization, but admits that as someone rooted in Silicon Valley, it’s hard to just not tap into his network. However, he is looking for best practices to break this vicious circle.

“We don’t ask people to work for free, and we don’t have stupid programming problems. We are not looking for unwarranted experiences. I think our hiring philosophy is: Are you smart and passionate, and do your passions match our needs? And if all this is true, then you thumbs up, ”he said.

Being part of the open source community definitely helps as well, as does being mostly remote, which he says he didn’t actually take before Covid, but the pandemic has changed his mind and allows him to hire from anywhere.

The company has received two tranches of funding so far: a $7 million seed tranche led by Boldstart and a $19 million Series A led by StepStone Group. Eliot Durbin, general partner at Boldstart, says Smallstep fills a big gap in the cloud.

“There is a big gap in the tools to secure enterprise infrastructure, and it’s only getting worse as cloud adoption accelerates. The Smallstep PKI tools shift that to the left by providing developers and operators with an “identity ready signal” that makes it much easier to implement zero-trust policies and view all their certificates in one pane,” Durbin told me.

Credit: /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox