Andrew, Emiliano, and I founded Scytale in 2017 to help enterprises secure their ever-changing IT environments. Our work would enable our customers' customers to pay their mortgages, communicate with their families, and share photos of newborn babies just a little easier and safer. I'm happy to say we are moving into a new phase of realizing this vision ... by joining Hewlett Packard Enterprise (HPE).
Before we discuss the future, let's talk about the past ...
In December 2016, security engineers from Cisco Systems, Dropbox, Google, Netflix, Salesforce, and Twilio gathered at Netflix HQ in Los Gatos, CA, to share experiences in building 'zero-trust (ZT)' systems. ZT in 2016 was novel in many ways, having seen some academic discussions, few practical applications, and no general-purpose tools.
As more organizations embraced hybrid cloud, multi-cloud, containers, and edge computing, ZT's value became more apparent. Organizations invested in ZT were better prepared to scale their astronomically growing IT infrastructure without being as taxed by security, compliance, and complexity as their competitors. So enamored of ZT were these organizations' software engineers that they often lovingly referred to ZT as 'dial tone,' i.e., something so fundamental yet completely forgettable.
The Los Gatos 'crew' also discussed a conference whitepaper that pitched ZT in the form of something called the Secure Production Identity Framework for Everyone (SPIFFE). The concept was to create an open standard (and toolchain) that made service identity ubiquitously available to all enterprises, not just to silicon valley behemoths like Google and others.
As such, we started Scytale in 2017 to make SPIFFE a reality. We believed openness would breed success - SPIFFE could only succeed as open, community-driven projects, surrounded by a thriving ecosystem. We first released SPIFFE in December '17, with the Cloud Native Computing Foundation (CNCF) adopting the project a few months later. Since then, technologies such as Istio, Consul, Network Service Mesh, and more have incorporated SPIFFE. Organizations such as Bloomberg, ByteDance, Huawei, Pinterest, Square, TransferWise, and Uber have committed significant resources to the project, and we see SPIFFE deployed at even higher degrees of scale. We also see SPIFFE used for new use cases - such as authenticating to public clouds like Amazon Web Services, or databases like MongoDB, MySQL, and PostgreSQL.
During this time, we methodically built our team, too. We brought on people from Google, Netflix, Okta, PagerDuty, and Splunk, where ZT and network security are part of the infrastructure 'DNA.' We also hounded prospective customers, studying their challenges and how to best make ZT accessible and useful to them, their customers, and their partners.
So why the change?
Early in Scytale's history, I met Antonio Neri before he became HPE's CEO. Our discussion left me with a strong understanding of the company's deep roots in helping customers bridge complex and ever-changing enterprise IT infrastructure. This understanding was reinforced last year when I met Dave Husak and Dave Larson (I call them 'the Daves'), two leaders within Hewlett Packard Labs. They impressed me with their clearsightedness as to the importance of ZT to HPE customers, citing that every HPE ProLiant Gen10 server shipped with an embedded silicon root of trust. This silicon verifies the integrity of the server and installed firmware - a critical foundation for any credible ZT solution.
I further observed HPE was compiling experts (through their Cape Networks, Cray, and Plexxi acquisitions) to tackle hybrid and multi-cloud connectivity under the Cloudless Computing banner. As time progressed, it became more apparent to me how directionally aligned Scytale and HPE were.
Scytale's DNA is security, distributed systems, and open-source. Under HPE, Scytale will continue to help steward SPIFFE. Our ever-growing and vocal community will lead us. We'll toil to maintain this transparent and vendor-neutral project, which will be fundamental in HPE's plans to deliver a dynamic, open, and secure edge-to-cloud platform.
Looking back, I couldn't be more proud of what we accomplished. Whether measured by the technology we built, the team we assembled, or the reach of our work, we exceeded the expectations of many. With HPE now in our corner, I expect we'll only continue this trend. I can't wait to see what the future holds.
On behalf of my co-founders, thank you for being with us on our wild ride. We're forever grateful.
- Sunil James, February 2020