Identity is replacing the password: What software developers and IT pros need to know

3 years ago 385

Identity and entree absorption is pushing exertion information past single-factor authentication (a password) and adjacent multi-factor authentication to a hazard absorption exemplary says Ping Identity CEO.

Identity and entree absorption systems are making it easier for bundle developers to unafraid their applications, for employees and customers to entree the tools and services they request and for companies to support their systems and data. On a caller occurrence of Dynamic Developer , I spoke with Andre Durand, Founder and CEO of Ping Identity astir however the changing scenery of individuality and entree absorption are affecting bundle development. We besides talked astir what it volition instrumentality for america to scope a "passwordless" world.

The pursuing is simply a transcript of the interview, edited for readability. You tin perceive to the podcast subordinate embedded successful this article, ticker a video supra oregon work a transcript of the interrogation below.

Bill Detwiler: So earlier we get started truly talking astir individuality and entree management, for those listeners and viewers who don't cognize Ping Identity, springiness maine a rundown connected the company.

Andre Durand: Well, Bill, truthful this full individuality happening has go truly important and it's due to the fact that you can't unafraid what you can't identify. And each of our lives present are being driven mostly integer successful a way. And each of these integer interactions impact america interacting with apps connected our phone, successful the cloud, astatine companies each implicit the spot and identity's relation is to marque definite the close idiosyncratic is accessing the close thing. So it truly is benignant of the instauration of this highly decentralized mobile satellite we unrecorded successful and the request fundamentally to tether unneurotic this full conception of due access.

Andre Durand, Founder and CEO, Ping Identity

Andre Durand, Founder and CEO, Ping Identity

Image: Ping Identity

So for ample enterprises, ample analyzable enterprises person precise blase multi-generational IT landscape's going successful immoderate cases each the mode backmost to the mainframe and beauteous overmuch everything successful between. And present they person information centers closing, apps doing the assistance and displacement to the cloud. And they're adopting caller SaaS applications present successful aggregate clouds. So, and they've got users present done COVID moving astatine home. So for this conception of however bash you alteration frictionless unafraid entree for employees? Identity is beauteous overmuch the linchpin. It's the alloy thread that is present holding unneurotic this caller paradigm wherever individuality has go the caller perimeter.

So what Ping does successful this equation is for the planetary enterprises, truly the largest 3,000 companies astir the world, we assistance those companies acceptable up a centralized, what we telephone authentication and authorization acceptable of capabilities to let users to authenticate to the endeavor and past summation entree to immoderate exertion oregon resource, nary substance wherever it's at. And for the endeavor to person power implicit what is appropriately authorized for them to access. So it's this full conception of individuality security.

And we bash that for employees, meaning workers who time successful and time retired person to powerfully authenticated, if you will, the endeavor to summation entree to everything that they request to bash to their jobs, arsenic good arsenic we bash it for customers. So large lawsuit experiences, however bash extremity users registry and past authenticate to each these products and services done their mobile phone, done websites, truly done the omni-channel. Securing that individuality and enabling frictionless experiences for each of these antithetic individuality types. Workers, employees, partners, and customers. We bash that for 62 of the Fortune 100. We support astir 2 and a fractional cardinal accounts globally, wherever apt present successful the US, 13 of the largest, 15 banks present successful the US, each spot Ping to a unafraid identity, unafraid their interactions.

SEE: Top 5 programming languages web developers should cognize (free PDF) (TechRepublic) 

How should bundle developers being reasoning astir individuality and entree management?

Bill Detwiler: It utilized to beryllium that enterprises would acceptable up Microsoft Active Directory and server. They would propulsion that retired there. And that's the mode that their employees would authenticate to the web and past they mightiness person passwords for assorted systems and applications, but with the determination to the cloud, and you alluded to this and the determination to everything arsenic a service, the scenery arsenic overmuch much complicated. And particularly erstwhile you're trying to integrate bequest systems, similar you said, mainframes with caller modern cloud-based systems, that gets truly complicated.

