Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
You are listening
0:00
to the Platform a podcast to
0:06
learn about our digital worlds.
0:06
I am Mike Veldhuis partner at
0:10
Nalta.com
0:11
Hello, I'm Jas Sagoo
0:11
and I'm head of solution
0:14
engineering and professional
0:14
services at Auth0 International.
0:18
This Jingle
0:18
sounds so professional Jas.
0:22
Thank you, Mike, I learned from you.
0:25
Welcome listeners
0:25
to episode number 12. Talking
0:30
with Jas for the fourth time,
0:30
and this is the final episode
0:33
before the master class that
0:33
we're going to organize the
0:36
seventh of October. And today
0:36
we're going to talk about the
0:39
balancing act. And listeners, I
0:39
have to be perfectly honest with
0:44
you. I didn't come up with this
0:44
title. This is all because of
0:49
you Jas and I love it the great
0:49
balancing act.
0:54
Mike, you know what,
0:54
this is not rocket science. I do
0:57
that every day in my life. I try
0:57
to balance my life in anything
1:00
and everything I do.
1:02
And are you succesful?
1:04
Sometimes.
1:07
Cool. Cool.
1:08
Well, to kick
1:08
off, to put it in perspective,
1:13
what is the great balancing act?
1:17
Good question, Mike.
1:17
Look, I think, and this is
1:21
something that I have come up
1:21
with this is something that I
1:24
have looked into our customers
1:24
and partners and this is what
1:28
they're asking for, you know, we
1:28
have we have an industry that is
1:33
looking for, when their
1:33
customers are accessing their
1:36
services, customers are looking
1:36
for an easy way and a convenient
1:41
way to access those services
1:41
very quickly, right? You don't
1:44
spend four minutes logging in,
1:44
you're gonna spend one second
1:48
logging in. But there was a
1:48
myth, you know, perception that
1:53
if you if you make logging in
1:53
very easy, it means you've
1:55
compromised on security, and
1:55
you've compromised on
1:59
regulation. And you can see
1:59
regulation and privacy is going
2:01
to be increasing these days. So
2:01
the question is, how do you get
2:05
it right? You know, do you do?
2:05
Do you reduce security and get
2:10
privacy up and then reduce
2:10
convenience? So Mike, this topic
2:14
really is about how do we
2:14
address those three topics? And
2:18
how do we balance it out here?
2:19
So how to get it
2:19
right. But before we go on to
2:22
answer that question, which
2:22
basically is probably the most
2:27
important question of all four
2:27
episodes. And we talked about
2:34
the identity management space,
2:34
where it sits in the total
2:39
security stack. And we, we found
2:39
out this is the front door, and
2:44
it's pretty important to get the
2:44
safe lock on it. We talked about
2:50
in Episode Number 10, about Buy
2:50
versus Build. So should you
2:56
build a solution yourself or buy
2:56
it from a vendor, which is
3:00
specialized? And the previous
3:00
episode, which I really enjoyed,
3:06
we talked about how to implement
3:06
a solution and what is happening
3:10
in the future. So we got all
3:10
fired up. And then this most
3:19
important question, how to get
3:19
it right, how to get the
3:22
triangle of security, privacy
3:22
and convenience. Right? How Jas?
3:31
Might before I answer
3:31
that question, what are you
3:33
hearing in the marketplace? What
3:33
are you hearing from your
3:37
customers?
3:41
I am, first of
3:41
all, we're in the software space
3:45
for a very long time, actually
3:45
in IT for 21 years. And we
3:51
getting more and more questions
3:51
that customers actually want
3:55
their own software being built,
3:55
which is like there is so much
3:59
available. But it's like special
3:59
business needs special
4:03
solutions. And not that we build
4:03
everything from scratch. But
4:07
it's like creating this
4:07
environment, this platform for a
4:11
use case that makes them
4:11
special. And they want it fast.
4:16
They want it scalable, because
4:16
they have no clue how it will
4:21
explode in time. They all hope
4:21
it will. But they start with a
4:25
MVP with a minimal viable
4:25
product. They want to start slow
4:29
as small and maybe slow on a
4:29
tight budget. And it has to be
4:35
secure. And that's another great
4:35
balancing act. But what we're
4:40
hearing is that there is a lot
4:40
of need. And we have to comply
4:47
in this transformation in
4:47
digitization, to connecting
4:52
these systems to the outside
4:52
world, which is a risk in
4:55
itself. And sometimes this is
4:55
conundrum This is really a
4:59
problem. That's what we're
4:59
hearing.
