A Year in Identity

I promised myself I would blog more. One reason is that my job requires it. It’s not mandated but “practice makes perfect”. Also because writing helps with thinking better but I’ve been way too swamped to think.

But here I am, after spending a year as a product marketing manager for WSO2 Identity Server with my last post dated July, 2018.

As we just started looking at the possibilities of 2019, here are some of the observations I’ve made as to why enterprises would need Identity and Access Management and other general observations.

• Identity is more than SSO. It’s a key enabler for Digital transformation

Throughout 2018, at every identity conference we took part in, we kept hearing how identity should be treated as something more than just a security project. That we have to go back to our enterprises and say why identity is the glue that holds it all together. SSO, authentication or securing APIs, would come off a simple task or singular project but it all eventually becomes a part of a much larger project — like integration. CIAM is a great example of integration. You use Identity, APIM and Integration components along with analytics to give users a great user experience. So whatever your enterprise strategy may be, identity plays a key role in being future-proof and it’s more than just logging into applications.

• Your customer comes first

CIAM, although looks like a trend, should be the ultimate goal for any enterprise. Most customers that we deal with, use the Identity Server for CIAM through SSO, identity federation etc. CIAM helps to give your users a unified experience. West Corporation does an excellent job of giving their customers a connected experience.

We’re moving from multi factor authentication to Adaptive Authentication for the very same reason. So that you make your user’s life secure but also better.

• There’s an API for that

Everything today is API driven. All businesses are inclined to expose their APIs and the rate of exploding endpoints is surely alarming. Yet, what would be the point if these are not secure?

• Open source IAM is “still” an emerging concept and this should change

Although Open Source might not be the most known option for IAM, it should be. A lot assume that open source means free, but it’s the “freedom” to try the product, to scan and test the code as you please and NOT being “locked-in” to a vendor. It’s also easy to innovate fast with OS and it’s versatile because of the variety of authenticators and connectors. One of my team-mates illustrated this quite brilliantly on Quora.

Therefore if one was to choose an IAM solution for their enterprise, I strongly urge to give open source a try.

• Privacy

It takes a situation like Cambridge Analytica for enterprises to take IAM seriously. With the rise of GDPR and the upcoming CCPA, user consent and privacy is taking the precedence over everything and we fully support this. IAM is wired to provide compliance so that users are secure and businesses can make use of this opportunity to demonstrate that they are “user-centric” and prioritize privacy over everything. This way you maximize user retention too.

Afterword

2018 has been a fantastic learning curve, also because I get to work with the best in the industry (both in Marketing and Engineering/IAM). Like Prabath Siriwardena, who is a walking encyclopedia of all things identity (check out his blog — you’ll learning something you didn’t know)

If I’m to keep any of my resolutions for this year, you’ll see more identity-related stuff in this space. Till then, have a data breach free 2019.