1 00:00:02,939 --> 00:00:05,819 Narrator: You're listening to the humans of DevOps podcast, a 2 00:00:05,819 --> 00:00:09,449 podcast focused on advancing the humans of DevOps through skills, 3 00:00:09,479 --> 00:00:13,799 knowledge, ideas, and learning, or the skil framework. 4 00:00:17,400 --> 00:00:20,250 Topher Marie: Consumers are trying to get away from those 5 00:00:20,250 --> 00:00:24,690 legacy products as they move into cloud infrastructure. How 6 00:00:24,690 --> 00:00:27,780 do we make it so you don't have to rewrite an application that 7 00:00:27,780 --> 00:00:30,960 was targeted to one of those legacy products. That's 8 00:00:30,960 --> 00:00:31,740 something that we do. 9 00:00:33,750 --> 00:00:36,870 Eveline Oehrlich: Welcome to the humans of DevOps Podcast. I'm 10 00:00:36,870 --> 00:00:41,520 evolutionarily Chief Research Officer at DevOps Institute. Our 11 00:00:41,520 --> 00:00:47,070 episode title today is identity orchestration titbits, and I 12 00:00:47,070 --> 00:00:49,890 have a very special guest. I'll tell you in a minute why that 13 00:00:49,890 --> 00:00:53,610 guest is very special to me. Today we have with us Topher 14 00:00:53,610 --> 00:00:58,500 Murray, who is CTO and co founder of strata. I'm saying 15 00:00:58,500 --> 00:01:01,320 that a little bit with an Italian accent for no reason 16 00:01:01,320 --> 00:01:04,050 just because I like the word, but let me tell you a little bit 17 00:01:04,050 --> 00:01:07,830 about Topher. So Topher is the CTO and co founder of strata 18 00:01:07,830 --> 00:01:10,830 identity, focusing on introducing identity 19 00:01:10,830 --> 00:01:14,760 orchestration to the security ecosystem. Before start 20 00:01:14,760 --> 00:01:19,920 identity, Topher was the CTO and co founder of jump cloud. In the 21 00:01:19,920 --> 00:01:23,160 past, he has also been an architect for Oracle's global 22 00:01:23,160 --> 00:01:27,240 cloud identity and security security portfolio, and a 23 00:01:27,240 --> 00:01:32,490 product owner for us zero. He was simplified lead architect 24 00:01:32,580 --> 00:01:37,650 and got his start in identity at ping back in the early days. As 25 00:01:37,650 --> 00:01:41,850 part of his role. Topher travels extensively, developing a deep 26 00:01:41,850 --> 00:01:48,210 appreciation for local cultures, food, and languages. Welcome to 27 00:01:48,240 --> 00:01:49,620 our podcasts over. 28 00:01:50,220 --> 00:01:52,170 Topher Marie: Thanks, Evelyn. It's great to be here. Thank you 29 00:01:52,170 --> 00:01:53,190 so much for having me. 30 00:01:54,210 --> 00:01:56,790 Eveline Oehrlich: It's great to have you with us. And again, 31 00:01:56,790 --> 00:02:01,410 thank you so much for your time. I'm sure as you're in your role, 32 00:02:01,410 --> 00:02:04,110 you have lots of other things to do. So that's why I'm very 33 00:02:04,110 --> 00:02:09,540 appreciative of your time. Now, before we get into details, of 34 00:02:09,540 --> 00:02:14,850 course, I was checking you out with a variety of things in your 35 00:02:14,850 --> 00:02:18,330 background, and I saw that you went to the School of Mines, and 36 00:02:18,330 --> 00:02:22,110 that there are lots of references to Colorado. Am I 37 00:02:22,110 --> 00:02:26,580 correct to assume that you have some roots in Colorado with 38 00:02:26,580 --> 00:02:27,630 stretch identity? 39 00:02:28,020 --> 00:02:31,380 Topher Marie: Indeed, I'm born and raised here. I have been in 40 00:02:31,380 --> 00:02:35,610 Colorado most of my life. And yes, School of Mines. I was an 41 00:02:35,610 --> 00:02:38,910 undergrad graduate there. And I was actually a adjunct professor 42 00:02:38,910 --> 00:02:39,960 there for a while to 43 00:02:40,710 --> 00:02:43,860 Eveline Oehrlich: Wow, fantastic. Life sometimes is 44 00:02:43,860 --> 00:02:49,740 just a coincidence. But I think we, I would say maybe are a 45 00:02:49,740 --> 00:02:53,550 match in heaven to some extent, because I lived in Colorado in 46 00:02:53,550 --> 00:02:57,810 Fort Collins. For 32 years. I had my daughter stared. And now 47 00:02:57,810 --> 00:03:02,880 long, long gone. I moved back to Europe in 2018. And I miss 48 00:03:02,880 --> 00:03:06,900 Colorado very, very, very much. So talking to you today gives me 49 00:03:06,900 --> 00:03:11,130 a little bit of a homesickness. So please greet Colorado for me. 50 00:03:12,090 --> 00:03:15,960 I will actually be there soon. So maybe we can meet and have a 51 00:03:15,960 --> 00:03:20,310 cup of coffee together somewhere in the area. Anyway. I'd love 52 00:03:20,310 --> 00:03:24,660 Yes, that would be fun. I really would love that too. Excellent. 53 00:03:25,560 --> 00:03:28,500 So we're not here to talk about Colorado even so if you have not 54 00:03:28,500 --> 00:03:32,100 visited Colorado you have to we are here to talk about identity 55 00:03:32,100 --> 00:03:36,420 orchestration, which most likely a topic which not every one of 56 00:03:36,420 --> 00:03:40,950 our listeners might be familiar with Serato for what is identity 57 00:03:40,950 --> 00:03:45,120 orchestration? And why for a second question, why is this so 58 00:03:45,120 --> 00:03:45,840 important? 