Audioboom

Transcript for Identity Orchestration Tidbits

00:00:02,939 → 00:00:05,819

Narrator: You're listening to the humans of DevOps podcast, a

00:00:05,819 → 00:00:09,449

podcast focused on advancing the humans of DevOps through skills,

00:00:09,479 → 00:00:13,799

knowledge, ideas, and learning, or the skil framework.

00:00:17,400 → 00:00:20,250

Topher Marie: Consumers are trying to get away from those

00:00:20,250 → 00:00:24,690

legacy products as they move into cloud infrastructure. How

00:00:24,690 → 00:00:27,780

do we make it so you don't have to rewrite an application that

00:00:27,780 → 00:00:30,960

was targeted to one of those legacy products. That's

00:00:30,960 → 00:00:31,740

something that we do.

00:00:33,750 → 00:00:36,870

Eveline Oehrlich: Welcome to the humans of DevOps Podcast. I'm

00:00:36,870 → 00:00:41,520

evolutionarily Chief Research Officer at DevOps Institute. Our

00:00:41,520 → 00:00:47,070

episode title today is identity orchestration titbits, and I

00:00:47,070 → 00:00:49,890

have a very special guest. I'll tell you in a minute why that

00:00:49,890 → 00:00:53,610

guest is very special to me. Today we have with us Topher

00:00:53,610 → 00:00:58,500

Murray, who is CTO and co founder of strata. I'm saying

00:00:58,500 → 00:01:01,320

that a little bit with an Italian accent for no reason

00:01:01,320 → 00:01:04,050

just because I like the word, but let me tell you a little bit

00:01:04,050 → 00:01:07,830

about Topher. So Topher is the CTO and co founder of strata

00:01:07,830 → 00:01:10,830

identity, focusing on introducing identity

00:01:10,830 → 00:01:14,760

orchestration to the security ecosystem. Before start

00:01:14,760 → 00:01:19,920

identity, Topher was the CTO and co founder of jump cloud. In the

00:01:19,920 → 00:01:23,160

past, he has also been an architect for Oracle's global

00:01:23,160 → 00:01:27,240

cloud identity and security security portfolio, and a

00:01:27,240 → 00:01:32,490

product owner for us zero. He was simplified lead architect

00:01:32,580 → 00:01:37,650

and got his start in identity at ping back in the early days. As

00:01:37,650 → 00:01:41,850

part of his role. Topher travels extensively, developing a deep

00:01:41,850 → 00:01:48,210

appreciation for local cultures, food, and languages. Welcome to

00:01:48,240 → 00:01:49,620

our podcasts over.

00:01:50,220 → 00:01:52,170

Topher Marie: Thanks, Evelyn. It's great to be here. Thank you

00:01:52,170 → 00:01:53,190

so much for having me.

00:01:54,210 → 00:01:56,790

Eveline Oehrlich: It's great to have you with us. And again,

00:01:56,790 → 00:02:01,410

thank you so much for your time. I'm sure as you're in your role,

00:02:01,410 → 00:02:04,110

you have lots of other things to do. So that's why I'm very

00:02:04,110 → 00:02:09,540

appreciative of your time. Now, before we get into details, of

00:02:09,540 → 00:02:14,850

course, I was checking you out with a variety of things in your

00:02:14,850 → 00:02:18,330

background, and I saw that you went to the School of Mines, and

00:02:18,330 → 00:02:22,110

that there are lots of references to Colorado. Am I

00:02:22,110 → 00:02:26,580

correct to assume that you have some roots in Colorado with

00:02:26,580 → 00:02:27,630

stretch identity?

00:02:28,020 → 00:02:31,380

Topher Marie: Indeed, I'm born and raised here. I have been in

00:02:31,380 → 00:02:35,610

Colorado most of my life. And yes, School of Mines. I was an

00:02:35,610 → 00:02:38,910

undergrad graduate there. And I was actually a adjunct professor

00:02:38,910 → 00:02:39,960

there for a while to

00:02:40,710 → 00:02:43,860

Eveline Oehrlich: Wow, fantastic. Life sometimes is

00:02:43,860 → 00:02:49,740

just a coincidence. But I think we, I would say maybe are a

00:02:49,740 → 00:02:53,550

match in heaven to some extent, because I lived in Colorado in

00:02:53,550 → 00:02:57,810

Fort Collins. For 32 years. I had my daughter stared. And now

00:02:57,810 → 00:03:02,880

long, long gone. I moved back to Europe in 2018. And I miss

00:03:02,880 → 00:03:06,900

Colorado very, very, very much. So talking to you today gives me

00:03:06,900 → 00:03:11,130

a little bit of a homesickness. So please greet Colorado for me.

00:03:12,090 → 00:03:15,960

I will actually be there soon. So maybe we can meet and have a

00:03:15,960 → 00:03:20,310

cup of coffee together somewhere in the area. Anyway. I'd love

00:03:20,310 → 00:03:24,660

Yes, that would be fun. I really would love that too. Excellent.

00:03:25,560 → 00:03:28,500

So we're not here to talk about Colorado even so if you have not

00:03:28,500 → 00:03:32,100

visited Colorado you have to we are here to talk about identity

00:03:32,100 → 00:03:36,420

orchestration, which most likely a topic which not every one of

00:03:36,420 → 00:03:40,950

our listeners might be familiar with Serato for what is identity

00:03:40,950 → 00:03:45,120

orchestration? And why for a second question, why is this so

00:03:45,120 → 00:03:45,840

important?

