Cloud Native / Security

HPE Buys into Cloud Native Service Authentication with Scytale Acquisition

3 Feb 2020 3:20pm, by

In a move to capture an important piece of the emerging cloud native computing market, Hewlett Packard Enterprise has acquired service authentication technology provider Scytale, the two companies announced Monday.

Scytale’s engineers are the founding contributors of the SPIFFE (the Secure Production Identity Framework for Everyone) framework for identity management, as well as the related runtime environment SPIRE (the SPIFFE Runtime Environment), two open source projects that they’ve donated to the Cloud Native Computing Foundation. Scytale was founded in 2017 to offer an enterprise-grade version of the software.

“We’re still going to be actively working on SPIFFE/SPIRE, and they are going to remain CNCF (ie. vendor-neutral) projects,” wrote Scytale cofounder Andrew Jessup, in a tweet.

SPIFFE and SPIRE are poised to become a cornerstone in cloud native computing, which tends towards a distributed microservices architecture where many components are in constant communication with one another. As such, the services need a mechanism to validate the authenticity of the messages — a role SPIFFE defines and SPIRE can enforce. Most existing authentication systems are oriented more towards authenticating end-users, rather than services, and they are ill-equipped for the dynamic, highly-scalable natures of cloud native systems.

The SPIFFE framework was built from the principles of zero trust systems, in which security is based on end-points and proper authentication, rather than on a central firewall of sorts.  “As more organizations embraced hybrid cloud, multicloud, containers, and edge computing, [Zero Trust]’s value became more apparent. Organizations invested in [Zero Trust] were better prepared to scale their astronomically growing IT infrastructure without being as taxed by security, compliance, and complexity as their competitors,” wrote Scytale co-founder Sunil James, in a blog post on the acquisition.

The specification and software have subsequently been used by a number of other companies in the cloud native space, including Portshift.

HPE will continue to work on the two projects, as well as use them for its own planned “dynamic, open, and secure edge-to-cloud platform,” according to the company’s press announcement.

HPE itself recently launched its own Kubernetes-based HPE Container Platform, which the company claims is the “industry’s first enterprise-grade container platform for cloud-native and distributed non-cloud native applications.” For this package, it drew from two other acquisitions, open source data analysis software providers MapR and BlueData.

Terms of the deal were not disclosed.

The New Stack Analyst Lawrence Hecht contributed to this post. 

CNCF is a sponsor of The New Stack.

Feature image by jacqueline macou from Pixabay.

A newsletter digest of the week’s most important stories & analyses.