HPE acquires Scytale to strengthen edge-to-cloud security

4 Feb 2020

Image: © Andrei/Stock.adobe.com

Hewlett Packard Enterprise said it is acquiring Scytale as there is increasing consumer demand for autonomous and secure edge-to-cloud architecture.

On Monday (3 February), Hewlett Packard Enterprise (HPE) announced that it has acquired San Francisco-based Scytale to advance the company’s open, secure, edge-to-cloud strategy.

Scytale was founded in 2017 by a group of engineers from cloud-native enterprises such as Amazon Web Services, Duo Security, Google, Okta, PagerDuty and Splunk. The start-up helps enterprise security engineering teams standardise and accelerate service authentication across cloud, container and on-premises infrastructures.

In a statement, Dave Husak, general manager of HPE’s ‘cloudless initiative’, said: “This team of experts in cloud-native security and zero-trust networking is also recognised as the founding contributors of the Secure Production Identity Framework for Everyone (SPIFFE) and SPIFFE Runtime Environment (SPIRE) open-source projects to the Cloud Native Computing Foundation.”

SPIFFE and SPIRE

HPE said it is “fully-committed” to continuing Scytale’s stewardship and contributions to SPIFFE and SPIRE. It added that these projects will play a fundamental role in HPE’s plans to deliver a “dynamic, open and secure edge-to-cloud platform”.

According to HPE, SPIFFE and SPIRE “form the backbone” for scalable, seamless service authentication. The company said that these projects are “poised to become the de-facto standards for identifying and securing enterprise workloads across the cloud, container and on-premises infrastructure”.

Husak added: “This is evident in the scale and prominence of the organisations that have already engaged the Scytale team in their production SPIRE deployment plans and in their adoption of SPIFFE Verifiable Identity Documents (SVIDs) as the means to convey workload identity within their respective frameworks.”

The company said that it sees many opportunities to leverage SPIFFE and SPIRE across the HPE portfolio, claiming that this kind of cryptographic-identity technology will play a “critical role” in enterprise-scale digital transformation, cloud-enablement and cloud-migration projects.

Innovating zero-trust systems

HPE added that there is an increasing demand from customers for a seamless edge-to-cloud architecture and experience that is autonomous, open and secure.

Husak wrote: “However, legacy and proprietary security models have failed to scale and keep pace in an ecosystem that is increasingly API-driven, containerised, dynamic and spans from edge to cloud.

“Over the years, HPE has earned a reputation as the world’s leading provider of trusted computing, and has invested significant R&D in innovating highly secure, zero-trust systems. HPE was the first vendor to put silicon-based security, the ‘silicon root of trust’, into its industry standard servers, addressing firmware attacks, which are one of the biggest threats facing enterprises and governments.”

Supporting open source

As the company enters its new agreement with Scytale, HPE said that every organisation that operates in a hybrid, multi-cloud environment requires 100pc secure, zero-trust systems that can “dynamically identify and authenticate data and applications in real time”.

Husak said: “We are thrilled to bring onboard to HPE the talented and proven team from Scytale, and co-founders Sunil James, Emiliano Berenbaum, and Andrew Jessup, leading figures in the open-source movement.

“This acquisition also represents HPE’s ongoing transformation, part of which is to embrace and contribute to open-source projects in the Cloud Native Computing Foundation and elsewhere. Our goal is to deliver services and products that advance these developments, and provide our customers and partners with the fastest possible path to application modernisation.”

Husak added: “This acquisition will provide our customers and partners the freedom to design, deploy and achieve their IT operation goals, regardless of supplier or location, with the same level of trust that was previously achievable only through proprietary network-security schemes.”

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com