00:03:46,680 → 00:03:50,070

Topher Marie: Yeah, so I don't blame people for not being

00:03:50,070 → 00:03:53,160

familiar with the term but it's something that we've really been

00:03:53,160 → 00:03:58,830

championing championing. It's kind of a new space in identity

00:03:58,920 → 00:04:01,500

over the last four years, we've really been pushing it, and it's

00:04:01,500 → 00:04:05,400

really starting to take off here. So what is identity

00:04:05,400 → 00:04:08,790

orchestration? And why is it important? So to me, identity,

00:04:08,790 → 00:04:13,410

or identity orchestration is kind of an abstraction layer on

00:04:13,410 → 00:04:19,050

top of the existing identity, or I'm going to start that again.

00:04:19,080 → 00:04:23,910

Sorry, but let me go back to the beginning on like, what is

00:04:23,910 → 00:04:27,990

identity orchestration? So to me, identity orchestration is

00:04:27,990 → 00:04:34,380

really an abstraction layer on top of the other identity

00:04:34,380 → 00:04:38,640

components that a company may already have. So there's three

00:04:38,640 → 00:04:41,730

parts to this. The first would be what I call distributed

00:04:42,180 → 00:04:45,330

identity. Almost all organizations already have their

00:04:45,330 → 00:04:49,500

identity in multiple, multiple places. Smaller ones might have

00:04:49,500 → 00:04:52,680

various silos, like in SAS products might have an HR

00:04:52,680 → 00:04:57,120

system, they have their email in Gmail. They have issue tracking

00:04:57,120 → 00:05:01,230

and larger organizations might have this for fragmented across

00:05:01,230 → 00:05:04,830

different departments, different business units. They one

00:05:04,830 → 00:05:08,280

business unit might be focused on Okta, another one might be

00:05:08,280 → 00:05:12,030

focused on using, let's say, a joueur as their identity system

00:05:12,030 → 00:05:16,350

of record. And that's quite common. Another reason that this

00:05:16,380 → 00:05:20,640

identity fragmentation happens is just because of mergers and

00:05:20,640 → 00:05:24,810

acquisitions as a company grows, it might acquire another

00:05:24,810 → 00:05:28,470

company, and that company might have had a different focus on

00:05:28,470 → 00:05:33,630

their identity, where their directory of identity was, and

00:05:33,630 → 00:05:36,900

so mixing and matching those things becomes difficult. And

00:05:37,110 → 00:05:40,920

one approach that our industry has taken over the last, I don't

00:05:40,920 → 00:05:44,760

know two decades, or whatever is one identity to rule them all,

00:05:44,760 → 00:05:48,300

or a virtual directory, or something of that sort, where

00:05:49,350 → 00:05:53,220

you're moving all of the identities into one place. And

00:05:53,220 → 00:05:56,490

it's time to admit that that really just does not work. This

00:05:56,490 → 00:06:00,780

mixing and matching of where my identities are stored, has just,

00:06:00,870 → 00:06:04,800

if anything proliferated, and then worse and worse over the

00:06:04,800 → 00:06:09,720

last few years rather than mitigated by trying to have this

00:06:10,710 → 00:06:14,940

one identity to rule them all. So that's, that's the first part

00:06:14,970 → 00:06:19,500

of what identity orchestration addresses the distributed

00:06:19,500 → 00:06:23,250

identity systems. The second one is there's a variety of tools

00:06:23,460 → 00:06:29,460

and implementations. various vendors, various producers of

00:06:29,460 → 00:06:34,680

identity products, have their first off like their directories

00:06:34,680 → 00:06:37,530

like I was just talking about, you might have some identities

00:06:37,530 → 00:06:39,990

in Azure, or you might have other identities and Ping

00:06:39,990 → 00:06:43,290

Identity. And also, on top of that, you might have different

00:06:43,290 → 00:06:46,920

MFA providers for a long time we were using RSA tokens is a

00:06:46,920 → 00:06:51,720

completely separate second factor that people could use in

00:06:51,720 → 00:06:54,600

order to secure their systems. We also have different

00:06:54,630 → 00:06:58,830

authorization engines. Now that our back versus a back we have

00:06:59,040 → 00:07:02,130

identity proofing, we have governance, so we have a large

00:07:02,130 → 00:07:07,020

variety of different identity tools that we need to make work

00:07:07,020 → 00:07:11,700

together. And the third one, the third component, I would say, of

00:07:12,000 → 00:07:16,620

identity orchestration is the customized user journeys, where

00:07:16,800 → 00:07:22,110

every if we were to rely just on one identity provider, that

00:07:22,110 → 00:07:26,610

might not be the right way for us to log our users in, that

00:07:26,610 → 00:07:29,190

might not be what we want to do, we might want to have a

00:07:29,190 → 00:07:33,150

different mix of these tools and implementations, we might want

00:07:33,150 → 00:07:36,630

to have a different mix of even where the door where the

00:07:36,630 → 00:07:40,560

identities are stored in the first place. So the Customize

00:07:40,560 → 00:07:45,390

User journey allows us to say hey, so despite where their

00:07:45,390 → 00:07:49,080

identity might be stored, I want them to have the same user login

00:07:49,080 → 00:07:53,460

screen. And then I might want to decide which different MFA

00:07:53,460 → 00:07:57,060

provider they use based on what they are trying to get into. And

00:07:57,060 → 00:08:01,200

I might want to use identity proofing for some users and not

00:08:01,200 → 00:08:05,340

for other users. So to me, identity orchestration is all

00:08:05,550 → 00:08:08,310

about those three things, distributed identity, the

00:08:08,310 → 00:08:11,460

variety of tools and implementations that we can make

00:08:11,460 → 00:08:13,680

work together and the customized user journey.