So you benignant of touched connected this, but I'd emotion to drill down connected it a small spot more, which is however should those radical who are looking astatine either gathering endeavor applications oregon looking astatine however they integrate each these applications together, however should they beryllium reasoning astir individuality and entree absorption to today?

Andre Durand: Well, the satellite was a small simpler backmost erstwhile everything was Windows and Active Directory was benignant of similar the default determination that we stored worker identities and passwords. And you would fundamentally authenticate done Windows Active Directory. And successful an each Windows on-prem world, we had azygous motion connected invisibly. It was called Kerberos backmost astatine the time.

But present the satellite is much distributed than that. And the power level has shifted, oregon the instauration has shifted from being benignant of similar a on-prem network-centric, AD-centered presumption of however we negociate individuality to, Hey, this individuality thing. It truly is larger and much cardinal successful a highly distributed satellite wherever each the things that we bash benignant of connected our desktop, if you will, and the apps that we person connected our desktop are present being mixed with tons of applications that are SaaS and successful the cloud.

And truthful truly what's happening is individuality is centralizing, but it's centralizing not astir Active Directory on-prem. It's present centralizing to a caller centerpiece oregon power level for each apps crossed the hybrid cloud . So some on-prem, the bequest stuff, arsenic good arsenic caller SaaS and applications that are moving into the nationalist cloud.

So I deliberation the archetypal happening to recognize is that from an endeavor perspective, this conception of having individuality embedded successful apps everyplace is not ideal, right? I mean, truthful if you're astatine a ample endeavor you're liable for protecting each the crown jewels and enabling due entree for each idiosyncratic to everything. What's the close model? Well, the close exemplary is to person a centralized authentication work that each your users, whether it's employees oregon partners oregon customers, they authenticate to that 1 thing, if you will. And past they summation entree to the applications done standards-based azygous motion on, caller standards that we've developed implicit the past respective years.

Without the standards based azygous motion on, that wasn't possible. It wasn't imaginable to abstract retired the authentication to thing that was cardinal and past summation entree to each the apps. But champion signifier present is done these federated unfastened standards and things similar azygous motion connected champion practices to centralize those.

 PingOne unreality  platform

Ping Identity: PingOne unreality platform

Image: Ping Identity

So that's the theme. Enterprises are present centralizing the services, abstracting them retired of the applications truthful that they tin make a accordant idiosyncratic acquisition for extremity users that isn't app by app, truthful to speak. There's 1 accordant acquisition for authentication and multi-factor authentication. And past it's benignant of invisible arsenic to however that integrates successful the backend with each these applications and services.

The aforesaid happening volition hap with authorization. We're not rather present yet. We're inactive successful the process of centralizing authentication. But I deliberation you person to look astatine it from the perspective, it's an extracurricular successful perspective. It says, what is the idiosyncratic acquisition that we privation employees to have, oregon the idiosyncratic acquisition we privation partners to have?

And you person to deliberation big, astatine an endeavor level. Is it a bully acquisition to person tons of fragmented experiences, oregon is it a amended acquisition to person one? And I deliberation if you look astatine the digitally autochthonal companies, truthful deliberation Apple and Google and Microsoft and Amazon. You don't person tons of Amazon accounts to entree Audible and Amazon store and Echo and Kindle. You person 1 Amazon relationship for each products and services. Same happening with Google. And ample companies are looking to recreate that. They privation streamlined, frictionless, secure, accordant experiences wherever users interact with the brand.

So I deliberation it's to truly admit the extremity idiosyncratic experience. We request to centralize this individuality acceptable of idiosyncratic experiences and however they interact with applications.

SEE: The champion programming languages to learn--and the worst (TechRepublic Premium)

What mistakes bash you spot companies marque erstwhile it comes to individuality and entree management?

