HPE Bolsters Cloud-Native Security Expertise With Scytale Acquisition

HPE is a company that I follow very closely. The infrastructure, edge and now hybrid cloud company has really differentiated itself over the past several years with its very serious approach to infrastructure security (see more background here if interested), which, for HPE, starts all the way down at the hardware level. HPE was an early pioneer in silicon-based security, putting its “silicon root of trust” in its servers to shore them up against the very serious threat of firmware attacks. Hardware security isn’t everything HPE does though; earlier this month HPE announced its acquisition of Scytale, a firm comprised of cloud-native security and zero-trust networking experts, which HPE says will advance its open, secure edge-to-cloud strategy. Let’s take a closer look at what Scytale brings to the table and what this acquisition means for HPE.

Team of experts

In 2017, a group of experienced engineers from cloud-native business such as AWS, Google, Duo Security, Okta, PagerDuty and Splunk came together to launch Scytale. In an increasingly broad, dynamic, containerized and API-driven world, the traditional proprietary security models that have dominated the industry simply have been unable to scale and keep up. Scytale was founded for the purpose of helping enterprise security teams standardize, streamline and accelerate their service authentication capabilities across all realms of infrastructure—cloud, container, and on prem. For an undisclosed sum, this acquisition will bring onboard the Scytale team, including its co-founders, open source luminaries Sunil James, Emiliano Berenbaum and Andrew Jessup.

Perhaps the significant part of Scytale’s resume, to HPE’s interests, is the fact that it was a founding contributor to both SPIFFE (the Security Production Identity Framework for Everyone) and SPIRE (the SPIFFE Runtime Environment), both of which are open source projects within the Cloud Native Computing Foundation.

I believe SPIFFE and SPIRE are integral components for the future of scalable authentication, and, by virtue of their size and prominence, are likely to essentially become the standards by which all enterprises identify and secure their workloads throughout the cloud, container, and on-prem environments. HPE says that upon acquisition it fully plans to continue Scytale’s involvement and efforts in these crucial open-source security projects. Furthermore, the company says it sees a multitude of opportunities in which to leverage SPIRE and SPIFFE across its entire portfolio, emphasizing these projects’ utility in accelerating their customers’ digital transformation and cloud migration projects.

Wrapping up

My take? Overall, this plays nicely into HPE’s shift in the last several years towards an embrace of open source, and its support for initiatives such as the Cloud Native Computing Foundation. In this way, it’s a nice follow up to the company’s Kubernetes-Certified Container Platform, launched last year and built on its acquisition of MapR and Blue Data. I think all this investment in open-source software companies and IP is a wise strategy for HPE, and makes sense within the context of the company’s stated goal to offer its entire portfolio as-a-Service by the year 2022. I’ll continue to watch with interest.

Note: Moor Insights & Strategy writers and editors may have contributed to this article.