59 00:03:46,680 --> 00:03:50,070 Topher Marie: Yeah, so I don't blame people for not being 60 00:03:50,070 --> 00:03:53,160 familiar with the term but it's something that we've really been 61 00:03:53,160 --> 00:03:58,830 championing championing. It's kind of a new space in identity 62 00:03:58,920 --> 00:04:01,500 over the last four years, we've really been pushing it, and it's 63 00:04:01,500 --> 00:04:05,400 really starting to take off here. So what is identity 64 00:04:05,400 --> 00:04:08,790 orchestration? And why is it important? So to me, identity, 65 00:04:08,790 --> 00:04:13,410 or identity orchestration is kind of an abstraction layer on 66 00:04:13,410 --> 00:04:19,050 top of the existing identity, or I'm going to start that again. 67 00:04:19,080 --> 00:04:23,910 Sorry, but let me go back to the beginning on like, what is 68 00:04:23,910 --> 00:04:27,990 identity orchestration? So to me, identity orchestration is 69 00:04:27,990 --> 00:04:34,380 really an abstraction layer on top of the other identity 70 00:04:34,380 --> 00:04:38,640 components that a company may already have. So there's three 71 00:04:38,640 --> 00:04:41,730 parts to this. The first would be what I call distributed 72 00:04:42,180 --> 00:04:45,330 identity. Almost all organizations already have their 73 00:04:45,330 --> 00:04:49,500 identity in multiple, multiple places. Smaller ones might have 74 00:04:49,500 --> 00:04:52,680 various silos, like in SAS products might have an HR 75 00:04:52,680 --> 00:04:57,120 system, they have their email in Gmail. They have issue tracking 76 00:04:57,120 --> 00:05:01,230 and larger organizations might have this for fragmented across 77 00:05:01,230 --> 00:05:04,830 different departments, different business units. They one 78 00:05:04,830 --> 00:05:08,280 business unit might be focused on Okta, another one might be 79 00:05:08,280 --> 00:05:12,030 focused on using, let's say, a joueur as their identity system 80 00:05:12,030 --> 00:05:16,350 of record. And that's quite common. Another reason that this 81 00:05:16,380 --> 00:05:20,640 identity fragmentation happens is just because of mergers and 82 00:05:20,640 --> 00:05:24,810 acquisitions as a company grows, it might acquire another 83 00:05:24,810 --> 00:05:28,470 company, and that company might have had a different focus on 84 00:05:28,470 --> 00:05:33,630 their identity, where their directory of identity was, and 85 00:05:33,630 --> 00:05:36,900 so mixing and matching those things becomes difficult. And 86 00:05:37,110 --> 00:05:40,920 one approach that our industry has taken over the last, I don't 87 00:05:40,920 --> 00:05:44,760 know two decades, or whatever is one identity to rule them all, 88 00:05:44,760 --> 00:05:48,300 or a virtual directory, or something of that sort, where 89 00:05:49,350 --> 00:05:53,220 you're moving all of the identities into one place. And 90 00:05:53,220 --> 00:05:56,490 it's time to admit that that really just does not work. This 91 00:05:56,490 --> 00:06:00,780 mixing and matching of where my identities are stored, has just, 92 00:06:00,870 --> 00:06:04,800 if anything proliferated, and then worse and worse over the 93 00:06:04,800 --> 00:06:09,720 last few years rather than mitigated by trying to have this 94 00:06:10,710 --> 00:06:14,940 one identity to rule them all. So that's, that's the first part 95 00:06:14,970 --> 00:06:19,500 of what identity orchestration addresses the distributed 96 00:06:19,500 --> 00:06:23,250 identity systems. The second one is there's a variety of tools 97 00:06:23,460 --> 00:06:29,460 and implementations. various vendors, various producers of 98 00:06:29,460 --> 00:06:34,680 identity products, have their first off like their directories 99 00:06:34,680 --> 00:06:37,530 like I was just talking about, you might have some identities 100 00:06:37,530 --> 00:06:39,990 in Azure, or you might have other identities and Ping 101 00:06:39,990 --> 00:06:43,290 Identity. And also, on top of that, you might have different 102 00:06:43,290 --> 00:06:46,920 MFA providers for a long time we were using RSA tokens is a 103 00:06:46,920 --> 00:06:51,720 completely separate second factor that people could use in 104 00:06:51,720 --> 00:06:54,600 order to secure their systems. We also have different 105 00:06:54,630 --> 00:06:58,830 authorization engines. Now that our back versus a back we have 106 00:06:59,040 --> 00:07:02,130 identity proofing, we have governance, so we have a large 107 00:07:02,130 --> 00:07:07,020 variety of different identity tools that we need to make work 108 00:07:07,020 --> 00:07:11,700 together. And the third one, the third component, I would say, of 109 00:07:12,000 --> 00:07:16,620 identity orchestration is the customized user journeys, where 110 00:07:16,800 --> 00:07:22,110 every if we were to rely just on one identity provider, that 111 00:07:22,110 --> 00:07:26,610 might not be the right way for us to log our users in, that 112 00:07:26,610 --> 00:07:29,190 might not be what we want to do, we might want to have a 113 00:07:29,190 --> 00:07:33,150 different mix of these tools and implementations, we might want 114 00:07:33,150 --> 00:07:36,630 to have a different mix of even where the door where the 115 00:07:36,630 --> 00:07:40,560 identities are stored in the first place. So the Customize 116 00:07:40,560 --> 00:07:45,390 User journey allows us to say hey, so despite where their 117 00:07:45,390 --> 00:07:49,080 identity might be stored, I want them to have the same user login 118 00:07:49,080 --> 00:07:53,460 screen. And then I might want to decide which different MFA 119 00:07:53,460 --> 00:07:57,060 provider they use based on what they are trying to get into. And 120 00:07:57,060 --> 00:08:01,200 I might want to use identity proofing for some users and not 121 00:08:01,200 --> 00:08:05,340 for other users. So to me, identity orchestration is all 122 00:08:05,550 --> 00:08:08,310 about those three things, distributed identity, the 123 00:08:08,310 --> 00:08:11,460 variety of tools and implementations that we can make 124 00:08:11,460 --> 00:08:13,680 work together and the customized user journey. 