00:08:14,550 → 00:08:19,410

Eveline Oehrlich: Wow. Lots of I can already kind of guess why

00:08:19,410 → 00:08:22,320

this is important. Why I did the orchestration is important,

00:08:22,350 → 00:08:26,040

because I've been in it long enough to realize some of the

00:08:26,040 → 00:08:29,850

benefits but love to hear it. From your perspective, why is it

00:08:29,850 → 00:08:32,910

that the orchestration really important?

00:08:35,700 → 00:08:38,700

Topher Marie: Yeah, but so identity orchestration is very

00:08:38,700 → 00:08:43,320

important, because as companies are moving to the cloud, or

00:08:43,320 → 00:08:47,640

multiple clouds, and I will pause there and say that most

00:08:47,640 → 00:08:51,840

companies don't just have one cloud. They most companies have

00:08:51,840 → 00:08:54,600

different departments that are working in different clouds, or

00:08:54,600 → 00:08:57,750

even different products that they have to work with, that are

00:08:57,780 → 00:09:01,500

residing, that the compute for those products is residing in

00:09:01,500 → 00:09:06,630

different clouds. And as this just grows, more and more, it

00:09:06,630 → 00:09:09,540

becomes a huge concern about Alright, so what am I going to

00:09:09,540 → 00:09:14,280

try to do here is AWS going to be the center of my identity is

00:09:14,280 → 00:09:17,610

as you're going to be the center of my identity? Am I doing LDAP

00:09:17,610 → 00:09:22,950

on premises? How do I make all of this work together? So as we

00:09:22,950 → 00:09:27,000

become more of a multi cloud industry, it's very important

00:09:27,000 → 00:09:29,880

that we have some way of making all of these identity systems

00:09:29,880 → 00:09:34,230

work together, and also all of our identity targets. Should I

00:09:34,230 → 00:09:37,920

say all of the applications that are consuming identity? How do

00:09:37,920 → 00:09:42,510

we make it so hey, this person logged in from AWS, but the

00:09:42,510 → 00:09:47,370

actual application is residing in Azure or on premises? How do

00:09:47,370 → 00:09:52,530

I make that identity palatable to the target application? And

00:09:52,530 → 00:09:56,250

how do I avoid rewriting that application? If I've got an old

00:09:56,250 → 00:10:00,360

application that was using a legacy identity system such as

00:10:00,990 → 00:10:04,200

one that we very commonly see as ca SiteMinder, we see a lot of

00:10:04,200 → 00:10:08,550

Oracle products as well. Consumers are trying to get away

00:10:08,550 → 00:10:11,520

from those legacy products as they move into cloud

00:10:11,520 → 00:10:14,610

infrastructure, how do we make it so you don't have to rewrite

00:10:14,640 → 00:10:18,270

an application that was targeted to one of those legacy products.

00:10:18,510 → 00:10:20,910

That's something that we do and something that really, really

00:10:20,910 → 00:10:24,330

resonates with our customers. Beautiful.

00:10:24,360 → 00:10:26,700

Eveline Oehrlich: So I heard you improve collaboration, of

00:10:26,700 → 00:10:31,050

course, right reuse, and with it, of course, saving time, and

00:10:31,050 → 00:10:34,590

hassle for all of those who actually have to work together

00:10:34,590 → 00:10:37,920

and manage all of those different identities. Absolutely

00:10:37,920 → 00:10:42,720

intriguing. Certainly an area which our listeners are

00:10:42,750 → 00:10:47,850

extremely interested. Fantastic, super. Now, I was doing

00:10:47,880 → 00:10:51,390

additional research, you know, analysts like myself, which I

00:10:51,390 → 00:10:55,560

am, by nature by heart and have always been always curious. And

00:10:56,400 → 00:10:59,730

your company was co founded by Eric Alden, Eric Leach and

00:10:59,730 → 00:11:03,720

yourself and researching your company a little bit, I found it

00:11:03,810 → 00:11:07,410

very interesting that even before you all figured out

00:11:07,470 → 00:11:11,430

exactly how strategy would work or how it would get funded. You

00:11:11,430 → 00:11:16,410

laid out core values. And this really tickled me and I love

00:11:16,410 → 00:11:21,120

them. So the core values of openness, honesty, integrity,

00:11:21,240 → 00:11:26,880

transparency, accountability, and empowerment. This really is

00:11:26,880 → 00:11:31,470

very dear near to me, because I worked for Hewlett Packard when

00:11:31,470 → 00:11:35,490

it was Hewlett Packard many moons ago. And these types of

00:11:35,490 → 00:11:39,120

things were very much written in like an HP way. So that's why I

00:11:39,120 → 00:11:45,900

love this so much. Additionally, in 22, you guys got voted by Ink

00:11:45,900 → 00:11:53,010

Magazine, in are listed as best workplaces and the extract from

00:11:53,010 → 00:11:58,650

a press release, it said, best workplaces, 2020 to 475

00:11:58,950 → 00:12:02,700

employers, these companies out of Florida 75, employers have

00:12:02,700 → 00:12:07,980

cracked the code for excellent company culture. Now my

00:12:07,980 → 00:12:12,390

question, give us some examples on how this plays out in your

00:12:12,390 → 00:12:17,340

day to day work within strata. What what do you guys do? How do

00:12:17,340 → 00:12:20,520

you make this openness, honesty, all of those wonderful core

00:12:20,520 → 00:12:22,380

values? How do you practice them?

