Before an enterprise can bring a new cloud or software container-based application online, it must implement mechanisms to ensure that the service will run securely, which takes a great deal of time and effort. San Francisco-based Scytale Inc. is working to streamline the task.

The startup today announced that it has closed a $5 million funding round led by Bessemer Venture Partners with participation from Bain Capital, TechOperators and Work-Bench. The investment follows a $3 million seed round in 2018 that was also led by Bessemer.

Scytale has developed a pair of open-source tools, Spiffe and Spire, for handling one of the most important aspects of application security: authentication. Before two services can establish a connection, they must mutually authenticate themselves to ensure they’re not sending information to an unauthorized party. This is easier said than done given the increasing complexity of enterprise infrastructure.

The average company runs applications on at least three different cloud platforms, according to a recent Flexera Software Inc. study. Some of those applications might be traditional workloads, while others may be deployed inside software containers. Performing authentication between two services running on different clouds, or between a container-based cloud application and an on-premises database, requires overcoming significant technical differences.

Spiffe and Spire provide features for automating the work involved in developing cross-platform authentication workflows. Scytale also offers a commercial bundle called Scytale Enterprise, which it unveiled today, that provides these features in a more easy-to-use package.

Scytale claims that the product reduces weeks of development to as little as a few minutes. It can perform authentication across cloud, on-premises and container environments, enabling companies to standardize the verification workflows of their various applications on a single platform. A visual management console makes it possible create custom security policies for each workload. 

Administrators can, for instance, configure Scytale Enterprise to periodically refresh the cryptographic token with which an application authenticates itself. The platform can assess the infrastructure on which a service runs as part of the verification process to further increase security. In the background, Scytale Enterprise logs key details about the authentication workflow and the application itself to let companies check that their security policies are up to standard. 

Scytale will use its new $5 million in funding to start building out a customer base around Scytale Enterprise.

Photo: Unsplash