125 00:08:14,550 --> 00:08:19,410 Eveline Oehrlich: Wow. Lots of I can already kind of guess why 126 00:08:19,410 --> 00:08:22,320 this is important. Why I did the orchestration is important, 127 00:08:22,350 --> 00:08:26,040 because I've been in it long enough to realize some of the 128 00:08:26,040 --> 00:08:29,850 benefits but love to hear it. From your perspective, why is it 129 00:08:29,850 --> 00:08:32,910 that the orchestration really important? 130 00:08:35,700 --> 00:08:38,700 Topher Marie: Yeah, but so identity orchestration is very 131 00:08:38,700 --> 00:08:43,320 important, because as companies are moving to the cloud, or 132 00:08:43,320 --> 00:08:47,640 multiple clouds, and I will pause there and say that most 133 00:08:47,640 --> 00:08:51,840 companies don't just have one cloud. They most companies have 134 00:08:51,840 --> 00:08:54,600 different departments that are working in different clouds, or 135 00:08:54,600 --> 00:08:57,750 even different products that they have to work with, that are 136 00:08:57,780 --> 00:09:01,500 residing, that the compute for those products is residing in 137 00:09:01,500 --> 00:09:06,630 different clouds. And as this just grows, more and more, it 138 00:09:06,630 --> 00:09:09,540 becomes a huge concern about Alright, so what am I going to 139 00:09:09,540 --> 00:09:14,280 try to do here is AWS going to be the center of my identity is 140 00:09:14,280 --> 00:09:17,610 as you're going to be the center of my identity? Am I doing LDAP 141 00:09:17,610 --> 00:09:22,950 on premises? How do I make all of this work together? So as we 142 00:09:22,950 --> 00:09:27,000 become more of a multi cloud industry, it's very important 143 00:09:27,000 --> 00:09:29,880 that we have some way of making all of these identity systems 144 00:09:29,880 --> 00:09:34,230 work together, and also all of our identity targets. Should I 145 00:09:34,230 --> 00:09:37,920 say all of the applications that are consuming identity? How do 146 00:09:37,920 --> 00:09:42,510 we make it so hey, this person logged in from AWS, but the 147 00:09:42,510 --> 00:09:47,370 actual application is residing in Azure or on premises? How do 148 00:09:47,370 --> 00:09:52,530 I make that identity palatable to the target application? And 149 00:09:52,530 --> 00:09:56,250 how do I avoid rewriting that application? If I've got an old 150 00:09:56,250 --> 00:10:00,360 application that was using a legacy identity system such as 151 00:10:00,990 --> 00:10:04,200 one that we very commonly see as ca SiteMinder, we see a lot of 152 00:10:04,200 --> 00:10:08,550 Oracle products as well. Consumers are trying to get away 153 00:10:08,550 --> 00:10:11,520 from those legacy products as they move into cloud 154 00:10:11,520 --> 00:10:14,610 infrastructure, how do we make it so you don't have to rewrite 155 00:10:14,640 --> 00:10:18,270 an application that was targeted to one of those legacy products. 156 00:10:18,510 --> 00:10:20,910 That's something that we do and something that really, really 157 00:10:20,910 --> 00:10:24,330 resonates with our customers. Beautiful. 158 00:10:24,360 --> 00:10:26,700 Eveline Oehrlich: So I heard you improve collaboration, of 159 00:10:26,700 --> 00:10:31,050 course, right reuse, and with it, of course, saving time, and 160 00:10:31,050 --> 00:10:34,590 hassle for all of those who actually have to work together 161 00:10:34,590 --> 00:10:37,920 and manage all of those different identities. Absolutely 162 00:10:37,920 --> 00:10:42,720 intriguing. Certainly an area which our listeners are 163 00:10:42,750 --> 00:10:47,850 extremely interested. Fantastic, super. Now, I was doing 164 00:10:47,880 --> 00:10:51,390 additional research, you know, analysts like myself, which I 165 00:10:51,390 --> 00:10:55,560 am, by nature by heart and have always been always curious. And 166 00:10:56,400 --> 00:10:59,730 your company was co founded by Eric Alden, Eric Leach and 167 00:10:59,730 --> 00:11:03,720 yourself and researching your company a little bit, I found it 168 00:11:03,810 --> 00:11:07,410 very interesting that even before you all figured out 169 00:11:07,470 --> 00:11:11,430 exactly how strategy would work or how it would get funded. You 170 00:11:11,430 --> 00:11:16,410 laid out core values. And this really tickled me and I love 171 00:11:16,410 --> 00:11:21,120 them. So the core values of openness, honesty, integrity, 172 00:11:21,240 --> 00:11:26,880 transparency, accountability, and empowerment. This really is 173 00:11:26,880 --> 00:11:31,470 very dear near to me, because I worked for Hewlett Packard when 174 00:11:31,470 --> 00:11:35,490 it was Hewlett Packard many moons ago. And these types of 175 00:11:35,490 --> 00:11:39,120 things were very