DevOps Institute

[EP106] Identity Orchestration Tidbits


Join Eveline Oehrlich and Topher Marie, CTO and Co-founder of Strata, to discuss Container Orchestration.

Before Strata, Topher was the CTO and a co-founder of JumpCloud. In the past, he has also been an Architect for Oracle’s global cloud identity and security portfolio and a Product Owner of Auth0. He was Symplified’s lead architect and got his start in identity at Ping in the early days.

As part of his role, Topher travels extensively, developing a deep appreciation for local cultures, foods, and languages.

The Humans of DevOps Podcast is incredibly grateful to be voted one of the Best 25 DevOps Podcasts by Feedspot.

Episode Transcript

Narrator 00:02
You’re listening to the humans of DevOps podcast, a podcast focused on advancing the humans of DevOps through skills, knowledge, ideas, and learning, or the skil framework.

Topher Marie 00:17
Consumers are trying to get away from those legacy products as they move into cloud infrastructure. How do we make it so you don’t have to rewrite an application that was targeted to one of those legacy products. That’s something that we do.

Eveline Oehrlich 00:33
Welcome to the humans of DevOps Podcast. I’m evolutionarily Chief Research Officer at DevOps Institute. Our episode title today is identity orchestration titbits, and I have a very special guest. I’ll tell you in a minute why that guest is very special to me. Today we have with us Topher Murray, who is CTO and co founder of strata. I’m saying that a little bit with an Italian accent for no reason just because I like the word, but let me tell you a little bit about Topher. So Topher is the CTO and co founder of strata identity, focusing on introducing identity orchestration to the security ecosystem. Before start identity, Topher was the CTO and co founder of jump cloud. In the past, he has also been an architect for Oracle’s global cloud identity and security security portfolio, and a product owner for us zero. He was simplified lead architect and got his start in identity at ping back in the early days. As part of his role. Topher travels extensively, developing a deep appreciation for local cultures, food, and languages. Welcome to our podcasts over.

Topher Marie 01:49
Thanks, Evelyn. It’s great to be here. Thank you so much for having me.

Eveline Oehrlich 01:54
It’s great to have you with us. And again, thank you so much for your time. I’m sure as you’re in your role, you have lots of other things to do. So that’s why I’m very appreciative of your time. Now, before we get into details, of course, I was checking you out with a variety of things in your background, and I saw that you went to the School of Mines, and that there are lots of references to Colorado. Am I correct to assume that you have some roots in Colorado with stretch identity?

Topher Marie 02:28
Indeed, I’m born and raised here. I have been in Colorado most of my life. And yes, School of Mines. I was an undergrad graduate there. And I was actually a adjunct professor there for a while to

Eveline Oehrlich 02:40
Wow, fantastic. Life sometimes is just a coincidence. But I think we, I would say maybe are a match in heaven to some extent, because I lived in Colorado in Fort Collins. For 32 years. I had my daughter stared. And now long, long gone. I moved back to Europe in 2018. And I miss Colorado very, very, very much. So talking to you today gives me a little bit of a homesickness. So please greet Colorado for me. I will actually be there soon. So maybe we can meet and have a cup of coffee together somewhere in the area. Anyway. I’d love Yes, that would be fun. I really would love that too. Excellent. So we’re not here to talk about Colorado even so if you have not visited Colorado you have to we are here to talk about identity orchestration, which most likely a topic which not every one of our listeners might be familiar with Serato for what is identity orchestration? And why for a second question, why is this so important?

