Security Offered as Components Empowering Enterprises to Gain Control

Thank you very much and thank all of you who are staying here despite the call of lunch and, and the beautiful outdoors. I think what we're gonna do in this session is fairly unique and differentiated from many of the technically driven sessions that you've seen thus far. We're really gonna be talking about how to make technology choices in a business context. A business context is typically or stereotypically described as a buy versus build. What we'd like to do is really unpack that and unpack it in a way that I think is consistent with Martin Kuppinger. Final takeaways. Slice the elephant up, right? Develop a plan to build over time and avoid taking on too much of the problems of building very new, very highly sensitive, and particularly systems that include authentication and authorization. So I'd like to have our two panelists briefly introduce themselves and then I'm gonna ask them a bunch of impartent questions. Ali?
Hi Ali. Hope you can all hear me in the back as well. Great. Excellent. Co-founder of Athlete and I look after the business development for athlete.
Hello. Afternoon, or not yet? Afternoon. I'm Tom. I work for DPG Media, which is a media company in Belgium and Netherlands and a little bit of Denmark. I am an IT area manager there, which means I'm budget responsible and contract responsible and people responsible. I'm one of the teams that work for me early identity team, and as such we build a identity platform for our company.
Terrific. I think it's important in to set this context because you have a supplier in the name of athlete with a set of tools and you have a, a integrator, user developer, project manager in the form of this gentleman right here. I think it's easy to, for you to put yourself into their positions where early on you're getting technical pressure and business pressure to move into identity systems at scale. Can you talk about where your journey began?
Yeah, we, 6, 6, 7 years ago, I think. So we're a media company. We do just about everything, media, linear tv, streaming, radio, newspapers, traditional newspapers, obviously now everything digital. We started out pretty basic in thinking that identity management was a commodity in commodities you buy. So we bought big platforms, integrated them, and along the way, which is a journey that took, yeah, four years. We, we, we, the business changed in the sense that identity became a strategic pillar. Identity became super important to us that the way users log in, how many times the login, where they log. This became so important to us that we decided to switch. It was not, it was no longer a commodity. We, we really needed to have control over what our users did when they did it, how they do it, and that's when we started to switch towards buying something, towards building something.
And why is that? Because you talked about requirements internally changing new requirements for business building, but what was your assessment of how the market was changing while you were looking for solution partners and technology tools,
Particularly
With respect to security and a p i protection?
I'm not sure how the market was changing, but we, we, we really wanted best of boat worlds. So we wanted to, we wanted to have the control, but we didn't necessarily wanna build all these things ourselves. And we, we kind of opportunistically thought maybe there's, maybe there's, there's a way to do this. We knew you could build everything yourselves, but this would, this would've taken us way too long. And so we went looking for partners, found a partner, a very good partner, an athlete who helped us do both, helped us be in control, build the things that we think are important, help our business achieve their goals, which is something that I think is, is often overlooked.
That's great. So while you're looking at it from a, a builder point of view, and what I meant by the market changing was the number of companies out there, number of solution sets, number of tools was increasing along following the demand for identity systems at scale. At the same time as you were building your solution, Ali, you were building athlete, what did you see as the opportunity for athlete in a market in this marketplace that's changing so rapidly?
So I think what we saw was that identity, as Tom had explained, was becoming more and more important. And as companies digitalized our services, they were looking for solutions that would secure their open APIs and all based on open standards to ensure interoperability like OAuth 2.0 and Open Id connect. And so the norm was to buy these services and implement the security from third party vendors. And we saw that, you know, buying from vendors was a great option in terms of time to market, but it sort of compromised on the ability to be flexible in terms of the UI or customizing it to the environment that the enterprise already had in terms of which database that they were using or which API management gateway system that they were using. There was really no one size fits all model. So we then sort of went back to the drawing board and designed an architecture which enabled enterprises to implement OAuth and Open Id Connect and all the profiles that sit on top of it, all this hard stuff in, in, in a very intuitive and a flexible manner, which we call the semi hosted architecture, which empowers the enterprises to really be flexible in the implementation in terms of the ui, UX is fully flexible.
It can integrate with any technology stack and it's relatively easy to implement. For example, you know, many of our customers were up and running and went live in about two weeks.
Whoa, whoa, whoa, whoa. So there's lots of people in the audience who are team leaders, architects and developers, and they've gotta go up to a management chain talking about new initiatives. And the traditional way is do we buy or do we build? Tom, from your perspective, can you reiterate that buy versus build thinking and Ali, can you do the same from your perspective as a customer, a user and developer and Ali Provi, a toolmaker and provider? Tom, you want go at that first?
Yeah, so I'm, I'm familiar with BI versus Build. We have them all the time. I'm, I used to be developers so I can say I'm lucky enough to work for a company where development still wins often. I think, I think it, it, these are always difficult discussions because what we talked about before as well was, was how do you, one, one of the things I keep coming back to is the value of the, how do you quantify business value? We tend to think and buy versus build always, at least with dpg it's always a lot of dollar signs and, and, and, and sums. But how do you, how do you explain to a business that in, in, in one scenario they may totally not get what they want. Maybe you only figure out what you want next year. So, so for us, we really wanted to find the middle road. We wanted to buy the hard stuff, build the glue end up in a situation where we could realize the business strategy or at least 99% of it. And we succeeded, even though we were a little bit lucky doing it, to be honest. I mean, as a development team, we drove this strategy, we presented it, we defended it, we built it, and in the end it worked out.