5:02
Okay, so all we're
5:02
seeing is, security is at the
5:06
top of people's minds, right? It
5:06
is right at the top of a
5:10
customer's mind. And this ties
5:10
very well into into the question
5:13
on balancing act, because
5:13
historically, there's been a
5:17
perception, you know, if you,
5:17
you know, tighten security, or
5:21
how you access, your front door,
5:21
it means it's not very
5:25
convenient to go inside. Because
5:25
you've got 10 locks on it. Oh,
5:29
gosh, thank you making so
5:29
difficult to get into into the
5:31
into this whole thing, if I'm
5:31
using all my identity, you know,
5:35
using my personal information,
5:35
like, who you are your email
5:39
address, your phone number, your
5:39
address, you're giving away his
5:41
personal information. And we know what's happening regulation, right? It is getting
5:42
tighter and tighter and tighter,
5:45
tighter rules are bigger. So how
5:45
do you get it right? How do you
5:49
provide, you know, one single
5:49
key to access the front door,
5:54
protect the user and provide
5:54
convenience, but at the same
5:58
time you making sure that
5:58
security is not what you call it
6:03
flawed, and you're helping
6:03
everyone comply with regulation.
6:08
So how do you balance that so
6:08
I'll go back to something that
6:11
you said earlier, you said
6:11
everyone is building their own
6:14
applications, right. But what
6:14
they're doing is they're not
6:17
building an identity access management system. They're building applications. So we're
6:19
using best of breed tooling.
6:23
They are,
6:24
right, yes. And these
6:24
and when they build application,
6:27
all these tooling, what they're doing is they're giving themselves a competitive
6:28
advantage. Because it's they are
6:32
differentiating themselves from
6:32
their from their compact
6:34
competition. So my advice is,
6:34
don't build your own identity
6:39
and access management system.
6:39
Right? Go and use these ready
6:44
tools out there, like Auth0, for
6:44
example, they've got all the
6:46
tooling and all their help you
6:46
do as they help you get the
6:49
balance, right, providing the
6:49
right convenience. So access to
6:53
service within two, three
6:53
clicks, right. And they take
6:56
care of all the security behind
6:56
it, because they are experts.
7:00
Lastly, they understand
7:00
regulation, so that you don't
7:05
have to worry about regulation
7:05
yourself. So this myth about, to
7:09
improve convenience, you have to
7:09
sacrifice, security or privacy,
7:14
that's a myth, that is only true
7:14
if you're trying to do it
7:17
yourself.
7:18
But to be honest,
7:18
this almost sounds too good to
7:22
be true.
7:25
So it is true, I will
7:25
kind of explain that to you.
7:29
Because if you look at the heart
7:29
of any platform, there are
7:34
experts building it, they've
7:34
done all the work, all the
7:38
commitment and the dedication to
7:38
go and try and build on it
7:42
that's very secure, very secure.
7:42
Security is the heart of
7:45
anything that we do, especially
7:45
identity access management. So
7:49
they take that very seriously.
7:49
Now, what's really clever here
7:53
Mike is, is how you can make the
7:53
the access very easily, right?
7:58
You can use things like social
7:58
login, for example,
8:01
Facebook for instance?
8:02
Exactly. Or you can
8:02
use Google or LinkedIn or all
8:05
these other social profiles,
8:05
right. And so that's one easy
8:09
way of providing Quick Access
8:09
without sacrificing security.
8:12
And privacy, again, is built
8:12
into these solutions. So my
8:16
advice to everyone out there
8:16
listening, don't waste your time
8:21
in going try and build something
8:21
yourself. Right? Rely on the
8:24
experts, what you should be
8:24
focusing on is your business
8:27
application.
8:30
I have to be
8:30
honest, and people that know me,
8:36
I am and most of the time very
8:36
direct. When we were preparing
8:43
the new podcast series, I had a
8:43
little bit of doubt whether
8:48
talking about an identity and
8:48
access management solution was
8:56
really necessary in four
8:56
episodes. It felt like we're
9:02
talking about a niche in this
9:02
whole scheme of everything
9:08
that's happening around us
9:08
digital transformation, it
9:11
transformation, digital twins,
9:11
in blockchain, all kinds of
9:20
topics that are around us. And
9:20
then Mike and Nalta are gonna
9:24
talk about an identity
9:24
management solution. I really
9:28
had to think this one over. But
9:28
when I started looking into it,
9:32
I realized that it's a
9:32
touchpoint that we're using
9:38
every single day. And the
9:38
solution itself is so directly
9:44
linked to the security of your
9:44
data and the security of your
9:48
platform, the security of your
9:48
things. That's it's probably one
9:52
of the most important things to
9:52
talk about. That is a real
9:58
realization I had and I found it
9:58
a little bit difficult to, to
10:04
interest the audience in this
10:04
topic. And that's why we have
10:08
those four episodes and the
10:08
build up to the great balancing
10:12
act. And what I really hope, and
10:12
we're going to talk a little bit
10:17
more about machine to machine
10:17
security and, and identity
10:23
management, that they understand
10:23
that at least for user identity
10:27
management, this is just
10:27
mandatory. And it's just like,
10:34
so mandatory that basically all
10:34
developers should at least have
10:38
a look at it. You know?
10:41
Mike, you're completely right. And you know, what? It's a must have, I must
10:42
tell you that it's a must have
10:46
isn't right. It's a boring
10:46
subject, boring topic, but you
10:50
know, what it's a must have. And
10:50
what I've challenged, the
10:52
audience is out here, if you can
10:52
find 10 websites, that are
10:57
important websites that give you
10:57
good information, good access to
11:00
good services, that don't ask
11:00
you to log in, then then you've
11:06
got me. Yeah. Yeah. So go and
11:06
try and find those 10 websites.
