Announcing Our Investment in Scytale

The Okta for everything other than humans

We’re excited to share news of our investment in Scytale, along with Bain Capital Ventures, Bessemer Venture Partners, and TechOperators. Phrases signaling the ineffectiveness of perimeter security have been in circulation for quite some time. I was fortunate to work at Forrester with John Kindervag, who was the early pioneer in reversing the age-old concept of “trust, but verify” with Zero Trust, and spent a number of years advising large enterprises on implementing Zero Trust as their security strategy. Since then, it’s been great to see the continued influence Zero Trust has had on the security community with many vendors aligning themselves with the philosophy.

The Team

Community played a powerful role in connecting us with Scytale. Brandon Philips, CTO of Work-Bench portfolio company CoreOS (which sold to Red Hat in 2018 for $250 million), introduced us to Sunil James in Fall 2017. We quickly learned and were fascinated by Scytale’s ambition to take the production infrastructure best practices from high tech organizations, like Google, Facebook, and Netflix, and enable all organizations to build distributed software in the same way. We knew this team of seasoned engineers hailing from AWS, Duo Security, Google, Okta, and PagerDuty could make this dream a reality and we were eager to join the ride. At the same time, the two open-source projects Scytale helps lead — SPIFFE and SPIRE — started making ripples. That’s because organizations from Pinterest to Uber to Square were encountering the same issues in securing distributed infrastructure, and sought to build upon an identity framework that was quickly becoming a de-facto standard.

The Problem

As enterprises adopt cloud infrastructure and emerging technology like containers and serverless, they quickly find their footprint spread across multiple platform-specific identity providers. Engineering teams are thus tasked with implementing workarounds for identifying and authenticating applications or services, usually at the expense of security or development velocity, or even blocking cloud migration efforts. Existing IAM products don’t make the cut when it comes to securely connecting these new workloads. Consider the problem of authenticating between an application built in the cloud and an on-prem database that supports only Kerberos.

The Product

Scytale Enterprise alleviates today’s pain of uniformly identifying software services within and across an enterprise, allowing customers to easily extend their existing hardened authentication controls to any dynamic platform that they adopt. Built upon the SPIFFE and SPIRE open source identity framework, Scytale delivers unified identity management and access control for hybrid IT environments.

  • Describe policies using multiple factors. Authentication policies can be robust and include factors such as “can we affirm the integrity of the machine it runs upon?” or “has it been signed by the CI/CD pipeline?”
  • Deliver credentials from any identity provider to all platforms. Enterprises are an amalgam of old and new. In order for these services to work together support for technology like Active Directory and Kerberos across these multiple environments is crucial for Fortune 500 buyers.