Tom, what was the hard stuff you talked about
Openly Connection or for example, I mean imagine that we, what we did was we built our own identity platform. If we had to add open connect and, or, I mean most people will, I guess know what Open Connect and or is in the room. If you wanna build it yourself, add six months to a year and then you've only built it, you still have to go live. And we all know it's when you go live that the real, the real world begins and you have to, you know, start adding on top because the spec changes all the time. So this is one of the things we're, we're happy that often exists because we could buy that hard stuff, we can plug it in, it's just an api. We have a fully compliant spec compliance, secure identity platform based on Open ID connect and o and we integrated it in two sprints maybe. So, so that's, that's where we're coming from.
Ali, semi hosted architecture.
Right. So I think I can maybe explain this good through my slides. Let me just see over here
And we'll be asking for questions very quickly because I suspect many of you are looking very interested, but want to kind of poke at this kind of use case that we're talking about.
Right. So just very quickly, I wanna explain to you what this third option to buy and build is. So Tom had mentioned, you know, all companies go through this discussion in terms of whether they should buy or they should build. Obviously it's most ideal if you can build it, but then again, do you have the resources, do you have the time and do you have the budget and so on and so forth. So we came up with this option, which is to buy our components and build it yourself. What that means is that, as you see on this slide, whatever API management gateway you're using or the technology stack or the database that you're using, it really fits into your architecture.
And you know, there's a chart over here. So when you're buying, you're kind of vendor dependent, but you know, you can go to market quite quickly when you're building, obviously you have all the flexibility, but the cost can be high and it can be quite time consuming. So the best of both worlds buy and build, it's flexible, it's timely and relatively cost effective. How this works is, as Donna Nast, it's a semi hosted architecture. What that means is that we provide the implementation of Open Id connect and oof 2.0 in all of their certified profiles through an api, which gives you the flexibility in designing your own ui. UX is freedom of choice, it's cost effective and obviously it's relatively quick in terms of implementing and it's based on the open standard.
Tom, how important were the standards to you from a solution builder point of view,
We, four years ago we noticed that we had an integration problem. If you integrate with proprietary APIs, this brings its its own set of issues. So the move to open a Connect was, was really set us free there. There was a tremendous amount of freedom that came with being able to talk the same language, being able to have a clear separation between who is integrating and using something and who is providing the platform. So I mean, open a Connect is, is, has been, has been really great for us. And, and to give you an idea of why we build something in a hundred or 200 plus absent sites integrated. So this is a scale that we're talking about. At this scale it's incredibly important to have a standard and, and so
Talk about the scale of your team.
The team is five guys, five developers. Unfortunately all guys is range standard. So its main stable. We've always had about five guys in the Atlantic team in in their development team. They build, they support, they run in production, these things. So we're fully DevOps in that way and they've been with us for a while now. Yeah, because they're all pretty passionate about what they do.
Again, for those of you that joined late, we were kind of connecting this presentation with the comments that Martin Kuppinger made earlier, earlier in his presentation, which was his advice to take slices of the elephant. As you go through this journey of building out this new infrastructure within existing infrastructures. Ali, you talked about cost effectiveness. Can you give a little bit more color to what that means to you as a tool provider?
Right. So we provide the components that help you build your authorization server fully certified, implemented with OOF and O I D C. It starts from around $999 a month of a subscription and then goes up in terms of usage and the type of profiles that you want to add on top, depending on your requirements such as fpi, that is now being very popular and ciba, which enhances the user experience,
I should say, as full disclosure, I've been closely associated with Open ID Foundation, so I'm biased towards these open standards in the building process. You also can see from my gray hair that I come from an era of build versus buy where you would always say, just let go with IBM and you'll never get criticized. But we're in a new era where hybrid solutions and different approaches are required and where standards become really essential questions from the audience. Let's, let's poke at this use case in this scenario that I su suspect many of you are familiar with, where you're trying to build a project, get the funding for it, build a team, get the funding for that team. And with the full knowledge that while you're doing that, the identity standards are slowly evolving, but the market's moving really quickly.
Questions, thank you very much. Yeah, we really only have time left. One short question. All right. One from the virtual audience. So can you tease us with some actual customer names who have implemented this? Oh, ideally a bigger customer enterprises.
Yeah, great question. So one of them is, you know, Tom representing DPG Media, which is the largest media company in Netherlands. We have New Bank, which is the largest digital bank in the world based out of Brazil, the, the largest digital bank in Japan, Mina Bank. And I think we've got 70 other customers that you can probably see on our website.
Wow.
Great. Thank you. Thank you for to coven your goal again, for allowing us to make this presentation. And again, I refer you to some of the discussions today about new standards. We heard earlier from Victoria and others at the Open ID Foundation about new ways of thinking, about how credentials are built, how authorization and approval systems are to constructed at sales at scale, using open standards. I think we're we're done. And lunch awaits, is that right? No, no, no. I'm
Sorry. Thank you. I'm sorry.