much written in like an HP way. So that's why I 176 00:11:39,120 --> 00:11:45,900 love this so much. Additionally, in 22, you guys got voted by Ink 177 00:11:45,900 --> 00:11:53,010 Magazine, in are listed as best workplaces and the extract from 178 00:11:53,010 --> 00:11:58,650 a press release, it said, best workplaces, 2020 to 475 179 00:11:58,950 --> 00:12:02,700 employers, these companies out of Florida 75, employers have 180 00:12:02,700 --> 00:12:07,980 cracked the code for excellent company culture. Now my 181 00:12:07,980 --> 00:12:12,390 question, give us some examples on how this plays out in your 182 00:12:12,390 --> 00:12:17,340 day to day work within strata. What what do you guys do? How do 183 00:12:17,340 --> 00:12:20,520 you make this openness, honesty, all of those wonderful core 184 00:12:20,520 --> 00:12:22,380 values? How do you practice them? 185 00:12:23,549 --> 00:12:26,819 Topher Marie: Yeah, it's a thank you for acknowledging that it 186 00:12:26,819 --> 00:12:31,409 was very deliberate for us to come in, figure out what kind of 187 00:12:31,409 --> 00:12:35,159 company we wanted to work for what kind of culture we wanted 188 00:12:35,159 --> 00:12:40,199 to inculcate. So this was very edifying to have to be 189 00:12:40,199 --> 00:12:47,909 recognized a few years ago by buy the industry as a great 190 00:12:47,909 --> 00:12:51,389 place to work. So in our day to day lives, well, first off, we 191 00:12:51,389 --> 00:12:54,569 have a couple of ceremonies which are more weekly, but we 192 00:12:54,569 --> 00:12:57,929 have a Mavericks Monday, we call it where the first thing that 193 00:12:57,929 --> 00:13:01,619 happens is we come in and we just discuss a this is what's 194 00:13:01,619 --> 00:13:06,629 going on this week across the entire company. And here's what 195 00:13:06,629 --> 00:13:09,359 every individual is looking forward to. And what they're 196 00:13:09,359 --> 00:13:13,019 going to be doing that week really promotes the openness 197 00:13:13,019 --> 00:13:16,349 really promotes that communication. Many times I've 198 00:13:16,349 --> 00:13:19,439 been on those calls, Zoom meetings, I've been on that Zoom 199 00:13:19,439 --> 00:13:22,229 meeting and realize, hey, that's something that we've already 200 00:13:22,229 --> 00:13:24,869 done like six weeks ago, let me help you out there, or oh, this 201 00:13:24,869 --> 00:13:29,309 person might be struggling with this, and be able to offer help, 202 00:13:29,519 --> 00:13:33,059 that openness, that that communication is very core to 203 00:13:33,059 --> 00:13:37,799 us. Another thing that we do is what we call Aloha Friday. So we 204 00:13:37,799 --> 00:13:40,139 have the Mavericks Monday that kicks off the week. And then on 205 00:13:40,139 --> 00:13:43,919 Friday, we all get together. Again, we're a completely 206 00:13:43,919 --> 00:13:47,639 distributed company. So most of us are just joining over zoom, a 207 00:13:47,639 --> 00:13:51,419 few in offices here in there. But over zoom, we get together 208 00:13:51,419 --> 00:13:55,349 and we just talk about the week, hey, here's what's happened. And 209 00:13:55,379 --> 00:13:58,319 here's what I'm thankful for here are things that I'm very 210 00:13:58,319 --> 00:14:02,639 appreciative of, let me call out this person, let me call out 211 00:14:02,639 --> 00:14:07,259 this team, let me discuss, this is what happened and look at how 212 00:14:07,289 --> 00:14:10,469 they really gave their all in order to turn something around 213 00:14:10,469 --> 00:14:13,649 very quickly, or the great communication that happened or 214 00:14:13,649 --> 00:14:18,059 here's the event that a that our marketing department put on and 215 00:14:18,059 --> 00:14:22,349 look at all the pictures of our happy attendees, those kinds of 216 00:14:22,349 --> 00:14:26,399 things are very rewarding, just to be able to have that 217 00:14:26,399 --> 00:14:29,879 communication. You know, as companies become more and more 218 00:14:29,879 --> 00:14:34,319 distributed. As we have more work from home, it becomes 219 00:14:34,319 --> 00:14:39,509 really easy to be isolated. So it's important to us that we 220 00:14:39,509 --> 00:14:43,289 have this open communication and we have this ability to call 221 00:14:43,289 --> 00:14:46,019 each other out for Hey, these are great things that people 222 00:14:46,019 --> 00:14:48,629 have done. Let's have these conversations. Let's feel like a 223 00:14:48,629 --> 00:14:50,699 team and work together on things. 224 00:14:53,309 --> 00:14:56,729 Narrator: Do you want to advance your career and organization? We 225 00:14:56,729 --> 00:15:00,539 can help you do that. DevOps Institute offers a wide range of 226 00:15:00,569 --> 00:15:04,049 educational experiences for you to begin your upskilling 227 00:15:04,049 --> 00:15:07,319 journey. Whether you're looking for a defined path to 228 00:15:07,319 --> 00:15:11,339 certification, exploring the latest in DevOps, or connecting 229 00:15:11,339 --> 00:15:14,159 with the larger community, we can help you develop the 230 00:15:14,159 --> 00:15:18,209 specialized skills needed for the future of it. And it won't 231 00:15:18,209 --> 00:15:21,539 just be good for your career. It will also make you indispensable 232 00:15:21,539 --> 00:15:24,839 at work with our lineup of industry