Bill Detwiler: Yeah. And it reminds maine a batch of trends that we spot successful IT successful general. So we've talked astir the consumerization of IT for years now, and it truly is astir bringing the simplicity of that user acquisition into endeavor IT, and that's what you were talking benignant of the integer archetypal employees present truly expect. And honestly, myself, I expect that to. We each privation simplicity and it sounds similar solutions similar Ping, what you're truly trying to bash is marque it casual for the extremity user, obviously, but besides for those radical wrong the enactment who are gathering those apps arsenic well, due to the fact that you don't person to negociate that portion of it. They grip authentication. They grip individuality and entree absorption done Ping, and past they don't person to interest astir that portion of the equation.

What communal mistakes bash you benignant of spot organizations making close present with individuality and entree absorption and however bash they debar those mistakes?

Andre Durand: I really think, astatine slightest successful my interactions, it's a journey, archetypal of all, similar to spell from the humanities world, which was benignant of on-prem, AD. And by the way, you were describing mostly the workforce experience. The lawsuit acquisition wasn't needfully centered connected Active Directory connected prem. Companies person had lawsuit websites and mobile applications that weren't needfully tied to Active Directory. They had a full acceptable of location grown oregon benignant of cobbled unneurotic bequest tools successful bid to bash that. So you bash request to abstracted retired the workforce individuality acquisition and exertion from the lawsuit individuality acquisition and technology.

But I would conscionable measurement backmost and say, admit that we are successful a concern wherever individuality is becoming cardinal to information and cardinal to idiosyncratic experience. Whereas earlier it mightiness person been thought of somewhat arsenic an afterthought, or, oh, I request to unafraid my app and I request to bash this.

It's becoming central. And arsenic it becomes central, and arsenic the exertion has go much sophisticated, doing it astatine the level of sophistication, I mean, "passwordless" is not simple. There's a fig of technologies that spell into eliminating the password. I privation determination were a elemental beatified grail, but determination isn't, and there's antithetic things that you person to usage successful bid to execute this frictionless experience.

 PingID and PingOne diagram

Ping Identity: PingID and PingOne diagram

Image: Ping Identity

So erstwhile you measurement backmost and say, we're connected a travel wherever individuality is becoming much cardinal to information and experience, it's besides becoming much sophisticated. And the barroom connected idiosyncratic acquisition astatine a institution level is precise high, meaning consumers expect a simple, elegant, singular idiosyncratic acquisition with a brand. They don't privation a fragmented acquisition astatine the merchandise level. Meaning what would it beryllium to prosecute with Amazon if each institution Amazon acquired, they conscionable near the user, log on, registration, everything other astir it separate? You spot what I'm saying? That would beryllium a truly poor, fragmented, and siloed experience.

So I deliberation it's conscionable appreciate. It's astir a elemental acquisition that needs to beryllium centralized for that ample enterprise. And conscionable admit that you're connected that travel and truly not marque arsenic galore siloed decisions which person been the history. There's been a batch of siloed decisions wherever fto maine optimize for my 1 app oregon for my concern unit. Right. And not deliberation astir the extremity idiosyncratic acquisition that mightiness beryllium interacting with your peculiar enactment of business, your web spot of your app, but past simultaneously has to interact with each the different aspects of your company.

So if you're a tiny institution with 1 app, it's not a problem. But if you're a ample planetary endeavor that consistent, unafraid idiosyncratic experience, I would suggest you request to deliberation bigger. That's truly the point. You request to deliberation bigger.

What are companies that get individuality and entree absorption right, doing?


Bill Detwiler: You speech to a batch of companies arsenic they enactment done this process, right? You speech to CSOs and you're talking to CXOs and you're talking to CEOs of companies and trying to assistance them done this process. What bash you see? I guess, however did the palmy companies interruption down those silos? Because if you're moving hundreds of systems internally and past dozens of systems externally, similar with your lawsuit facing systems and your worker facing systems, what are the companies doing that are successfully doing precisely what you described, which is reasoning holistically astir their information scenery and not conscionable saying, well, we're going to unafraid this 1 app, oregon we're going to unafraid HR, and we're going to unafraid this 1 this way, due to the fact that I cognize personally I person astatine slightest 10 antithetic passwords and 10 antithetic systems that I person to enactment connected on a regular basis. And it's frustrating for me. And I tin wholly admit to that lawsuit acquisition arsenic well, wanting 1 motion successful 1 individuality that allows maine to entree everything. So what are the palmy companies doing?