00:12:23,549 → 00:12:26,819

Topher Marie: Yeah, it's a thank you for acknowledging that it

00:12:26,819 → 00:12:31,409

was very deliberate for us to come in, figure out what kind of

00:12:31,409 → 00:12:35,159

company we wanted to work for what kind of culture we wanted

00:12:35,159 → 00:12:40,199

to inculcate. So this was very edifying to have to be

00:12:40,199 → 00:12:47,909

recognized a few years ago by buy the industry as a great

00:12:47,909 → 00:12:51,389

place to work. So in our day to day lives, well, first off, we

00:12:51,389 → 00:12:54,569

have a couple of ceremonies which are more weekly, but we

00:12:54,569 → 00:12:57,929

have a Mavericks Monday, we call it where the first thing that

00:12:57,929 → 00:13:01,619

happens is we come in and we just discuss a this is what's

00:13:01,619 → 00:13:06,629

going on this week across the entire company. And here's what

00:13:06,629 → 00:13:09,359

every individual is looking forward to. And what they're

00:13:09,359 → 00:13:13,019

going to be doing that week really promotes the openness

00:13:13,019 → 00:13:16,349

really promotes that communication. Many times I've

00:13:16,349 → 00:13:19,439

been on those calls, Zoom meetings, I've been on that Zoom

00:13:19,439 → 00:13:22,229

meeting and realize, hey, that's something that we've already

00:13:22,229 → 00:13:24,869

done like six weeks ago, let me help you out there, or oh, this

00:13:24,869 → 00:13:29,309

person might be struggling with this, and be able to offer help,

00:13:29,519 → 00:13:33,059

that openness, that that communication is very core to

00:13:33,059 → 00:13:37,799

us. Another thing that we do is what we call Aloha Friday. So we

00:13:37,799 → 00:13:40,139

have the Mavericks Monday that kicks off the week. And then on

00:13:40,139 → 00:13:43,919

Friday, we all get together. Again, we're a completely

00:13:43,919 → 00:13:47,639

distributed company. So most of us are just joining over zoom, a

00:13:47,639 → 00:13:51,419

few in offices here in there. But over zoom, we get together

00:13:51,419 → 00:13:55,349

and we just talk about the week, hey, here's what's happened. And

00:13:55,379 → 00:13:58,319

here's what I'm thankful for here are things that I'm very

00:13:58,319 → 00:14:02,639

appreciative of, let me call out this person, let me call out

00:14:02,639 → 00:14:07,259

this team, let me discuss, this is what happened and look at how

00:14:07,289 → 00:14:10,469

they really gave their all in order to turn something around

00:14:10,469 → 00:14:13,649

very quickly, or the great communication that happened or

00:14:13,649 → 00:14:18,059

here's the event that a that our marketing department put on and

00:14:18,059 → 00:14:22,349

look at all the pictures of our happy attendees, those kinds of

00:14:22,349 → 00:14:26,399

things are very rewarding, just to be able to have that

00:14:26,399 → 00:14:29,879

communication. You know, as companies become more and more

00:14:29,879 → 00:14:34,319

distributed. As we have more work from home, it becomes

00:14:34,319 → 00:14:39,509

really easy to be isolated. So it's important to us that we

00:14:39,509 → 00:14:43,289

have this open communication and we have this ability to call

00:14:43,289 → 00:14:46,019

each other out for Hey, these are great things that people

00:14:46,019 → 00:14:48,629

have done. Let's have these conversations. Let's feel like a

00:14:48,629 → 00:14:50,699

team and work together on things.

00:14:53,309 → 00:14:56,729

Narrator: Do you want to advance your career and organization? We

00:14:56,729 → 00:15:00,539

can help you do that. DevOps Institute offers a wide range of

00:15:00,569 → 00:15:04,049

educational experiences for you to begin your upskilling

00:15:04,049 → 00:15:07,319

journey. Whether you're looking for a defined path to

00:15:07,319 → 00:15:11,339

certification, exploring the latest in DevOps, or connecting

00:15:11,339 → 00:15:14,159

with the larger community, we can help you develop the

00:15:14,159 → 00:15:18,209

specialized skills needed for the future of it. And it won't

00:15:18,209 → 00:15:21,539

just be good for your career. It will also make you indispensable

00:15:21,539 → 00:15:24,839

at work with our lineup of industry recognized DevOps

00:15:24,839 → 00:15:28,799

certifications, digital learning opportunities, and engaging

00:15:28,799 → 00:15:32,489

events, you can connect with our network of experts and expand

00:15:32,489 → 00:15:36,539

your potential today. Visit DevOps institute.com and join

00:15:36,539 → 00:15:37,649

our community now.