recognized DevOps 233 00:15:24,839 --> 00:15:28,799 certifications, digital learning opportunities, and engaging 234 00:15:28,799 --> 00:15:32,489 events, you can connect with our network of experts and expand 235 00:15:32,489 --> 00:15:36,539 your potential today. Visit DevOps institute.com and join 236 00:15:36,539 --> 00:15:37,649 our community now. 237 00:15:39,149 --> 00:15:41,969 Eveline Oehrlich: I love those. I think I'm going to, I don't 238 00:15:41,969 --> 00:15:46,139 want to use the word copy. I think I use word leverage. I'm 239 00:15:46,139 --> 00:15:51,899 going to leverage this into a new team I'm forming. I love the 240 00:15:52,079 --> 00:15:55,709 Mavericks Monday, I might call it something else to be more. 241 00:15:56,879 --> 00:16:01,079 That's all that's not so American. Right? And then Aloha 242 00:16:01,079 --> 00:16:04,589 Friday, everybody knows Aloha. Even we here in Europe, of 243 00:16:04,589 --> 00:16:07,739 course, no Aloha. So I didn't have those. That's fantastic. 244 00:16:08,129 --> 00:16:09,479 Thank you for sharing that. 245 00:16:10,649 --> 00:16:13,859 Topher Marie: It just, it just occurred to me that when I saved 246 00:16:13,859 --> 00:16:17,639 Mavericks Monday, it might not. I realized that Netflix is the 247 00:16:17,639 --> 00:16:20,429 name of our main product. And that's why we've chosen that 248 00:16:20,429 --> 00:16:25,529 particular alliteration there for Mavericks Monday. Ah, not 249 00:16:25,529 --> 00:16:30,689 just because we are also Mavericks with K, the product 250 00:16:30,689 --> 00:16:35,159 Maverick was actually Mavericks was actually named after a 251 00:16:35,189 --> 00:16:39,869 particular wave in California that is important is powerful is 252 00:16:39,869 --> 00:16:43,889 great for a lot of different surfers, and three co founders, 253 00:16:44,159 --> 00:16:47,519 we actually built the company or decided on these core values 254 00:16:47,519 --> 00:16:50,009 that we were just talking about as we were on a surfing trip in 255 00:16:50,009 --> 00:16:55,319 Puerto Rico. So surfing is kind of I wouldn't say a core value, 256 00:16:55,319 --> 00:16:58,799 but something that resonates with a lot of us, so Oh, great. 257 00:16:58,860 --> 00:17:00,990 Eveline Oehrlich: Excellent, excellent. You have to come to 258 00:17:01,410 --> 00:17:06,930 Nazarene or Nazareth down in Portugal, in April or in January 259 00:17:06,930 --> 00:17:09,420 to watch the maverick stare. That's a fantastic place. 260 00:17:09,450 --> 00:17:13,800 Excellent. All right. Let's go back to strategize. So, in your 261 00:17:13,800 --> 00:17:19,620 words, why is what started us unique when we think about the 262 00:17:19,620 --> 00:17:20,760 identity orchestration? 263 00:17:21,029 --> 00:17:24,689 Topher Marie: Yeah, great question. So recently, at the 264 00:17:24,719 --> 00:17:30,329 Gartner conference here in 2023, a cube con said, vendors are 265 00:17:30,329 --> 00:17:33,239 going to have to handle orchestration, or they will be 266 00:17:33,239 --> 00:17:39,059 orchestrated. So to me, I see, from a consumer point of view, 267 00:17:39,509 --> 00:17:42,929 great value in decoupling the orchestrations from a particular 268 00:17:42,929 --> 00:17:47,339 vendor. Every company probably, again has multiple vendors that 269 00:17:47,339 --> 00:17:49,829 they're working with, if you're a nontrivially sized 270 00:17:50,129 --> 00:17:53,159 organization, you've got multiple IDPs, whether you like 271 00:17:53,159 --> 00:17:58,169 it or not, and orchestration can be seen as an abstraction layer 272 00:17:58,169 --> 00:18:03,809 on top of that identity. So it prevents some of the lock in and 273 00:18:03,809 --> 00:18:06,539 gives you leverage in the future. When you think about 274 00:18:06,539 --> 00:18:09,989 changing vendors or you think about changing approaches. The 275 00:18:09,989 --> 00:18:14,489 problem that I see, with every vendor becoming their own 276 00:18:14,519 --> 00:18:18,329 identity orchestration system, which you we are seeing that 277 00:18:18,749 --> 00:18:22,049 every vendor is pushing into that area is that they become 278 00:18:22,049 --> 00:18:25,289 their own little sinkhole, they become their own little center 279 00:18:25,289 --> 00:18:28,349 of gravity. And so it's no better to say, Okay, I have to 280 00:18:28,349 --> 00:18:34,319 escape from the orchestration of one vendor, in order to be able 281 00:18:34,319 --> 00:18:37,679 to leverage the capabilities of another vendor, you're still 282 00:18:37,679 --> 00:18:42,059 getting into the center of gravity. So as a, I'll say, 283 00:18:42,089 --> 00:18:48,209 neutral vendor of orchestration that allows us to help you to 284 00:18:48,239 --> 00:18:53,579 not be so bound to any so coupled to any one particular 285 00:18:53,609 --> 00:18:57,059 vendor. It also allows us to do a lot more customized 286 00:18:57,149 --> 00:19:02,339 customizability in that we don't have a preferred way of doing 287 00:19:02,339 --> 00:19:06,209 let's say, NFA, if you are in a particular, if you are tied to a 288 00:19:06,209 --> 00:19:09,539 particular vendor, and they just want to push you into their own 289 00:19:09,539 --> 00:19:12,749 NFA system all of the time. I mean, of course, that's what 290 00:19:12,749 --> 00:19:15,809 they're incentivized to do, the more that they can lock you into 291 00:19:15,809 --> 00:19:17,969 their particular product, the better it is for them, but it's 292 00:19:17,969 --> 00:19:21,389 not good for the consumers to be locked into any particular 293 00:19:21,389 --> 00:19:25,049 product. They'd rather choose the best of breed for for 294 00:19:25,049 --> 00:19:28,889 anything and with identity, which is my main concern. 