Topher Marie 03:46
Yeah, so I don’t blame people for not being familiar with the term but it’s something that we’ve really been championing championing. It’s kind of a new space in identity over the last four years, we’ve really been pushing it, and it’s really starting to take off here. So what is identity orchestration? And why is it important? So to me, identity, or identity orchestration is kind of an abstraction layer on top of the existing identity, or I’m going to start that again. Sorry, but let me go back to the beginning on like, what is identity orchestration? So to me, identity orchestration is really an abstraction layer on top of the other identity components that a company may already have. So there’s three parts to this. The first would be what I call distributed identity. Almost all organizations already have their identity in multiple, multiple places. Smaller ones might have various silos, like in SAS products might have an HR system, they have their email in Gmail. They have issue tracking and larger organizations might have this for fragmented across different departments, different business units. They one business unit might be focused on Okta, another one might be focused on using, let’s say, a joueur as their identity system of record. And that’s quite common. Another reason that this identity fragmentation happens is just because of mergers and acquisitions as a company grows, it might acquire another company, and that company might have had a different focus on their identity, where their directory of identity was, and so mixing and matching those things becomes difficult. And one approach that our industry has taken over the last, I don’t know two decades, or whatever is one identity to rule them all, or a virtual directory, or something of that sort, where you’re moving all of the identities into one place. And it’s time to admit that that really just does not work. This mixing and matching of where my identities are stored, has just, if anything proliferated, and then worse and worse over the last few years rather than mitigated by trying to have this one identity to rule them all. So that’s, that’s the first part of what identity orchestration addresses the distributed identity systems. The second one is there’s a variety of tools and implementations. various vendors, various producers of identity products, have their first off like their directories like I was just talking about, you might have some identities in Azure, or you might have other identities and Ping Identity. And also, on top of that, you might have different MFA providers for a long time we were using RSA tokens is a completely separate second factor that people could use in order to secure their systems. We also have different authorization engines. Now that our back versus a back we have identity proofing, we have governance, so we have a large variety of different identity tools that we need to make work together. And the third one, the third component, I would say, of identity orchestration is the customized user journeys, where every if we were to rely just on one identity provider, that might not be the right way for us to log our users in, that might not be what we want to do, we might want to have a different mix of these tools and implementations, we might want to have a different mix of even where the door where the identities are stored in the first place. So the Customize User journey allows us to say hey, so despite where their identity might be stored, I want them to have the same user login screen. And then I might want to decide which different MFA provider they use based on what they are trying to get into. And I might want to use identity proofing for some users and not for other users. So to me, identity orchestration is all about those three things, distributed identity, the variety of tools and implementations that we can make work together and the customized user journey.

Eveline Oehrlich 08:14
Wow. Lots of I can already kind of guess why this is important. Why I did the orchestration is important, because I’ve been in it long enough to realize some of the benefits but love to hear it. From your perspective, why is it that the orchestration really important?

Topher Marie 08:35
Yeah, but so identity orchestration is very important, because as companies are moving to the cloud, or multiple clouds, and I will pause there and say that most companies don’t just have one cloud. They most companies have different departments that are working in different clouds, or even different products that they have to work with, that are residing, that the compute for those products is residing in different clouds. And as this just grows, more and more, it becomes a huge concern about Alright, so what am I going to try to do here is AWS going to be the center of my identity is as you’re going to be the center of my identity? Am I doing LDAP on premises? How do I make all of this work together? So as we become more of a multi cloud industry, it’s very important that we have some way of making all of these identity systems work together, and also all of our identity targets. Should I say all of the applications that are consuming identity? How do we make it so hey, this person logged in from AWS, but the actual application is residing in Azure or on premises? How do I make that identity palatable to the target application? And how do I avoid rewriting that application? If I’ve got an old application that was using a legacy identity system such as one that we very commonly see as ca SiteMinder, we see a lot of Oracle products as well. Consumers are trying to get away from those legacy products as they move into cloud infrastructure, how do we make it so you don’t have to rewrite an application that was targeted to one of those legacy products. That’s something that we do and something that really, really resonates with our customers. Beautiful.

Eveline Oehrlich 10:24
So I heard you improve collaboration, of course, right reuse, and with it, of course, saving time, and hassle for all of those who actually have to work together and manage all of those different identities. Absolutely intriguing. Certainly an area which our listeners are extremely interested. Fantastic, super. Now, I was doing additional research, you know, analysts like myself, which I am, by nature by heart and have always been always curious. And your company was co founded by Eric Alden, Eric Leach and yourself and researching your company a little bit, I found it very interesting that even before you all figured out exactly how strategy would work or how it would get funded. You laid out core values. And this really tickled me and I love them. So the core values of openness, honesty, integrity, transparency, accountability, and empowerment. This really is very dear near to me, because I worked for Hewlett Packard when it was Hewlett Packard many moons ago. And these types of things were very much written in like an HP way. So that’s why I love this so much. Additionally, in 22, you guys got voted by Ink Magazine, in are listed as best workplaces and the extract from a press release, it said, best workplaces, 2020 to 475 employers, these companies out of Florida 75, employers have cracked the code for excellent company culture. Now my question, give us some examples on how this plays out in your day to day work within strata. What what do you guys do? How do you make this openness, honesty, all of those wonderful core values? How do you practice them?

