0:00

You are listening

0:00

to the Platform a podcast to

0:06

learn about our digital worlds.

0:06

I am Mike Veldhuis partner at

0:10

Nalta.com

0:11

Hello, I'm Jas Sagoo

0:11

and I'm head of solution

0:14

engineering and professional

0:14

services at Auth0 International.

0:18

This Jingle

0:18

sounds so professional Jas.

0:22

Thank you, Mike, I learned from you.

0:25

Welcome listeners

0:25

to episode number 12. Talking

0:30

with Jas for the fourth time,

0:30

and this is the final episode

0:33

before the master class that

0:33

we're going to organize the

0:36

seventh of October. And today

0:36

we're going to talk about the

0:39

balancing act. And listeners, I

0:39

have to be perfectly honest with

0:44

you. I didn't come up with this

0:44

title. This is all because of

0:49

you Jas and I love it the great

0:49

balancing act.

0:54

Mike, you know what,

0:54

this is not rocket science. I do

0:57

that every day in my life. I try

0:57

to balance my life in anything

1:00

and everything I do.

1:02

And are you succesful?

1:04

Sometimes.

1:07

Cool. Cool.

1:08

Well, to kick

1:08

off, to put it in perspective,

1:13

what is the great balancing act?

1:17

Good question, Mike.

1:17

Look, I think, and this is

1:21

something that I have come up

1:21

with this is something that I

1:24

have looked into our customers

1:24

and partners and this is what

1:28

they're asking for, you know, we

1:28

have we have an industry that is

1:33

looking for, when their

1:33

customers are accessing their

1:36

services, customers are looking

1:36

for an easy way and a convenient

1:41

way to access those services

1:41

very quickly, right? You don't

1:44

spend four minutes logging in,

1:44

you're gonna spend one second

1:48

logging in. But there was a

1:48

myth, you know, perception that

1:53

if you if you make logging in

1:53

very easy, it means you've

1:55

compromised on security, and

1:55

you've compromised on

1:59

regulation. And you can see

1:59

regulation and privacy is going

2:01

to be increasing these days. So

2:01

the question is, how do you get

2:05

it right? You know, do you do?

2:05

Do you reduce security and get

2:10

privacy up and then reduce

2:10

convenience? So Mike, this topic

2:14

really is about how do we

2:14

address those three topics? And

2:18

how do we balance it out here?

2:19

So how to get it

2:19

right. But before we go on to

2:22

answer that question, which

2:22

basically is probably the most

2:27

important question of all four

2:27

episodes. And we talked about

2:34

the identity management space,

2:34

where it sits in the total

2:39

security stack. And we, we found

2:39

out this is the front door, and

2:44

it's pretty important to get the

2:44

safe lock on it. We talked about

2:50

in Episode Number 10, about Buy

2:50

versus Build. So should you

2:56

build a solution yourself or buy

2:56

it from a vendor, which is

3:00

specialized? And the previous

3:00

episode, which I really enjoyed,

3:06

we talked about how to implement

3:06

a solution and what is happening

3:10

in the future. So we got all

3:10

fired up. And then this most

3:19

important question, how to get

3:19

it right, how to get the

3:22

triangle of security, privacy

3:22

and convenience. Right? How Jas?

3:31

Might before I answer

3:31

that question, what are you

3:33

hearing in the marketplace? What

3:33

are you hearing from your

3:37

customers?

3:41

I am, first of

3:41

all, we're in the software space

3:45

for a very long time, actually

3:45

in IT for 21 years. And we

3:51

getting more and more questions

3:51

that customers actually want

3:55

their own software being built,

3:55

which is like there is so much

3:59

available. But it's like special

3:59

business needs special

4:03

solutions. And not that we build

4:03

everything from scratch. But

4:07

it's like creating this

4:07

environment, this platform for a

4:11

use case that makes them

4:11

special. And they want it fast.

4:16

They want it scalable, because

4:16

they have no clue how it will

4:21

explode in time. They all hope

4:21

it will. But they start with a

4:25

MVP with a minimal viable

4:25

product. They want to start slow

4:29

as small and maybe slow on a

4:29

tight budget. And it has to be

4:35

secure. And that's another great

4:35

balancing act. But what we're

4:40

hearing is that there is a lot

4:40

of need. And we have to comply

4:47

in this transformation in

4:47

digitization, to connecting

4:52

these systems to the outside

4:52

world, which is a risk in

4:55

itself. And sometimes this is

4:55

conundrum This is really a

4:59

problem. That's what we're

4:59

hearing.