295 00:19:28,889 --> 00:19:32,369 That's, that's obviously true. Let's let them choose the 296 00:19:32,369 --> 00:19:36,959 identity directory that they need for any particular 297 00:19:36,959 --> 00:19:40,289 application or for any particular user journey. Let's 298 00:19:40,319 --> 00:19:43,919 then let them layer on top of that the MFA. Let's then let 299 00:19:43,919 --> 00:19:47,189 them layer on top of that the governance system or creating 300 00:19:47,189 --> 00:19:52,559 new customers, sorry, new users in these directory systems. So 301 00:19:52,649 --> 00:19:58,259 our best of breed approach and our neutral approach to how 302 00:19:58,259 --> 00:20:02,009 identity systems work is really The different than any one 303 00:20:02,009 --> 00:20:06,209 particular identity vendor trying to get into the 304 00:20:06,209 --> 00:20:07,199 orchestration. 305 00:20:09,150 --> 00:20:11,430 Eveline Oehrlich: Right. So best of breed and then the 306 00:20:11,430 --> 00:20:14,610 Switzerland, right, as you said the neutral, we sometimes use 307 00:20:14,610 --> 00:20:18,690 that in Europe to describe neutrality, which is, which is 308 00:20:19,020 --> 00:20:22,500 everybody understands super. Now as we know, there are many 309 00:20:22,500 --> 00:20:26,040 organizations which are working on moving off outdated cloud 310 00:20:26,040 --> 00:20:28,950 identity providers to more secure and flexible cloud 311 00:20:28,950 --> 00:20:31,860 identity systems like Octa, you mentioned a few already 312 00:20:31,860 --> 00:20:38,670 Microsoft assure AWS and more. And you you guys recently 313 00:20:38,700 --> 00:20:42,390 announced no code software recipes for application 314 00:20:42,540 --> 00:20:46,230 modernisations I love the word recipes. I might have called 315 00:20:46,230 --> 00:20:49,980 them blue books, or blue or blue books or Blue Book, sorry, 316 00:20:50,460 --> 00:20:54,540 playbooks, blue books, just try to sell my daughter's car. So 317 00:20:54,540 --> 00:20:57,810 that's why I'm in love books, but playbooks for application 318 00:20:57,810 --> 00:21:01,080 modernization, but you call them recipes. Tell us what do these 319 00:21:01,080 --> 00:21:02,250 recipes do? 320 00:21:03,030 --> 00:21:05,970 Topher Marie: Yeah, there are some common use cases that we 321 00:21:05,970 --> 00:21:10,200 see as we talk to consumers. As we talk to prospects as we talk 322 00:21:10,200 --> 00:21:13,920 to our customers that they have the same problem across the 323 00:21:13,920 --> 00:21:16,440 entire industry, a lot of people are trying to move off of some 324 00:21:16,440 --> 00:21:20,760 of these legacy systems and into more modern identity 325 00:21:21,240 --> 00:21:25,440 architectures, but they don't want to rewrite their original 326 00:21:25,440 --> 00:21:29,190 application that was tied to the legacy system. So for instance, 327 00:21:29,190 --> 00:21:34,290 one of our Blueprints Wow, now you've got me doing. Sorry, one 328 00:21:34,290 --> 00:21:37,530 of our recipes is, hey, here's a no code approach. All you have 329 00:21:37,530 --> 00:21:40,950 to do is drop this in and we can move you off of the legacy 330 00:21:40,950 --> 00:21:43,740 application start the legacy infrastructure, such as site 331 00:21:43,740 --> 00:21:48,840 minder, or Oracle, we can move you off of that very simply. And 332 00:21:48,840 --> 00:21:52,980 now you're working against a modern identity systems such as 333 00:21:52,980 --> 00:21:58,560 insurer or Okta, got other ones. For instance, one common 334 00:21:58,620 --> 00:22:04,200 scenario that we see is, instead of moving, so one common 335 00:22:04,200 --> 00:22:07,740 scenario is, hey, I'm moving from one identity architecture, 336 00:22:07,740 --> 00:22:11,070 one identity framework to another identity framework, or 337 00:22:11,070 --> 00:22:13,740 I'm trying to move the center of gravity or here's, here's this 338 00:22:13,740 --> 00:22:16,980 one that has just jacked up the price by five times eight times. 339 00:22:16,980 --> 00:22:20,760 And so I need to move my users out of there. But I don't want 340 00:22:20,760 --> 00:22:25,290 to do the Big Bang cutover from one to the other. I don't want 341 00:22:25,740 --> 00:22:30,180 users to come in one Monday morning, and suddenly their user 342 00:22:30,180 --> 00:22:33,600 experience is completely different. So that goes kind of 343 00:22:33,600 --> 00:22:38,610 to our, to our user journeys story where we can have the 344 00:22:38,610 --> 00:22:41,280 customized user journey that looks the same as before. But 345 00:22:41,280 --> 00:22:45,900 another component of this particular recipe is we can move 346 00:22:45,900 --> 00:22:49,320 the users from one identity system to the other identity 347 00:22:49,320 --> 00:22:53,160 system, without them knowing about that. So they're still 348 00:22:53,340 --> 00:22:56,760 logging into the first identity system, they're still passing in 349 00:22:56,760 --> 