00:15:39,149 → 00:15:41,969

Eveline Oehrlich: I love those. I think I'm going to, I don't

00:15:41,969 → 00:15:46,139

want to use the word copy. I think I use word leverage. I'm

00:15:46,139 → 00:15:51,899

going to leverage this into a new team I'm forming. I love the

00:15:52,079 → 00:15:55,709

Mavericks Monday, I might call it something else to be more.

00:15:56,879 → 00:16:01,079

That's all that's not so American. Right? And then Aloha

00:16:01,079 → 00:16:04,589

Friday, everybody knows Aloha. Even we here in Europe, of

00:16:04,589 → 00:16:07,739

course, no Aloha. So I didn't have those. That's fantastic.

00:16:08,129 → 00:16:09,479

Thank you for sharing that.

00:16:10,649 → 00:16:13,859

Topher Marie: It just, it just occurred to me that when I saved

00:16:13,859 → 00:16:17,639

Mavericks Monday, it might not. I realized that Netflix is the

00:16:17,639 → 00:16:20,429

name of our main product. And that's why we've chosen that

00:16:20,429 → 00:16:25,529

particular alliteration there for Mavericks Monday. Ah, not

00:16:25,529 → 00:16:30,689

just because we are also Mavericks with K, the product

00:16:30,689 → 00:16:35,159

Maverick was actually Mavericks was actually named after a

00:16:35,189 → 00:16:39,869

particular wave in California that is important is powerful is

00:16:39,869 → 00:16:43,889

great for a lot of different surfers, and three co founders,

00:16:44,159 → 00:16:47,519

we actually built the company or decided on these core values

00:16:47,519 → 00:16:50,009

that we were just talking about as we were on a surfing trip in

00:16:50,009 → 00:16:55,319

Puerto Rico. So surfing is kind of I wouldn't say a core value,

00:16:55,319 → 00:16:58,799

but something that resonates with a lot of us, so Oh, great.

00:16:58,860 → 00:17:00,990

Eveline Oehrlich: Excellent, excellent. You have to come to

00:17:01,410 → 00:17:06,930

Nazarene or Nazareth down in Portugal, in April or in January

00:17:06,930 → 00:17:09,420

to watch the maverick stare. That's a fantastic place.

00:17:09,450 → 00:17:13,800

Excellent. All right. Let's go back to strategize. So, in your

00:17:13,800 → 00:17:19,620

words, why is what started us unique when we think about the

00:17:19,620 → 00:17:20,760

identity orchestration?

00:17:21,029 → 00:17:24,689

Topher Marie: Yeah, great question. So recently, at the

00:17:24,719 → 00:17:30,329

Gartner conference here in 2023, a cube con said, vendors are

00:17:30,329 → 00:17:33,239

going to have to handle orchestration, or they will be

00:17:33,239 → 00:17:39,059

orchestrated. So to me, I see, from a consumer point of view,

00:17:39,509 → 00:17:42,929

great value in decoupling the orchestrations from a particular

00:17:42,929 → 00:17:47,339

vendor. Every company probably, again has multiple vendors that

00:17:47,339 → 00:17:49,829

they're working with, if you're a nontrivially sized

00:17:50,129 → 00:17:53,159

organization, you've got multiple IDPs, whether you like

00:17:53,159 → 00:17:58,169

it or not, and orchestration can be seen as an abstraction layer

00:17:58,169 → 00:18:03,809

on top of that identity. So it prevents some of the lock in and

00:18:03,809 → 00:18:06,539

gives you leverage in the future. When you think about

00:18:06,539 → 00:18:09,989

changing vendors or you think about changing approaches. The

00:18:09,989 → 00:18:14,489

problem that I see, with every vendor becoming their own

00:18:14,519 → 00:18:18,329

identity orchestration system, which you we are seeing that

00:18:18,749 → 00:18:22,049

every vendor is pushing into that area is that they become

00:18:22,049 → 00:18:25,289

their own little sinkhole, they become their own little center

00:18:25,289 → 00:18:28,349

of gravity. And so it's no better to say, Okay, I have to

00:18:28,349 → 00:18:34,319

escape from the orchestration of one vendor, in order to be able

00:18:34,319 → 00:18:37,679

to leverage the capabilities of another vendor, you're still

00:18:37,679 → 00:18:42,059

getting into the center of gravity. So as a, I'll say,

00:18:42,089 → 00:18:48,209

neutral vendor of orchestration that allows us to help you to

00:18:48,239 → 00:18:53,579

not be so bound to any so coupled to any one particular

00:18:53,609 → 00:18:57,059

vendor. It also allows us to do a lot more customized

00:18:57,149 → 00:19:02,339

customizability in that we don't have a preferred way of doing

00:19:02,339 → 00:19:06,209

let's say, NFA, if you are in a particular, if you are tied to a

00:19:06,209 → 00:19:09,539

particular vendor, and they just want to push you into their own

00:19:09,539 → 00:19:12,749

NFA system all of the time. I mean, of course, that's what

00:19:12,749 → 00:19:15,809

they're incentivized to do, the more that they can lock you into

00:19:15,809 → 00:19:17,969

their particular product, the better it is for them, but it's

00:19:17,969 → 00:19:21,389

not good for the consumers to be locked into any particular

00:19:21,389 → 00:19:25,049

product. They'd rather choose the best of breed for for

00:19:25,049 → 00:19:28,889

anything and with identity, which is my main concern.