5:02

Okay, so all we're

5:02

seeing is, security is at the

5:06

top of people's minds, right? It

5:06

is right at the top of a

5:10

customer's mind. And this ties

5:10

very well into into the question

5:13

on balancing act, because

5:13

historically, there's been a

5:17

perception, you know, if you,

5:17

you know, tighten security, or

5:21

how you access, your front door,

5:21

it means it's not very

5:25

convenient to go inside. Because

5:25

you've got 10 locks on it. Oh,

5:29

gosh, thank you making so

5:29

difficult to get into into the

5:31

into this whole thing, if I'm

5:31

using all my identity, you know,

5:35

using my personal information,

5:35

like, who you are your email

5:39

address, your phone number, your

5:39

address, you're giving away his

5:41

personal information. And we know what's happening regulation, right? It is getting

5:42

tighter and tighter and tighter,

5:45

tighter rules are bigger. So how

5:45

do you get it right? How do you

5:49

provide, you know, one single

5:49

key to access the front door,

5:54

protect the user and provide

5:54

convenience, but at the same

5:58

time you making sure that

5:58

security is not what you call it

6:03

flawed, and you're helping

6:03

everyone comply with regulation.

6:08

So how do you balance that so

6:08

I'll go back to something that

6:11

you said earlier, you said

6:11

everyone is building their own

6:14

applications, right. But what

6:14

they're doing is they're not

6:17

building an identity access management system. They're building applications. So we're

6:19

using best of breed tooling.

6:23

They are,

6:24

right, yes. And these

6:24

and when they build application,

6:27

all these tooling, what they're doing is they're giving themselves a competitive

6:28

advantage. Because it's they are

6:32

differentiating themselves from

6:32

their from their compact

6:34

competition. So my advice is,

6:34

don't build your own identity

6:39

and access management system.

6:39

Right? Go and use these ready

6:44

tools out there, like Auth0, for

6:44

example, they've got all the

6:46

tooling and all their help you

6:46

do as they help you get the

6:49

balance, right, providing the

6:49

right convenience. So access to

6:53

service within two, three

6:53

clicks, right. And they take

6:56

care of all the security behind

6:56

it, because they are experts.

7:00

Lastly, they understand

7:00

regulation, so that you don't

7:05

have to worry about regulation

7:05

yourself. So this myth about, to

7:09

improve convenience, you have to

7:09

sacrifice, security or privacy,

7:14

that's a myth, that is only true

7:14

if you're trying to do it

7:17

yourself.

7:18

But to be honest,

7:18

this almost sounds too good to

7:22

be true.

7:25

So it is true, I will

7:25

kind of explain that to you.

7:29

Because if you look at the heart

7:29

of any platform, there are

7:34

experts building it, they've

7:34

done all the work, all the

7:38

commitment and the dedication to

7:38

go and try and build on it

7:42

that's very secure, very secure.

7:42

Security is the heart of

7:45

anything that we do, especially

7:45

identity access management. So

7:49

they take that very seriously.

7:49

Now, what's really clever here

7:53

Mike is, is how you can make the

7:53

the access very easily, right?

7:58

You can use things like social

7:58

login, for example,

8:01

Facebook for instance?

8:02

Exactly. Or you can

8:02

use Google or LinkedIn or all

8:05

these other social profiles,

8:05

right. And so that's one easy

8:09

way of providing Quick Access

8:09

without sacrificing security.

8:12

And privacy, again, is built

8:12

into these solutions. So my

8:16

advice to everyone out there

8:16

listening, don't waste your time

8:21

in going try and build something

8:21

yourself. Right? Rely on the

8:24

experts, what you should be

8:24

focusing on is your business

8:27

application.

8:30

I have to be

8:30

honest, and people that know me,

8:36

I am and most of the time very

8:36

direct. When we were preparing

8:43

the new podcast series, I had a

8:43

little bit of doubt whether

8:48

talking about an identity and

8:48

access management solution was

8:56

really necessary in four

8:56

episodes. It felt like we're

9:02

talking about a niche in this

9:02

whole scheme of everything

9:08

that's happening around us

9:08

digital transformation, it

9:11

transformation, digital twins,

9:11

in blockchain, all kinds of

9:20

topics that are around us. And

9:20

then Mike and Nalta are gonna

9:24

talk about an identity

9:24

management solution. I really

9:28

had to think this one over. But

9:28

when I started looking into it,

9:32

I realized that it's a

9:32

touchpoint that we're using

9:38

every single day. And the

9:38

solution itself is so directly

9:44

linked to the security of your

9:44

data and the security of your

9:48

platform, the security of your

9:48

things. That's it's probably one

9:52

of the most important things to

9:52

talk about. That is a real

9:58

realization I had and I found it

9:58

a little bit difficult to, to

10:04

interest the audience in this

10:04

topic. And that's why we have

10:08

those four episodes and the

10:08

build up to the great balancing

10:12

act. And what I really hope, and

10:12

we're going to talk a little bit

10:17

more about machine to machine

10:17

security and, and identity

10:23

management, that they understand

10:23

that at least for user identity

10:27

management, this is just

10:27

mandatory. And it's just like,

10:34

so mandatory that basically all

10:34

developers should at least have

10:38

a look at it. You know?

10:41

Mike, you're completely right. And you know, what? It's a must have, I must

10:42

tell you that it's a must have

10:46

isn't right. It's a boring

10:46

subject, boring topic, but you

10:50

know, what it's a must have. And

10:50

what I've challenged, the

10:52

audience is out here, if you can

10:52

find 10 websites, that are

10:57

important websites that give you

10:57

good information, good access to

11:00

good services, that don't ask

11:00

you to log in, then then you've

11:06

got me. Yeah. Yeah. So go and

11:06

try and find those 10 websites.