Andre Durand: Well, this is wherever relation follows form, right? And I cognize you tin twist those the different direction. So what I mean by that is they're recognizing that arsenic individuality is cardinal oregon foundational. They're recognizing that idiosyncratic acquisition is paramount and they are organizing themselves and their individuality teams and the span of those individuality teams to screen a singular idiosyncratic acquisition crossed aggregate products and services.

So truly what it is, it's a designation that presumption quo of telephone it siloed decision-making is not achieving the champion idiosyncratic experience. And they are redefining the organizational operation to get the output that they want. And the organizational operation is individuality teams are present being formed. They are present reporting up into security, whereas they utilized to conscionable benignant of possibly beryllium a small spot much generically successful the IT group. And present they study to information due to the fact that individuality is the instauration of the aboriginal of security.

And there's these integer present officers astatine companies who are liable for the integer programs and the digitization of a batch of the ceramic and mortar concern models, and those individuals who present person the caller mandate to make caller integer channels for their products and services are saying, idiosyncratic acquisition is paramount. People ballot connected idiosyncratic experience.

And truthful truly what's happening is there's a attraction occurring wherever organizations are redefining the centrality of the relation of individuality successful their integer properties. And they're coming successful with these requirements, truly these goals that accidental let's make a singular acquisition and they're getting into, I mean, frankly, there's authorities progressive successful a batch of this worldly and organizational conception of who has the powerfulness and bash I person power to bash this, oregon it is immoderate cardinal enactment with a higher mandate. And what we're seeing is companies are saying idiosyncratic acquisition is paramount. And truthful we indispensable interruption down the silos and they're organizing to facilitate that outcome.

SEE: A usher to The Open Source Index and GitHub projects checklist (TechRepublic Premium)

When tin we halt utilizing passwords?

Bill Detwiler: Yeah, I deliberation that's a connection that I perceive for a assortment of issues, whether it's debased code, nary codification development, whether it's security, whether it's processes astir development, is truly however you interruption down those, really, companies that are being palmy are breaking down those silos and trying to deliberation holistically. So let's leap up a mates of years, due to the fact that you touched connected it a small spot erstwhile you were talking astir a "passwordless" future. Where bash you spot individuality and entree absorption going successful the adjacent fewer years? And are we going to get to a spot wherever we astatine slightest the password is minimized, right. Or those authentication measures, it's you, similar we've talked astir biometrics for a agelong time, but it's not conscionable you, thing you are, thing you have, similar a 2 origin authentication strategy oregon a cardinal token. But it's besides thing you know. How has identity, similar a password. How has individuality and entree absorption changing implicit the adjacent mates of years?

Andre Durand: Well, you talked connected "passwordless". So fto maine conscionable hone successful the speech to the improvement oregon travel successful authentication and that aged mantra of it's amended to person benignant of 3 factor, thing you know, thing you are, thing that you have, for example, and you harvester each 3 and that's hard to spoof. The information is we're good beyond 3 factor. We're into N-factor now.

There's dozens of hazard signals now, passive signals, that we person entree to similar behavioral biometrics, similar leveraging each the sensors successful the devices we're using, that let america to fundamentally admit radical without immoderate explicit idiosyncratic action. So a biometric oregon accidental intermission for a second, clasp the camera successful beforehand of you, we'll bash a look ID, would beryllium an explicit multi-factor authentication event. A propulsion notification to substance connection that past either has a nexus oregon inquire you to reread a secret, fundamentally a pin, to ensure. So the instrumentality that you person is being utilized arsenic a origin of authentication.

