The Platform

Coming up next! (The Great Balancing Act)

September 15, 2021 Nalta
The Platform
Coming up next! (The Great Balancing Act)
Show Notes Transcript

THE PLATFORM: THE GREAT BALANCING ACT

It is becoming increasingly important to use specialized security solutions. In this masterclass we will update you with Jasmit Sagoo from Auth0. He is a specialist in the field of identity and access solutions.

How do you secure an online platform and keep it easily accessible? How do you apply the available security standards to your environment? How can you quickly implement an I&A solution and create a scalable solution at the same time? In the Platform podcast series The Great Balancing Act, Jas Sagoo, Head of Solutions Engineering, international @ Auth0 and Mike Veldhuis, Partner @Nalta, will dig into these topics. Listen to learn and for a bit of fun too!

Want to know even more and ask your own questions? Then register for the (English) online Masterclass, with by Mike & Jas

Episode Notes

The Platform Website: https://www.nalta.com/theplatform

The Platform on Youtube: https://www.youtube.com/naltatube

All Nalta Blogs: https://www.nalta.com/blog

Host, Mike Veldhuis
https://www.nalta.com/mikeveldhuis

Guest, Jasmit Sagoo
https://www.linkedin.com/in/jasmit-sagoo/

Mike Veldhuis:

You are listening to the Platform. A podcast to learn about our digital worlds. I am Mike Veldhuis, partner at Nalta.com.

Jas Sagoo:

Hello, I'm Jas Sagoo. And I'm head of solution engineering and professional services at Auth0 International.

Mike Veldhuis:

Welcome listeners to episode number 11 of the platform and presenting this episode together with Jas. Welcome back Jas.

Jas Sagoo:

Hey, Mike, good to see you again.

Mike Veldhuis:

Yeah, great fun already episodes number three and a little bit compared to the episodes I had with Ed Macosky, we're gonna look at the future of authentication of identity management, which is great fun. But before we do that, I really, really, really want to talk about how you do you actually implement a solution like Auth0. This is something I would like to talk with you about at this first part of this episode. Jas.

Jas Sagoo:

Great question. Mike. Look, you know, the goal around Auth0 is that we want to try and implement and integrate the platform with, you know, a customer's application within 30 days.

Mike Veldhuis:

30 days. Yes. Okay.

Jas Sagoo:

And why say 30 days is because, and I'm saying this because, you know, it could be could be simple and advanced use cases. But just to give you an example, if you have a standard application, like for example, a single page application, we have all 50 SDKs. and using leverage of the SDK, you can integrate the login page within four minutes.

Mike Veldhuis:

Okay, so to understand this correctly, a customer or a listener to this podcast, has a platform. And he is using, for instance, Salesforce. And he is using maybe a custom made application. And he wants to have a portal, he wants this front door to his environment. And you're telling me that is done in a sec.

Jas Sagoo:

It is done in four minutes. Yes, because we have all that we have all the SDKs we have all the snippets of code, we have all the necessary information that you need, you have to create an integration. Now, there may be instances where we don't have an SDK for a very, you know, I would say extremely bespoke application. But still, I would say, under a couple of hours, you have the login box integrated. That's how quick we can do it.

Mike Veldhuis:

Yeah. I learned a lot about the solution, because we implement it and we have discussions with customers. And there happened something very recently that you merged with Okta. Right.

Jas Sagoo:

Correct.

Mike Veldhuis:

And we have not spoken about this in the previous two episodes. Listeners, we didn't talk about this in our rehearsal, or the script, but it just popped into my mind. The difference between the two solutions and how they complement each other. Because what we've been talking about is really talking about the more developer side of authentication, right, and that's the space where Auth0 sits. And that's really different to what Okta does.

Jas Sagoo:

Correct. So, let me try explain. So, Okta is is a very well established organization to provide identity and access management solutions, both for the workforce right and for sign. Octa focuses on a different audience, right the audience for the Okta platform is an audience who prefer the integration to take place through configuration, and that configuration starts mostly on the workforce side. So if you look at any enterprise organization, they have you know, they could range from 10s to hundreds or 1000s of enterprise applications. And all they want is the ability to have single sign on and manage their users very easily and also integrate with these applications very quickly. And all the rules and all the other flows and so on need to be done in a very configurable manner. Not code so if you look at IT, IT like configuration, they don't like coding.