Topher Marie 12:23
Yeah, it’s a thank you for acknowledging that it was very deliberate for us to come in, figure out what kind of company we wanted to work for what kind of culture we wanted to inculcate. So this was very edifying to have to be recognized a few years ago by buy the industry as a great place to work. So in our day to day lives, well, first off, we have a couple of ceremonies which are more weekly, but we have a Mavericks Monday, we call it where the first thing that happens is we come in and we just discuss a this is what’s going on this week across the entire company. And here’s what every individual is looking forward to. And what they’re going to be doing that week really promotes the openness really promotes that communication. Many times I’ve been on those calls, Zoom meetings, I’ve been on that Zoom meeting and realize, hey, that’s something that we’ve already done like six weeks ago, let me help you out there, or oh, this person might be struggling with this, and be able to offer help, that openness, that that communication is very core to us. Another thing that we do is what we call Aloha Friday. So we have the Mavericks Monday that kicks off the week. And then on Friday, we all get together. Again, we’re a completely distributed company. So most of us are just joining over zoom, a few in offices here in there. But over zoom, we get together and we just talk about the week, hey, here’s what’s happened. And here’s what I’m thankful for here are things that I’m very appreciative of, let me call out this person, let me call out this team, let me discuss, this is what happened and look at how they really gave their all in order to turn something around very quickly, or the great communication that happened or here’s the event that a that our marketing department put on and look at all the pictures of our happy attendees, those kinds of things are very rewarding, just to be able to have that communication. You know, as companies become more and more distributed. As we have more work from home, it becomes really easy to be isolated. So it’s important to us that we have this open communication and we have this ability to call each other out for Hey, these are great things that people have done. Let’s have these conversations. Let’s feel like a team and work together on things.

Narrator 14:53
Do you want to advance your career and organization? We can help you do that. DevOps Institute offers a wide range of educational experiences for you to begin your upskilling journey. Whether you’re looking for a defined path to certification, exploring the latest in DevOps, or connecting with the larger community, we can help you develop the specialized skills needed for the future of it. And it won’t just be good for your career. It will also make you indispensable at work with our lineup of industry recognized DevOps certifications, digital learning opportunities, and engaging events, you can connect with our network of experts and expand your potential today. Visit DevOps and join our community now.

Eveline Oehrlich 15:39
I love those. I think I’m going to, I don’t want to use the word copy. I think I use word leverage. I’m going to leverage this into a new team I’m forming. I love the Mavericks Monday, I might call it something else to be more. That’s all that’s not so American. Right? And then Aloha Friday, everybody knows Aloha. Even we here in Europe, of course, no Aloha. So I didn’t have those. That’s fantastic. Thank you for sharing that.

Topher Marie 16:10
It just, it just occurred to me that when I saved Mavericks Monday, it might not. I realized that Netflix is the name of our main product. And that’s why we’ve chosen that particular alliteration there for Mavericks Monday. Ah, not just because we are also Mavericks with K, the product Maverick was actually Mavericks was actually named after a particular wave in California that is important is powerful is great for a lot of different surfers, and three co founders, we actually built the company or decided on these core values that we were just talking about as we were on a surfing trip in Puerto Rico. So surfing is kind of I wouldn’t say a core value, but something that resonates with a lot of us, so Oh, great.

Eveline Oehrlich 16:58
Excellent, excellent. You have to come to Nazarene or Nazareth down in Portugal, in April or in January to watch the maverick stare. That’s a fantastic place. Excellent. All right. Let’s go back to strategize. So, in your words, why is what started us unique when we think about the identity orchestration?

Topher Marie 17:21
Yeah, great question. So recently, at the Gartner conference here in 2023, a cube con said, vendors are going to have to handle orchestration, or they will be orchestrated. So to me, I see, from a consumer point of view, great value in decoupling the orchestrations from a particular vendor. Every company probably, again has multiple vendors that they’re working with, if you’re a nontrivially sized organization, you’ve got multiple IDPs, whether you like it or not, and orchestration can be seen as an abstraction layer on top of that identity. So it prevents some of the lock in and gives you leverage in the future. When you think about changing vendors or you think about changing approaches. The problem that I see, with every vendor becoming their own identity orchestration system, which you we are seeing that every vendor is pushing into that area is that they become their own little sinkhole, they become their own little center of gravity. And so it’s no better to say, Okay, I have to escape from the orchestration of one vendor, in order to be able to leverage the capabilities of another vendor, you’re still getting into the center of gravity. So as a, I’ll say, neutral vendor of orchestration that allows us to help you to not be so bound to any so coupled to any one particular vendor. It also allows us to do a lot more customized customizability in that we don’t have a preferred way of doing let’s say, NFA, if you are in a particular, if you are tied to a particular vendor, and they just want to push you into their own NFA system all of the time. I mean, of course, that’s what they’re incentivized to do, the more that they can lock you into their particular product, the better it is for them, but it’s not good for the consumers to be locked into any particular product. They’d rather choose the best of breed for for anything and with identity, which is my main concern. That’s, that’s obviously true. Let’s let them choose the identity directory that they need for any particular application or for any particular user journey. Let’s then let them layer on top of that the MFA. Let’s then let them layer on top of that the governance system or creating new customers, sorry, new users in these directory systems. So our best of breed approach and our neutral approach to how identity systems work is really The different than any one particular identity vendor trying to get into the orchestration.

