Redefining Categories: How Smallstep is Transforming Traditional Certificate Management
Sometimes the biggest opportunities aren’t in creating entirely new categories, but in fundamentally reimagining existing ones. In a recent episode of Category Visionaries, Mike Malone revealed how Smallstep is transforming certificate management from a niche IT function into a core infrastructure component for modern distributed systems.
Identifying the Category Gap
The traditional Certificate Lifecycle Management category, as Mike explains, “does not really capture what we’re doing.” This isn’t just marketing speak – it reflects a fundamental shift in how modern software systems operate. Traditional certificate management was built for a world of “a dozen certificates that renew annually,” but today’s reality is dramatically different.
The Scale Revolution
What makes this category transformation necessary isn’t just technical evolution – it’s a massive shift in scale. Mike points out that “people don’t have just like a dozen internal certificates anymore. They have their kubernetes and their service meshes and their databases and all their VMs and microservices and Kafka and Elkstack.” This means “we’re not talking about a dozen certificates that renew annually, we’re talking about a million certificates that renew hourly or every five minutes even.”
Bridging Two Worlds
The challenge wasn’t just technical – it was about bridging two different approaches to software development. As Mike describes it, the core problem was “securing distributed systems in the context of modern software development… with Kanban and sort of that pace and scale of development, microservices like layering on security and having real strong security guarantees and compliance guarantees without breaking all of that sort of modern technology.”
Making Complexity Accessible
A key part of their category redefinition strategy was making complex technology more approachable. Mike notes that “certificate asymmetric cryptography, all this security stuff seems like it’s an area that a lot of smart software engineers shy away from and maybe don’t specialize in. It feels very baroque and obscure, and a lot of the tooling hasn’t helped with that.”
Building Enterprise Trust
Their commercial strategy focused on “delivering sort of the enterprise level capabilities around identifying things that need to be secured, seeing when there’s a lapse in policy or compliance in your security program, assigning tasks and noticing where really giving that observability visibility and summary view.” This approach positions certificate management not as a technical necessity, but as a strategic business tool.
The Market Response
The market has responded positively to this category redefinition. With “millions of open source downloads” and “dozens of Fortune 500 are on our website reading docs for open source,” Smallstep has clearly struck a chord. More importantly, they’re now “selling six and beginning to sell seven figure deals.”
Looking Forward
The company’s vision extends beyond just modernizing certificate management. Mike sees Smallstep evolving towards making “enterprises and large software systems and the Internet as a whole is more secure and safer for everybody.” This broader mission helps position their technology not just as a better version of existing tools, but as a fundamental component of modern security infrastructure.
Their journey offers valuable lessons for founders looking to transform established categories:
- Identify fundamental shifts in how technology is used
- Focus on order-of-magnitude improvements
- Bridge existing practices with new requirements
- Make complex technology more accessible
- Position technical capabilities in business terms
The key to Smallstep’s success in category redefinition wasn’t just building better technology – it was understanding how changes in modern software development created the need for a fundamentally different approach to security infrastructure. For founders tackling established markets, their story shows that sometimes the biggest opportunities come from reimagining existing categories rather than creating entirely new ones.