00:23:01,410 their username and password to let's say, a, let's say to a 350 00:23:01,410 --> 00:23:06,090 SiteMinder based application, we will go and create the user at 351 00:23:06,090 --> 00:23:10,860 runtime in Okta, or in Ping Identity, wherever the target 352 00:23:10,860 --> 00:23:14,070 destination is, without them, knowing that anything has 353 00:23:14,070 --> 00:23:17,160 happened there. This is also a perfect time for us to layer on 354 00:23:17,310 --> 00:23:20,910 a second factor, if the legacy identity system didn't have 355 00:23:20,940 --> 00:23:24,210 second factors, we know who that user is, because they just 356 00:23:24,210 --> 00:23:29,220 logged in to the legacy system where we have a good handle on 357 00:23:29,220 --> 00:23:32,970 their session at that time. Let's now prompt them and move 358 00:23:32,970 --> 00:23:36,420 them through the process of adding a second factor. But 359 00:23:36,420 --> 00:23:39,690 again, this is a incremental thing, just as users are logging 360 00:23:39,690 --> 00:23:42,810 in. And you don't even have to do all users at once. You can do 361 00:23:42,900 --> 00:23:46,620 individual, you 10% of your users one week 20% Next week, 362 00:23:46,620 --> 00:23:49,650 you know, move over to the system gradually. So it's not as 363 00:23:49,650 --> 00:23:54,120 nightmare Big Bang cutover where your entire infrastructure team, 364 00:23:54,120 --> 00:23:57,150 all of the DevOps people are there all weekend and crossing 365 00:23:57,150 --> 00:24:00,270 their fingers on Monday morning that something disastrous 366 00:24:00,270 --> 00:24:04,470 doesn't happen and you haven't locked out 10,000 users. That's 367 00:24:04,470 --> 00:24:08,040 a nightmare scenario with us. Yeah, just layer on this, again, 368 00:24:08,070 --> 00:24:12,120 abstraction layer. And we have recipes that help with this. 369 00:24:12,960 --> 00:24:17,430 This transference of your center of gravity for your identity 370 00:24:17,430 --> 00:24:18,810 systems from one to the other. 371 00:24:19,830 --> 00:24:22,050 Eveline Oehrlich: That already answers. So one of the questions 372 00:24:22,080 --> 00:24:25,260 What would you advise our listeners to do right away, it's 373 00:24:25,260 --> 00:24:28,470 really take a look at these recipes. I think this is a 374 00:24:28,470 --> 00:24:32,070 great, a great idea. Now, I want to look a little bit into the 375 00:24:32,070 --> 00:24:36,090 future before we end this because I want to look into your 376 00:24:36,090 --> 00:24:40,380 crystal ball. From our research. We know there's a skill shortage 377 00:24:40,380 --> 00:24:43,710 in it. Right. We also know from Gartner and Forrester, my old 378 00:24:43,710 --> 00:24:47,940 colleagues there, there's a not too much additional money in 379 00:24:47,940 --> 00:24:53,400 terms of budgets in 23 for it so it's really all about how do we 380 00:24:53,400 --> 00:24:58,350 upskill rescale and save cost to get all of this done right. So 381 00:24:58,920 --> 00:25:02,700 what would you say If I asked you predictions around that add 382 00:25:02,700 --> 00:25:07,170 orchestration 23 Oh, my goodness is almost half over. But we 383 00:25:07,170 --> 00:25:09,870 still have a few months left, but for 23 and maybe beyond, 384 00:25:10,290 --> 00:25:12,870 when you look in their crystal ball predictions around identity 385 00:25:12,870 --> 00:25:14,130 orchestration from you. 386 00:25:15,599 --> 00:25:18,419 Topher Marie: Yeah, I think that one prediction, which has 387 00:25:18,419 --> 00:25:21,629 already come true, as we're gonna see, the term 388 00:25:21,689 --> 00:25:24,329 orchestration tossed around quite a bit, I think it's going 389 00:25:24,329 --> 00:25:28,379 to become like zero trust has become over the last 510 years 390 00:25:28,379 --> 00:25:31,199 where it's just everywhere, it loses all of its meaning, 391 00:25:31,199 --> 00:25:34,109 because we just say, Yeah, I've got some orchestration, I can 392 00:25:34,319 --> 00:25:38,429 work with a different identity system, or I like to customize 393 00:25:38,429 --> 00:25:42,329 the user journey, they really kind of ticks tick the boxes, 394 00:25:42,329 --> 00:25:46,469 but they missed the spirit of it, I don't want to be caught up 395 00:25:46,469 --> 00:25:49,349 in one identity system and not be able to choose the best of 396 00:25:49,349 --> 00:25:53,459 breed for from some other places. So I would suggest that, 397 00:25:54,089 --> 00:25:57,749 that listeners kind of inoculate themselves against the buzzword. 398 00:25:57,779 --> 00:26:01,169 What is it really? What is our identity orchestration actually 399 00:26:01,169 --> 00:26:03,959 mean? And how would it benefit me, if it doesn't matter that 400 00:26:03,959 --> 00:26:07,289 you have, if you are actually just in one identity system, 401 00:26:07,559 --> 00:26:10,439 then then you don't care about it. But I think that most 402 00:26:10,649 --> 00:26:14,789 nontrivially size organizations probably could benefit from 403 00:26:14,999 --> 00:26:18,329 identity orchestration. And what they should do is let's, let's 404 00:26:18,329 --> 00:26:21,869 look at some of these siloed identities that I have, you 405 00:26:21,869 --> 00:26:26,699 know, not just my main directories as your or aka or 406 00:26:26,699 --> 00:26:31,559 wherever I keep keep the main