00:19:28,889 → 00:19:32,369

That's, that's obviously true. Let's let them choose the

00:19:32,369 → 00:19:36,959

identity directory that they need for any particular

00:19:36,959 → 00:19:40,289

application or for any particular user journey. Let's

00:19:40,319 → 00:19:43,919

then let them layer on top of that the MFA. Let's then let

00:19:43,919 → 00:19:47,189

them layer on top of that the governance system or creating

00:19:47,189 → 00:19:52,559

new customers, sorry, new users in these directory systems. So

00:19:52,649 → 00:19:58,259

our best of breed approach and our neutral approach to how

00:19:58,259 → 00:20:02,009

identity systems work is really The different than any one

00:20:02,009 → 00:20:06,209

particular identity vendor trying to get into the

00:20:06,209 → 00:20:07,199

orchestration.

00:20:09,150 → 00:20:11,430

Eveline Oehrlich: Right. So best of breed and then the

00:20:11,430 → 00:20:14,610

Switzerland, right, as you said the neutral, we sometimes use

00:20:14,610 → 00:20:18,690

that in Europe to describe neutrality, which is, which is

00:20:19,020 → 00:20:22,500

everybody understands super. Now as we know, there are many

00:20:22,500 → 00:20:26,040

organizations which are working on moving off outdated cloud

00:20:26,040 → 00:20:28,950

identity providers to more secure and flexible cloud

00:20:28,950 → 00:20:31,860

identity systems like Octa, you mentioned a few already

00:20:31,860 → 00:20:38,670

Microsoft assure AWS and more. And you you guys recently

00:20:38,700 → 00:20:42,390

announced no code software recipes for application

00:20:42,540 → 00:20:46,230

modernisations I love the word recipes. I might have called

00:20:46,230 → 00:20:49,980

them blue books, or blue or blue books or Blue Book, sorry,

00:20:50,460 → 00:20:54,540

playbooks, blue books, just try to sell my daughter's car. So

00:20:54,540 → 00:20:57,810

that's why I'm in love books, but playbooks for application

00:20:57,810 → 00:21:01,080

modernization, but you call them recipes. Tell us what do these

00:21:01,080 → 00:21:02,250

recipes do?

00:21:03,030 → 00:21:05,970

Topher Marie: Yeah, there are some common use cases that we

00:21:05,970 → 00:21:10,200

see as we talk to consumers. As we talk to prospects as we talk

00:21:10,200 → 00:21:13,920

to our customers that they have the same problem across the

00:21:13,920 → 00:21:16,440

entire industry, a lot of people are trying to move off of some

00:21:16,440 → 00:21:20,760

of these legacy systems and into more modern identity

00:21:21,240 → 00:21:25,440

architectures, but they don't want to rewrite their original

00:21:25,440 → 00:21:29,190

application that was tied to the legacy system. So for instance,

00:21:29,190 → 00:21:34,290

one of our Blueprints Wow, now you've got me doing. Sorry, one

00:21:34,290 → 00:21:37,530

of our recipes is, hey, here's a no code approach. All you have

00:21:37,530 → 00:21:40,950

to do is drop this in and we can move you off of the legacy

00:21:40,950 → 00:21:43,740

application start the legacy infrastructure, such as site

00:21:43,740 → 00:21:48,840

minder, or Oracle, we can move you off of that very simply. And

00:21:48,840 → 00:21:52,980

now you're working against a modern identity systems such as

00:21:52,980 → 00:21:58,560

insurer or Okta, got other ones. For instance, one common

00:21:58,620 → 00:22:04,200

scenario that we see is, instead of moving, so one common

00:22:04,200 → 00:22:07,740

scenario is, hey, I'm moving from one identity architecture,

00:22:07,740 → 00:22:11,070

one identity framework to another identity framework, or

00:22:11,070 → 00:22:13,740

I'm trying to move the center of gravity or here's, here's this

00:22:13,740 → 00:22:16,980

one that has just jacked up the price by five times eight times.

