From Infrastructure to Enterprise: How Smallstep Transformed Certificate Management into a 7-Figure Business

Learn how Smallstep evolved from an open-source infrastructure tool to a seven-figure enterprise business. Discover their unique approach to monetization and scaling in the security infrastructure space.

Written By: supervisor

0

From Infrastructure to Enterprise: How Smallstep Transformed Certificate Management into a 7-Figure Business

From Infrastructure to Enterprise: How Smallstep Transformed Certificate Management into a 7-Figure Business

Converting open-source infrastructure tools into enterprise businesses isn’t just about adding a paywall – it’s about fundamentally rethinking how complex technology can solve real business problems. In a recent episode of Category Visionaries, Mike Malone shared how Smallstep navigated this challenging transformation.

Finding the Enterprise Gap

The journey began with a critical observation about the changing nature of security infrastructure. “People don’t have just like a dozen internal certificates anymore,” Mike explains. “They have their kubernetes and their service meshes and their databases and all their VMs and microservices and Kafka and Elkstack.” This shift in scale and complexity created an opportunity that traditional certificate management tools weren’t addressing.

Building the Foundation

Rather than creating entirely new technology, Smallstep focused on making existing security infrastructure more accessible. The challenge was significant – as Mike notes, “certificate asymmetric cryptography, all this security stuff seems like it’s an area that a lot of smart software engineers shy away from and maybe don’t specialize in. It feels very baroque and obscure, and a lot of the tooling hasn’t helped with that.”

The company started with open-source tools for certificate management, but with a crucial difference: they designed these tools specifically for modern development practices. This meant addressing what Mike identifies as the core challenge: “securing distributed systems in the context of modern software development… with Kanban and sort of that pace and scale of development, microservices like layering on security and having real strong security guarantees and compliance guarantees without breaking all of that sort of modern technology.”

The Monetization Strategy

Smallstep’s approach to monetization reveals important lessons for infrastructure startups. They built a commercial model spanning “from a free tier all the way up to a million dollars a year” with “over 100 customers taking advantage of various scale offerings.” This flexibility allowed them to serve different market segments while maintaining their open-source commitment.

However, Mike is candid about the challenges of the open core model: “it’s a marketing asset and it’s a feature for some enterprise customers to have an open source, an open core.” He notes that while open source can help with enterprise sales by “derisking from sort of a vendor lock in perspective,” it also means you’re “competing with yourself” and risk “anchoring people from a pricing perspective at zero.”

Building the Enterprise Motion

The company’s growth into enterprise sales wasn’t just about adding features – it was about solving fundamental business problems. Their commercial offerings focused on “delivering sort of the enterprise level capabilities around identifying things that need to be secured, seeing when there’s a lapse in policy or compliance in your security program, assigning tasks and noticing where really giving that observability visibility and summary view.”

The results speak to the effectiveness of this approach: “millions of open source downloads” and “dozens of Fortune 500 are on our website reading docs for open source.” More importantly, they’re now “selling six and beginning to sell seven figure deals.”

Looking Forward

Smallstep’s vision extends beyond just converting open source users to paying customers. Mike sees the company evolving towards making “enterprises and large software systems and the Internet as a whole is more secure and safer for everybody.” This broader mission helps frame their commercial offerings not just as enterprise features, but as essential tools for achieving better security at scale.

The Smallstep story offers valuable lessons for infrastructure founders: focus on making complex technology more accessible, build flexible commercial models that can grow with customers, and frame enterprise features around solving real business problems. Most importantly, don’t just add enterprise features – rethink how your technology can fundamentally improve how businesses operate at scale.

Leave a Reply

Your email address will not be published. Required fields are marked *

Write a comment...