Mike Veldhuis:

Okay, that's the main difference. Yet, I realized that we should mention Okta, because in the example I gave you was like, your tailor made application and Salesforce, which is a typical environment, most of the time, a little bit more complex, where you would find an Auth0 like, or an Auth0 solution. To make it even more specific, what kind of use cases do you see? Are you exposed to every day that customer face? Where are you are very successful with this solution, your Auth0 solution?

Jas Sagoo:

Yeah. So Mike, so I'll connect this before, again into the when you asked me how, what about integration and deployment of Auth0? So then use cases that tell you nine out of 10 times is, we have developers building applications, right? The login box, or the front door is the last thing on their mind, right? And they realize, Oh, God, we've got literally two months to go live. And we haven't done this. So so they come up, come to us quickly, and they say, How can we quickly integrate an identity and access management solution? So that's first that's, that's the use case, they need need to do something very quickly. And the need to kind of use the code, you know, to go and build integration. So that's the first thing. The second thing, Mike, that we didn't talk about. And I talked about, you know, the login box happens in four minutes. But the other thing that's important is, you know, how do you mind sometimes there's an existing solution in place existing users? How do you migrate those? Yeah. So this is the other use case that Auth0 is really good at is how, you know, we provide very flexible ways of migrating those users.

Mike Veldhuis:

What would be the source of where you migrate from, is that like an active directory or something like that,

Jas Sagoo:

it could be something like that. Or it could be just a, you know, database with usernames, users and password username and passwords, it could be another identity and access management solution on prem. So it could be it could be a lot of these solutions. We provide all the hooks and all the ways to integrate into these and pull the users across into Auth0. Now, Mike, here's where the magic happens. We can do, you can do the migration scenario,

Mike Veldhuis:

if you're listening to the podcast, you can actually see him smile, which is funny.

Jas Sagoo:

Because I am really excited about this stuff, because it's so clever. So we could we could do is we could migrate the users all at once. But what we could also do something called lazy migration. So which means that once you've migrated users, or once you migrate your users, as they log in into your app.

Mike Veldhuis:

As they use the application, right? It's like a proxy in between?

Jas Sagoo:

Correct. So it means no password resets, you know, no disturbance, the user experience is completely seamless.

Mike Veldhuis:

Oh, wow. Yeah, I do remember, these kinds of solutions in the storage world where you buy a new storage solution. And it's, it sits in the path to the old storage, and every, every time you touch data, it's it's being migrated in the background. But actually, I didn't notice that it actually happened in the Auth0 solution as well, which is awesome. You might be on my days at EMC. Okay, cool. Is there? Could you share any numbers about the the adoption of like, more like the the Buy kind of solutions, the Buy solutions, Auth0? Is there a stark trend? are you growing fast?

Jas Sagoo:

So, recently, we did a survey. And what the survey looked at was the propensity for organization, to use the same identity solution for their second, third, fourth and fifth projects. And what we found was that, in the Buy use case, the experience and the propensity to, to use the same solution was increasing, okay. Whereas in the build, that was decreasing, because when you build the first time you're building for a specific application. Exactly the second application that they picked quite different. So we saw a kind of a reduce reduction in user experience, and in a propensity to use that same solution

Mike Veldhuis:

Makes sense. And that's even more increasing into the future, which is a great bridge to the second part of our discussion in this podcast is that is there. I would like to know what is going to happen in this world of identity management, what are the things that are going to happen in the future? And then I'm talking about the near future and maybe a little bit more distant future, but start with the near future? What what's what's coming.

Jas Sagoo:

So Mike everything that we do is probably all in this space is probably driven by the consumer and by the user. Right? And what i see all the users and consumers want, they want frictionless access to their services.

Mike Veldhuis:

I love that word frictionless.