00:22:16,980 → 00:22:20,760

And so I need to move my users out of there. But I don't want

00:22:20,760 → 00:22:25,290

to do the Big Bang cutover from one to the other. I don't want

00:22:25,740 → 00:22:30,180

users to come in one Monday morning, and suddenly their user

00:22:30,180 → 00:22:33,600

experience is completely different. So that goes kind of

00:22:33,600 → 00:22:38,610

to our, to our user journeys story where we can have the

00:22:38,610 → 00:22:41,280

customized user journey that looks the same as before. But

00:22:41,280 → 00:22:45,900

another component of this particular recipe is we can move

00:22:45,900 → 00:22:49,320

the users from one identity system to the other identity

00:22:49,320 → 00:22:53,160

system, without them knowing about that. So they're still

00:22:53,340 → 00:22:56,760

logging into the first identity system, they're still passing in

00:22:56,760 → 00:23:01,410

their username and password to let's say, a, let's say to a

00:23:01,410 → 00:23:06,090

SiteMinder based application, we will go and create the user at

00:23:06,090 → 00:23:10,860

runtime in Okta, or in Ping Identity, wherever the target

00:23:10,860 → 00:23:14,070

destination is, without them, knowing that anything has

00:23:14,070 → 00:23:17,160

happened there. This is also a perfect time for us to layer on

00:23:17,310 → 00:23:20,910

a second factor, if the legacy identity system didn't have

00:23:20,940 → 00:23:24,210

second factors, we know who that user is, because they just

00:23:24,210 → 00:23:29,220

logged in to the legacy system where we have a good handle on

00:23:29,220 → 00:23:32,970

their session at that time. Let's now prompt them and move

00:23:32,970 → 00:23:36,420

them through the process of adding a second factor. But

00:23:36,420 → 00:23:39,690

again, this is a incremental thing, just as users are logging

00:23:39,690 → 00:23:42,810

in. And you don't even have to do all users at once. You can do

00:23:42,900 → 00:23:46,620

individual, you 10% of your users one week 20% Next week,

00:23:46,620 → 00:23:49,650

you know, move over to the system gradually. So it's not as

00:23:49,650 → 00:23:54,120

nightmare Big Bang cutover where your entire infrastructure team,

00:23:54,120 → 00:23:57,150

all of the DevOps people are there all weekend and crossing

00:23:57,150 → 00:24:00,270

their fingers on Monday morning that something disastrous

00:24:00,270 → 00:24:04,470

doesn't happen and you haven't locked out 10,000 users. That's

00:24:04,470 → 00:24:08,040

a nightmare scenario with us. Yeah, just layer on this, again,

00:24:08,070 → 00:24:12,120

abstraction layer. And we have recipes that help with this.

00:24:12,960 → 00:24:17,430

This transference of your center of gravity for your identity

00:24:17,430 → 00:24:18,810

systems from one to the other.

00:24:19,830 → 00:24:22,050

Eveline Oehrlich: That already answers. So one of the questions

00:24:22,080 → 00:24:25,260

What would you advise our listeners to do right away, it's

00:24:25,260 → 00:24:28,470

really take a look at these recipes. I think this is a

00:24:28,470 → 00:24:32,070

great, a great idea. Now, I want to look a little bit into the

00:24:32,070 → 00:24:36,090

future before we end this because I want to look into your

00:24:36,090 → 00:24:40,380

crystal ball. From our research. We know there's a skill shortage

00:24:40,380 → 00:24:43,710

in it. Right. We also know from Gartner and Forrester, my old

00:24:43,710 → 00:24:47,940

colleagues there, there's a not too much additional money in

00:24:47,940 → 00:24:53,400

terms of budgets in 23 for it so it's really all about how do we

00:24:53,400 → 00:24:58,350

upskill rescale and save cost to get all of this done right. So

00:24:58,920 → 00:25:02,700

what would you say If I asked you predictions around that add

00:25:02,700 → 00:25:07,170

orchestration 23 Oh, my goodness is almost half over. But we

00:25:07,170 → 00:25:09,870

still have a few months left, but for 23 and maybe beyond,

00:25:10,290 → 00:25:12,870

when you look in their crystal ball predictions around identity

00:25:12,870 → 00:25:14,130

orchestration from you.

00:25:15,599 → 00:25:18,419

Topher Marie: Yeah, I think that one prediction, which has

00:25:18,419 → 00:25:21,629

already come true, as we're gonna see, the term

00:25:21,689 → 00:25:24,329

orchestration tossed around quite a bit, I think it's going

00:25:24,329 → 00:25:28,379

to become like zero trust has become over the last 510 years

00:25:28,379 → 00:25:31,199

where it's just everywhere, it loses all of its meaning,

00:25:31,199 → 00:25:34,109

because we just say, Yeah, I've got some orchestration, I can

00:25:34,319 → 00:25:38,429

work with a different identity system, or I like to customize

00:25:38,429 → 00:25:42,329

the user journey, they really kind of ticks tick the boxes,

00:25:42,329 → 00:25:46,469

but they missed the spirit of it, I don't want to be caught up

00:25:46,469 → 00:25:49,349

in one identity system and not be able to choose the best of

00:25:49,349 → 00:25:53,459

breed for from some other places. So I would suggest that,

00:25:54,089 → 00:25:57,749

that listeners kind of inoculate themselves against the buzzword.