Eveline Oehrlich 20:09
Right. So best of breed and then the Switzerland, right, as you said the neutral, we sometimes use that in Europe to describe neutrality, which is, which is everybody understands super. Now as we know, there are many organizations which are working on moving off outdated cloud identity providers to more secure and flexible cloud identity systems like Octa, you mentioned a few already Microsoft assure AWS and more. And you you guys recently announced no code software recipes for application modernisations I love the word recipes. I might have called them blue books, or blue or blue books or Blue Book, sorry, playbooks, blue books, just try to sell my daughter’s car. So that’s why I’m in love books, but playbooks for application modernization, but you call them recipes. Tell us what do these recipes do?

Topher Marie 21:03
Yeah, there are some common use cases that we see as we talk to consumers. As we talk to prospects as we talk to our customers that they have the same problem across the entire industry, a lot of people are trying to move off of some of these legacy systems and into more modern identity architectures, but they don’t want to rewrite their original application that was tied to the legacy system. So for instance, one of our Blueprints Wow, now you’ve got me doing. Sorry, one of our recipes is, hey, here’s a no code approach. All you have to do is drop this in and we can move you off of the legacy application start the legacy infrastructure, such as site minder, or Oracle, we can move you off of that very simply. And now you’re working against a modern identity systems such as insurer or Okta, got other ones. For instance, one common scenario that we see is, instead of moving, so one common scenario is, hey, I’m moving from one identity architecture, one identity framework to another identity framework, or I’m trying to move the center of gravity or here’s, here’s this one that has just jacked up the price by five times eight times. And so I need to move my users out of there. But I don’t want to do the Big Bang cutover from one to the other. I don’t want users to come in one Monday morning, and suddenly their user experience is completely different. So that goes kind of to our, to our user journeys story where we can have the customized user journey that looks the same as before. But another component of this particular recipe is we can move the users from one identity system to the other identity system, without them knowing about that. So they’re still logging into the first identity system, they’re still passing in their username and password to let’s say, a, let’s say to a SiteMinder based application, we will go and create the user at runtime in Okta, or in Ping Identity, wherever the target destination is, without them, knowing that anything has happened there. This is also a perfect time for us to layer on a second factor, if the legacy identity system didn’t have second factors, we know who that user is, because they just logged in to the legacy system where we have a good handle on their session at that time. Let’s now prompt them and move them through the process of adding a second factor. But again, this is a incremental thing, just as users are logging in. And you don’t even have to do all users at once. You can do individual, you 10% of your users one week 20% Next week, you know, move over to the system gradually. So it’s not as nightmare Big Bang cutover where your entire infrastructure team, all of the DevOps people are there all weekend and crossing their fingers on Monday morning that something disastrous doesn’t happen and you haven’t locked out 10,000 users. That’s a nightmare scenario with us. Yeah, just layer on this, again, abstraction layer. And we have recipes that help with this. This transference of your center of gravity for your identity systems from one to the other.

Eveline Oehrlich 24:19
That already answers. So one of the questions What would you advise our listeners to do right away, it’s really take a look at these recipes. I think this is a great, a great idea. Now, I want to look a little bit into the future before we end this because I want to look into your crystal ball. From our research. We know there’s a skill shortage in it. Right. We also know from Gartner and Forrester, my old colleagues there, there’s a not too much additional money in terms of budgets in 23 for it so it’s really all about how do we upskill rescale and save cost to get all of this done right. So what would you say If I asked you predictions around that add orchestration 23 Oh, my goodness is almost half over. But we still have a few months left, but for 23 and maybe beyond, when you look in their crystal ball predictions around identity orchestration from you.