body of directories, but also 407 00:26:31,559 --> 00:26:35,189 all of the other subsystems EHR system, the email, though, 408 00:26:35,189 --> 00:26:38,129 whatever it is, how can I make these things work together 409 00:26:38,129 --> 00:26:41,729 better and think about the underused utilities that you 410 00:26:41,729 --> 00:26:46,589 already have? Maybe one small department had as a particular 411 00:26:46,589 --> 00:26:49,889 need. And so they had to pick a particular MFA vendor? How do I 412 00:26:49,889 --> 00:26:53,309 unlock that and actually make it available across the entire 413 00:26:53,309 --> 00:26:57,239 organization? Or how can I use identity orchestration to choose 414 00:26:57,239 --> 00:27:00,119 and make the best use of all of these tools that I'm paying for, 415 00:27:00,269 --> 00:27:02,879 and maybe stop paying for some of the tools that I don't need 416 00:27:02,879 --> 00:27:06,509 anymore, or law, getting rid of some of these legacy systems 417 00:27:06,509 --> 00:27:10,349 that are really really jacking up the prices and getting really 418 00:27:10,349 --> 00:27:14,639 expensive? So unlocking a lot of value by allowing you to mix and 419 00:27:14,639 --> 00:27:17,999 match your identity systems, the tools that you're using and to 420 00:27:17,999 --> 00:27:19,589 customize that user journey. 421 00:27:20,609 --> 00:27:23,939 Eveline Oehrlich: Great advice. Super. And I love that you 422 00:27:23,939 --> 00:27:26,639 mentioned zero trust shout out to my old colleague, John Kim 423 00:27:26,639 --> 00:27:30,929 Novak, who is called the father of zero trust. So excellent, 424 00:27:30,929 --> 00:27:34,979 fantastic advice. All right. I have one more question. It has 425 00:27:35,009 --> 00:27:38,519 nothing to do with identity orchestration, sadly, but truly, 426 00:27:38,549 --> 00:27:41,819 I want to know, what do you do for fun because you live in 427 00:27:41,819 --> 00:27:45,389 Colorado, you're a surfer, but I don't think there was any 428 00:27:45,389 --> 00:27:49,439 surfing in Colorado. But maybe you have found some places. Tell 429 00:27:49,439 --> 00:27:50,729 us what you do for fun. Dover 430 00:27:50,910 --> 00:27:54,210 Topher Marie: definitely knows surfing. Definitely no surfing 431 00:27:54,210 --> 00:27:58,440 here. What I do, I think it's one of those classic I grew up 432 00:27:58,440 --> 00:28:01,830 in Colorado, I used to do a lot of skiing. I used to get up 433 00:28:01,830 --> 00:28:06,180 there into the mountains for doing that. But honestly, the 434 00:28:06,210 --> 00:28:09,570 traffic is just making that kind of unpalatable. He's spent a lot 435 00:28:09,570 --> 00:28:13,050 of time just right driving out there and driving back. So one 436 00:28:13,050 --> 00:28:15,570 of the things that I really liked doing is going to other 437 00:28:15,570 --> 00:28:19,530 places in the mountains, not the popular i 70 area but other 438 00:28:19,530 --> 00:28:21,720 places in the mountains and doing a lot of hiking, doing a 439 00:28:21,720 --> 00:28:24,000 lot of mountain climbing. That's something I've been passionate 440 00:28:24,000 --> 00:28:28,470 about for decades now doing mountain climbing. I've got a 441 00:28:28,470 --> 00:28:33,030 goal of doing Aconcagua, which is the tallest peak in South 442 00:28:33,030 --> 00:28:35,850 America. I've had a goal of doing it a couple of years back 443 00:28:35,850 --> 00:28:41,940 but unfortunately COVID knocked out plan to the side. So now I'm 444 00:28:41,970 --> 00:28:44,880 now that I'm back in Colorado, spending all my time here. I'm 445 00:28:44,940 --> 00:28:48,900 able to get into the mountains, get my fitness back up and hope 446 00:28:48,900 --> 00:28:50,880 to get that done this coming winter. 447 00:28:51,660 --> 00:28:53,940 Eveline Oehrlich: Wow, great goal to have good luck. That 448 00:28:53,940 --> 00:28:58,890 sounds fantastic. Thank you so much for this has been a great 449 00:28:58,890 --> 00:29:03,000 conversation. We have been talking to Topher Murray, CTO 450 00:29:03,030 --> 00:29:07,380 and co founder at Strata identity again, thanks so much 451 00:29:07,380 --> 00:29:10,590 for joining me today on humans of DevOps podcast. 452 00:29:10,889 --> 00:29:12,839 Topher Marie: Thank you, Evelyn. I had a great time. 453 00:29:13,950 --> 00:29:16,050 Eveline Oehrlich: Humans of DevOps podcast is produced by 454 00:29:16,050 --> 00:29:19,050 DevOps Institute. Our audio production team includes Daniel 455 00:29:19,050 --> 00:29:22,920 Newman, Schultz and Brendan Lee, shout out to my colleagues. I'm 456 00:29:22,920 --> 00:29:25,320 humans of DevOps podcast, executive producer 457 00:29:25,320 --> 00:29:28,800 evolutionarily. If you would like to join us on the podcast, 458 00:29:28,800 --> 00:29:33,180 please contact us at humans of DevOps podcast at DevOps 459 00:29:33,210 --> 00:29:37,110 institute.com. I'm Evelyn ilish. Talk to you soon. 460 00:29:39,330 --> 00:29:41,430 Narrator: Thanks for listening to this episode of the humans of 461 00:29:41,430 --> 00:29:44,970 DevOps podcast. Don't forget to join our global community to get 462 00:29:44,970 --> 00:29:48,330 access to even more great resources like this. Until next 463 00:29:48,330 --> 00:29:51,630 time, remember, you are part of something bigger than yourself. 464 00:29:52,080 --> 00:29:52,860 You belong