00:25:57,779 → 00:26:01,169

What is it really? What is our identity orchestration actually

00:26:01,169 → 00:26:03,959

mean? And how would it benefit me, if it doesn't matter that

00:26:03,959 → 00:26:07,289

you have, if you are actually just in one identity system,

00:26:07,559 → 00:26:10,439

then then you don't care about it. But I think that most

00:26:10,649 → 00:26:14,789

nontrivially size organizations probably could benefit from

00:26:14,999 → 00:26:18,329

identity orchestration. And what they should do is let's, let's

00:26:18,329 → 00:26:21,869

look at some of these siloed identities that I have, you

00:26:21,869 → 00:26:26,699

know, not just my main directories as your or aka or

00:26:26,699 → 00:26:31,559

wherever I keep keep the main body of directories, but also

00:26:31,559 → 00:26:35,189

all of the other subsystems EHR system, the email, though,

00:26:35,189 → 00:26:38,129

whatever it is, how can I make these things work together

00:26:38,129 → 00:26:41,729

better and think about the underused utilities that you

00:26:41,729 → 00:26:46,589

already have? Maybe one small department had as a particular

00:26:46,589 → 00:26:49,889

need. And so they had to pick a particular MFA vendor? How do I

00:26:49,889 → 00:26:53,309

unlock that and actually make it available across the entire

00:26:53,309 → 00:26:57,239

organization? Or how can I use identity orchestration to choose

00:26:57,239 → 00:27:00,119

and make the best use of all of these tools that I'm paying for,

00:27:00,269 → 00:27:02,879

and maybe stop paying for some of the tools that I don't need

00:27:02,879 → 00:27:06,509

anymore, or law, getting rid of some of these legacy systems

00:27:06,509 → 00:27:10,349

that are really really jacking up the prices and getting really

00:27:10,349 → 00:27:14,639

expensive? So unlocking a lot of value by allowing you to mix and

00:27:14,639 → 00:27:17,999

match your identity systems, the tools that you're using and to

00:27:17,999 → 00:27:19,589

customize that user journey.

00:27:20,609 → 00:27:23,939

Eveline Oehrlich: Great advice. Super. And I love that you

00:27:23,939 → 00:27:26,639

mentioned zero trust shout out to my old colleague, John Kim

00:27:26,639 → 00:27:30,929

Novak, who is called the father of zero trust. So excellent,

00:27:30,929 → 00:27:34,979

fantastic advice. All right. I have one more question. It has

00:27:35,009 → 00:27:38,519

nothing to do with identity orchestration, sadly, but truly,

00:27:38,549 → 00:27:41,819

I want to know, what do you do for fun because you live in

00:27:41,819 → 00:27:45,389

Colorado, you're a surfer, but I don't think there was any

00:27:45,389 → 00:27:49,439

surfing in Colorado. But maybe you have found some places. Tell

00:27:49,439 → 00:27:50,729

us what you do for fun. Dover

00:27:50,910 → 00:27:54,210

Topher Marie: definitely knows surfing. Definitely no surfing

00:27:54,210 → 00:27:58,440

here. What I do, I think it's one of those classic I grew up

00:27:58,440 → 00:28:01,830

in Colorado, I used to do a lot of skiing. I used to get up

00:28:01,830 → 00:28:06,180

there into the mountains for doing that. But honestly, the

00:28:06,210 → 00:28:09,570

traffic is just making that kind of unpalatable. He's spent a lot

00:28:09,570 → 00:28:13,050

of time just right driving out there and driving back. So one

00:28:13,050 → 00:28:15,570

of the things that I really liked doing is going to other

00:28:15,570 → 00:28:19,530

places in the mountains, not the popular i 70 area but other

00:28:19,530 → 00:28:21,720

places in the mountains and doing a lot of hiking, doing a

00:28:21,720 → 00:28:24,000

lot of mountain climbing. That's something I've been passionate

00:28:24,000 → 00:28:28,470

about for decades now doing mountain climbing. I've got a

00:28:28,470 → 00:28:33,030

goal of doing Aconcagua, which is the tallest peak in South

00:28:33,030 → 00:28:35,850

America. I've had a goal of doing it a couple of years back

00:28:35,850 → 00:28:41,940

but unfortunately COVID knocked out plan to the side. So now I'm

00:28:41,970 → 00:28:44,880

now that I'm back in Colorado, spending all my time here. I'm

00:28:44,940 → 00:28:48,900

able to get into the mountains, get my fitness back up and hope

00:28:48,900 → 00:28:50,880

to get that done this coming winter.

00:28:51,660 → 00:28:53,940

Eveline Oehrlich: Wow, great goal to have good luck. That

00:28:53,940 → 00:28:58,890

sounds fantastic. Thank you so much for this has been a great

00:28:58,890 → 00:29:03,000

conversation. We have been talking to Topher Murray, CTO

00:29:03,030 → 00:29:07,380

and co founder at Strata identity again, thanks so much

00:29:07,380 → 00:29:10,590

for joining me today on humans of DevOps podcast.

00:29:10,889 → 00:29:12,839

Topher Marie: Thank you, Evelyn. I had a great time.

00:29:13,950 → 00:29:16,050

Eveline Oehrlich: Humans of DevOps podcast is produced by

00:29:16,050 → 00:29:19,050

DevOps Institute. Our audio production team includes Daniel

00:29:19,050 → 00:29:22,920

Newman, Schultz and Brendan Lee, shout out to my colleagues. I'm

00:29:22,920 → 00:29:25,320

humans of DevOps podcast, executive producer

00:29:25,320 → 00:29:28,800

evolutionarily. If you would like to join us on the podcast,

00:29:28,800 → 00:29:33,180

please contact us at humans of DevOps podcast at DevOps

00:29:33,210 → 00:29:37,110

institute.com. I'm Evelyn ilish. Talk to you soon.

00:29:39,330 → 00:29:41,430

Narrator: Thanks for listening to this episode of the humans of

00:29:41,430 → 00:29:44,970

DevOps podcast. Don't forget to join our global community to get

00:29:44,970 → 00:29:48,330

access to even more great resources like this. Until next

00:29:48,330 → 00:29:51,630

time, remember, you are part of something bigger than yourself.

00:29:52,080 → 00:29:52,860

You belong

Sorry, your browser isn't supported by Audioboom.

Page load failed