Jas Sagoo:

Right. That's what they're looking for. Right? We all want frictionless, right? That's, that As humans, we lazy we don't we don't. We expect everything else, all the complicated stuff to be taken care of. And so you're asked me, What do you mean by frictionless? I'm talking biometrics. Okay, I'm talking passwordless. That's what I'm talking about. And in how you integrate into devices, biometrics, for example. So for example, you know, today laptops phones have had biometrics, how do you use those biometrics to access your application.

Mike Veldhuis:

But that's, for instance, I got my iPhone, and I use the camera to login. That's what's your talking about.

Jas Sagoo:

Right? Correct. So zero effort, because it's a trusted device. So that's gonna, you're gonna see an increase on that. But also, you'll see incredible, clever stuff coming out. So you know, if someone asked me the question of the day, what if someone used a picture? You know, for facial recognition, you know, usually clever stuff, like, you know, the, the software looking at waiting for someone to blink. So they know it's not a picture. So it's going to using all his clever, ways of, authenticating individuals, we look at gait and so on, of what gait, you know, how the person walks, for example, silly walk, like, Yeah, all over the world, for example, you if your front house, your door, right, you want to come in, you want a camera, you know, it recognizes that this is your style of walking and posture, it will open the door. So you'll see all this development coming very soon.

Mike Veldhuis:

Okay, cool. I actually, I'm not sure, maybe I'm wrong, but I saw an example. Usually, you log in, and you have your, your name and your password, and then your authenticator, your one time password, and they reversed it. So it's your login name, your one one time password, and then your passwords, they were doing all clever stuff. To lower the load on the security system itself. It's, it's, yeah, probably a fairly simple way of dealing with that kind of problems.

Jas Sagoo:

Yeah, it is. And and look, every use case is different. Every application is different, you know, and depending on all the services you're accessing, how how, are the valuable services. So, again, again, any identity solution should be able to give you a mixture, and a choice and option, which one you want to utilize during authentication.

Mike Veldhuis:

Okay. So we talked a lot about the authentication of the user to a system, we at Nalta love to build IoT solutions as well, and things have to authenticate as well. And then we have, of course, machines that are talking to each other, and there has to be some way of authentication as well. What's your view on that?

Jas Sagoo:

Look, this is going to be the area that we're gonna see the largest growth in without a doubt, right? You know, you're seeing the emergence of 5G right being launched, you're gonna see that kind of spreading throughout the industry, what you also see is edge devices, and so on. And all these IoT devices, these edge data centers, while they're gonna rely massively on is on, you know, the ability to do machine to machine authentication, because Mike, this is another opportunity for, I would say, for threads to increase if someone can mimic another machine, then you know, the gain entry into the system. So, therefore, machine to machine is not different, they need to be identified, they need to be authenticated and then authorized to access certain services. So, this is an area where we will see a lot of increase. So especially in the will also in the domestic home, heating systems, cameras, sprinkler systems, they these are all examples of machine to machine and you will see an accelerated hypergrowth.

Mike Veldhuis:

And we have becoming more and more dependent on it. We already talked about that. And it's really sensible data that we're talking about. So it makes sense to protect it. This is really inspirational. I think this topic we should talk about a little bit with a little bit more depth in the masterclass that we're going to organize to seventh of October, and I expect people to ask questions about this because it's tangible. And on the other hand, it's like, what is happening, we are aware that we have to protect, but what is the best way to do it and what kind of risks are there?

Jas Sagoo:

So one quick point on that on that we probably can touch on the masterclass is, the maintenance of IoT devices, sometimes, you have you have the ability for machine to machine but sometimes you need a human engineer to access these for maintenance purposes. So, again, we need to talk about, the authorization levels authentication is one thing, the authorization levels, how engineers will gain a different level of access to those edge devices and IoT devices. So again, we can talk about protocols. We have talked about all the depth in the master class.

Mike Veldhuis:

Thank you. Thank you so much. Jas. We're already at the end of Episode Number 11. And if you're watching on YouTube, you probably recognized it. Or saw it when you're listening to the podcast, obviously not. But I chose a background and we like two fire houses it is like crazy. It sounded like a great idea but yeah, we'll recover in the final episode, episode number 12, where we're going to talk about the great balancing act. Thank you, Jas. Thank you, listeners. See you next time.