11:11

I mentioned the

11:11

developers, but in your role,

11:16

you're responsible for the

11:16

professional services in EMEA,

11:20

right.

11:21

Correct. Professional

11:21

services and solution

11:23

engineering.

11:24

Oh, I'm sorry.

11:24

It's even more, it's even more,

11:27

I can't imagine that you only

11:27

talking to the technical people?

11:31

And I imagine that you're

11:31

talking to business owners as

11:35

well, C level? And if it's a

11:35

boring topic, what kind of

11:41

you're not a boring guy. What

11:41

kind of discussion do you have

11:46

with that specific audience?

11:49

So look, what I, tell

11:49

them is, and then the humans as

11:54

well remember, before, before

11:54

they work for those

11:57

organizations, they are they

11:57

have their own personal life.

12:00

And they understand the

12:00

importance of, you know, wanting

12:05

to access any service from any

12:05

where they are any device at any

12:09

time, you know, across across

12:09

the ecosystem. So they

12:16

themselves understand the

12:16

importance of convenience and

12:18

security. And what I tell them

12:18

is, how are you going to do that

12:21

for your employees and how you

12:21

do that for your customers. And

12:26

what you should also have is,

12:26

you should have a strategy. So,

12:31

that's what I talked to them,

12:31

what's your strategy around

12:33

identity and access management?

12:33

But also, how can I help you

12:38

gain maturity in this topic and

12:38

subject? Because they there is

12:42

an element of, continuous

12:42

improvement and become a mature

12:45

organization? Mike, look, we've

12:45

seen lots of organizations that

12:49

don't take this advice

12:49

seriously. And what do we see,

12:51

we see the names of big

12:51

companies on the tabloids,

12:54

they've been breached. Right.

12:54

And every C level individual is

12:59

trying to keep their names out

12:59

of the headlines. Sometimes

13:02

these are the conversations we have them.

13:04

Yeah, makes

13:04

sense. Makes sense. So we, and

13:09

this is a very clear and direct

13:09

answer. And very useful for the

13:15

listeners. So we're not only

13:15

talking about this is something

13:18

that is just for developers,

13:18

this is something that really

13:21

belongs to the boardroom as

13:21

well, when we're talking about

13:24

security strategy. We talked a

13:24

lot about the user identity

13:30

management space. We touched a

13:30

little bit at the things and the

13:35

machines. And, because I think

13:35

it's so important, I just want

13:41

to hear a little bit more of

13:41

your advice. And I was, as I was

13:46

thinking about some examples

13:46

where it went wrong, but I don't

13:49

think that's important. We know.

13:49

And security is lacking in those

13:53

spaces as well. What is your

13:53

advice to companies that are

14:00

building solutions in the IoT

14:00

space and in the machine to

14:03

machine space where machines to

14:03

machines are communicating?

14:07

So very quickly, I

14:07

would say, use your time

14:11

carefully and focus it on your

14:11

applications and what you're

14:14

building. Don't think about

14:14

building an identity solution.

14:18

You're reinventing the wheel

14:18

because that's been done by

14:20

experts. Okay, that's the first

14:20

thing. If you're choosing an

14:24

identity and access management

14:24

system, make sure it's based on

14:27

standards. Okay, so think about

14:27

open ID connect to think about

14:31

OAuth. Okay, these are

14:31

standards. Third thing make sure

14:36

that whoever is whoever you're

14:36

working with are identity

14:39

experts. They understand

14:39

identity. Fourth thing, I know

14:44

this is very difficult for you

14:44

to for some some people to do.

14:47

But let's share the mistakes

14:47

were making. Let's try

14:50

understand where these mistakes

14:50

we were making so that a that

14:54

others don't do them but also

14:54

identity experts are able to

14:58

build or take care of some of

14:58

your, from your learnings and

15:01

your experiences into their

15:01

solutions. So this, this will be

15:05

my advice Mike to anyone

15:05

listening to the podcast,

15:09

And I love

15:09

checklists. And it's a great

15:13

summary and ending of this

15:13

podcast series. The four talks

15:18

we had, and I know for sure

15:18

Laura loves this, she makes and

15:23

draws the graphical recordings.

15:23

And she always loves to make

15:26

checklists. Thank you so much

15:26

Jas, this was really insightful.

15:35

It was great fun. I learned a

15:35

lot from you. And I'm very

15:40

grateful for that. And I know

15:40

for sure that the audience can

15:44

learn even more in the

15:44

masterclass that we're gonna

15:48

present, the seventh of October

15:48

at the end of the day, we'll put

15:53

the exact time in the link

15:53

below. And to end this from my

16:01

part, and I will give the final

16:01

word to you Jas. Is that my

16:05

colleague, Koen said, Let

16:05

authentication work for you, not

16:09

against you. And he's not a

16:09

marketing. He's a developer and

16:11

I just love that sentence. Thank

16:11

you Jas.

16:15

Thank you, Mike. It's

16:15

been a pleasure.