11:11
I mentioned the
11:11
developers, but in your role,
11:16
you're responsible for the
11:16
professional services in EMEA,
11:20
right.
11:21
Correct. Professional
11:21
services and solution
11:23
engineering.
11:24
Oh, I'm sorry.
11:24
It's even more, it's even more,
11:27
I can't imagine that you only
11:27
talking to the technical people?
11:31
And I imagine that you're
11:31
talking to business owners as
11:35
well, C level? And if it's a
11:35
boring topic, what kind of
11:41
you're not a boring guy. What
11:41
kind of discussion do you have
11:46
with that specific audience?
11:49
So look, what I, tell
11:49
them is, and then the humans as
11:54
well remember, before, before
11:54
they work for those
11:57
organizations, they are they
11:57
have their own personal life.
12:00
And they understand the
12:00
importance of, you know, wanting
12:05
to access any service from any
12:05
where they are any device at any
12:09
time, you know, across across
12:09
the ecosystem. So they
12:16
themselves understand the
12:16
importance of convenience and
12:18
security. And what I tell them
12:18
is, how are you going to do that
12:21
for your employees and how you
12:21
do that for your customers. And
12:26
what you should also have is,
12:26
you should have a strategy. So,
12:31
that's what I talked to them,
12:31
what's your strategy around
12:33
identity and access management?
12:33
But also, how can I help you
12:38
gain maturity in this topic and
12:38
subject? Because they there is
12:42
an element of, continuous
12:42
improvement and become a mature
12:45
organization? Mike, look, we've
12:45
seen lots of organizations that
12:49
don't take this advice
12:49
seriously. And what do we see,
12:51
we see the names of big
12:51
companies on the tabloids,
12:54
they've been breached. Right.
12:54
And every C level individual is
12:59
trying to keep their names out
12:59
of the headlines. Sometimes
13:02
these are the conversations we have them.
13:04
Yeah, makes
13:04
sense. Makes sense. So we, and
13:09
this is a very clear and direct
13:09
answer. And very useful for the
13:15
listeners. So we're not only
13:15
talking about this is something
13:18
that is just for developers,
13:18
this is something that really
13:21
belongs to the boardroom as
13:21
well, when we're talking about
13:24
security strategy. We talked a
13:24
lot about the user identity
13:30
management space. We touched a
13:30
little bit at the things and the
13:35
machines. And, because I think
13:35
it's so important, I just want
13:41
to hear a little bit more of
13:41
your advice. And I was, as I was
13:46
thinking about some examples
13:46
where it went wrong, but I don't
13:49
think that's important. We know.
13:49
And security is lacking in those
13:53
spaces as well. What is your
13:53
advice to companies that are
14:00
building solutions in the IoT
14:00
space and in the machine to
14:03
machine space where machines to
14:03
machines are communicating?
14:07
So very quickly, I
14:07
would say, use your time
14:11
carefully and focus it on your
14:11
applications and what you're
14:14
building. Don't think about
14:14
building an identity solution.
14:18
You're reinventing the wheel
14:18
because that's been done by
14:20
experts. Okay, that's the first
14:20
thing. If you're choosing an
14:24
identity and access management
14:24
system, make sure it's based on
14:27
standards. Okay, so think about
14:27
open ID connect to think about
14:31
OAuth. Okay, these are
14:31
standards. Third thing make sure
14:36
that whoever is whoever you're
14:36
working with are identity
14:39
experts. They understand
14:39
identity. Fourth thing, I know
14:44
this is very difficult for you
14:44
to for some some people to do.
14:47
But let's share the mistakes
14:47
were making. Let's try
14:50
understand where these mistakes
14:50
we were making so that a that
14:54
others don't do them but also
14:54
identity experts are able to
14:58
build or take care of some of
14:58
your, from your learnings and
15:01
your experiences into their
15:01
solutions. So this, this will be
15:05
my advice Mike to anyone
15:05
listening to the podcast,
15:09
And I love
15:09
checklists. And it's a great
15:13
summary and ending of this
15:13
podcast series. The four talks
15:18
we had, and I know for sure
15:18
Laura loves this, she makes and
15:23
draws the graphical recordings.
15:23
And she always loves to make
15:26
checklists. Thank you so much
15:26
Jas, this was really insightful.
15:35
It was great fun. I learned a
15:35
lot from you. And I'm very
15:40
grateful for that. And I know
15:40
for sure that the audience can
15:44
learn even more in the
15:44
masterclass that we're gonna
15:48
present, the seventh of October
15:48
at the end of the day, we'll put
15:53
the exact time in the link
15:53
below. And to end this from my
16:01
part, and I will give the final
16:01
word to you Jas. Is that my
16:05
colleague, Koen said, Let
16:05
authentication work for you, not
16:09
against you. And he's not a
16:09
marketing. He's a developer and
16:11
I just love that sentence. Thank
16:11
you Jas.
16:15
Thank you, Mike. It's
16:15
been a pleasure.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More