PingID web-based medication  console hosted connected  PingOne

PingID web-based medication console hosted connected PingOne

Image: Ping Identity

The aboriginal of frictionless information arsenic embodied successful this conception of "passwordless" is going to beryllium a operation of hazard signals, passive signals astir our behavior, astir the environment, astir the discourse and the devices and different things that were coming out, of which similar I said, there's dozens now. And explicit MFA events, if you will. One of those events could beryllium fto maine cheque your biometric, similar a look ID. And companies volition beryllium mixing and matching these things successful antithetic ways for antithetic idiosyncratic populations, for antithetic scenarios, meaning the spot level indispensable beryllium overmuch higher if I'm doing a ligament transportation than if I'm doing something. Maybe it's higher from doing an e-commerce transaction and the code is new, for example. So that would beryllium a information nether which, Hey, you privation to truly wage attention.

So we volition execute successful the adjacent 3 oregon 4 years, much information and little friction successful the future. 100%. We're going to get there. But the reply to execute the higher level of idiosyncratic acquisition and the higher level of information is going to necessitate much sophistication nether the covers. We're going to spell from the ubiquity of passwords are benignant of easy, but present we've go the bane of our beingness due to the fact that they're excessively analyzable and can't retrieve them, to successful essence, each of these different technologies are going to capable successful the spread and they're going to make a higher information exemplary and a much frictionless experience. But there's not going to beryllium 1 size fits all.

Going "passwordless" won't beryllium a one-size-fits-all solution, it's astir hazard management

Bill Detwiler: I deliberation that, it reminds maine a batch of what I spot banks doing and person been doing for a portion present with recognition transaction hazard analysis. Right? So looking for patterns. Is that what you benignant of see? Like you talked astir utilizing each the sensors connected a instrumentality oregon looking astatine signals coming backmost into the system. To not conscionable say, okay, look, we've got this authentication that this enactment that's taking place, but is this enactment happening astatine a close time? Is the geolocation information showing that this instrumentality is wherever it's usually at? Is determination thing retired of bounds, right? Did you spell to different authorities and effort to bargain state astatine a state presumption that you usually don't spell to? Right. And that raises a reddish flag. And however bash we bash that? That's what I'm proceeding you describe. Is that accurate? Is that the strategy you're describing that we're getting to?

Andre Durand: That's 100% accurate. We person to spell from what I'll telephone a static and manual individuality power plane, wherever accidental 1 size fits all. Back in, it's everyone has a password. It's similar 1 size fits all. Like it didn't substance if you were doing a ligament transportation oregon something. It's like, you got a password. Where now, there's galore shades of grey successful the authentication experience. And galore of those shades of grey of however we're going to admit and guarantee we're interacting with the close person. That authentication. Many of those shades of grey are present signals, quality that we tin glean and aggregate to assistance america marque a bully authentication decision.

Is the spot precocious and the hazard low. Okay. Do X. If the signals person changed and we think, oh, this present looks, I haven't seen this before. This it's risky. Maybe we request to measurement up authentication. Maybe we request to contradict access, for example.

So what you've seen successful recognition paper transactions is present being applied to the entirety of the individuality power plane. From the infinitesimal you spell done a verification of identity, to the registration of an identity, to the authentication, to the authorization, that full login to log off. And by the way, adjacent earlier that, erstwhile you deed the website, you haven't authenticated and you haven't verified and you haven't registered. There's a full suite of signals that would let america to understand, are we talking to the aforesaid individual, oregon are we talking to a bot, for example.

So making individuality intelligent. That's the crushed I said, it's getting much sophisticated, which means having that level of sophistication embedded successful each app makes nary sense. We request to centralize the individuality power plane. We request to marque it intelligent, and we request to reconnect it to our applications done unfastened standards, ideally.

Developer Essentials Newsletter

From the hottest programming languages to the jobs with the highest salaries, get the developer quality and tips you request to know. Weekly

Sign up today

Dynamic Developer interviews and more

Read Entire Article