Topher Marie 25:15
Yeah, I think that one prediction, which has already come true, as we’re gonna see, the term orchestration tossed around quite a bit, I think it’s going to become like zero trust has become over the last 510 years where it’s just everywhere, it loses all of its meaning, because we just say, Yeah, I’ve got some orchestration, I can work with a different identity system, or I like to customize the user journey, they really kind of ticks tick the boxes, but they missed the spirit of it, I don’t want to be caught up in one identity system and not be able to choose the best of breed for from some other places. So I would suggest that, that listeners kind of inoculate themselves against the buzzword. What is it really? What is our identity orchestration actually mean? And how would it benefit me, if it doesn’t matter that you have, if you are actually just in one identity system, then then you don’t care about it. But I think that most nontrivially size organizations probably could benefit from identity orchestration. And what they should do is let’s, let’s look at some of these siloed identities that I have, you know, not just my main directories as your or aka or wherever I keep keep the main body of directories, but also all of the other subsystems EHR system, the email, though, whatever it is, how can I make these things work together better and think about the underused utilities that you already have? Maybe one small department had as a particular need. And so they had to pick a particular MFA vendor? How do I unlock that and actually make it available across the entire organization? Or how can I use identity orchestration to choose and make the best use of all of these tools that I’m paying for, and maybe stop paying for some of the tools that I don’t need anymore, or law, getting rid of some of these legacy systems that are really really jacking up the prices and getting really expensive? So unlocking a lot of value by allowing you to mix and match your identity systems, the tools that you’re using and to customize that user journey.

Eveline Oehrlich 27:20
Great advice. Super. And I love that you mentioned zero trust shout out to my old colleague, John Kim Novak, who is called the father of zero trust. So excellent, fantastic advice. All right. I have one more question. It has nothing to do with identity orchestration, sadly, but truly, I want to know, what do you do for fun because you live in Colorado, you’re a surfer, but I don’t think there was any surfing in Colorado. But maybe you have found some places. Tell us what you do for fun. Dover

Topher Marie 27:50
definitely knows surfing. Definitely no surfing here. What I do, I think it’s one of those classic I grew up in Colorado, I used to do a lot of skiing. I used to get up there into the mountains for doing that. But honestly, the traffic is just making that kind of unpalatable. He’s spent a lot of time just right driving out there and driving back. So one of the things that I really liked doing is going to other places in the mountains, not the popular i 70 area but other places in the mountains and doing a lot of hiking, doing a lot of mountain climbing. That’s something I’ve been passionate about for decades now doing mountain climbing. I’ve got a goal of doing Aconcagua, which is the tallest peak in South America. I’ve had a goal of doing it a couple of years back but unfortunately COVID knocked out plan to the side. So now I’m now that I’m back in Colorado, spending all my time here. I’m able to get into the mountains, get my fitness back up and hope to get that done this coming winter.

Eveline Oehrlich 28:51
Wow, great goal to have good luck. That sounds fantastic. Thank you so much for this has been a great conversation. We have been talking to Topher Murray, CTO and co founder at Strata identity again, thanks so much for joining me today on humans of DevOps podcast.

Topher Marie 29:10
Thank you, Evelyn. I had a great time.

Eveline Oehrlich 29:13
Humans of DevOps podcast is produced by DevOps Institute. Our audio production team includes Daniel Newman, Schultz and Brendan Lee, shout out to my colleagues. I’m humans of DevOps podcast, executive producer evolutionarily. If you would like to join us on the podcast, please contact us at humans of DevOps podcast at DevOps I’m Evelyn ilish. Talk to you soon.

Narrator 29:39
Thanks for listening to this episode of the humans of DevOps podcast. Don’t forget to join our global community to get access to even more great resources like this. Until next time, remember, you are part of something bigger than yourself. You belong

Upskilling IT 2023 Report

Community at DevOps Institute

related posts

[EP109] From a DBA Jerk to a Collaborator!

[EP109] From a DBA Jerk to a Collaborator!

Join Eveline Oehrlich and Grant Fritchey, Product Advocate at Redgate Software, to discuss product advocacy, collaboration, and leadership. Grant has worked for more than 30 years in IT as a developer and a DBA. He has built systems from major enterprises to...

[EP108] Leading an Engineering Team Today

[EP108] Leading an Engineering Team Today

Join Eveline Oehrlich and Nickolas Means, VP of Engineering at Sym, to discuss the best practices and challenges of leading an engineering team, collaboration, and more. Nick is the VP of Engineering at Sym, the adaptive access tool built for developers. He’s been an...

[EP105] Cloud native, Observability, Developer Happiness: Oh my!

[EP105] Cloud native, Observability, Developer Happiness: Oh my!

Join Eveline Oehrlich and Adam Frank, VP of Product Management and Design at Armory, to discuss Observability, Developer happiness and experience, and Continuous integration vs. continuous deployment. Adam Frank is passionate about all things product and design. He...