Driving Innovation and Security with Componentized Identity
Almost 10 years ago, the book “The New Kingmakers” explored the rise of a developer class that would fundamentally reshape the way technology decisions are made in organizations. Today, two-thirds of professional developers have a voice when their organizations are purchasing new technologies, according to Stack Overflow. Product-led growth is officially “a thing.” Prioritizing the developer experience is not only fashionable, but profitable.
But what developers have gained in influence has been doubled in complexity. The COVID-19 pandemic accelerated digital initiatives, creating an explosion of custom applications for consumers and business customers. Developers are under pressure not just to ship faster, differentiated experiences, but also to improve the security posture of the products they’re building — making them resilient as threats evolve.
As a developer myself, I wear code as a badge of honor. But these new realities mean we can’t code everything anymore.
Development teams are being selective about the code they choose to write and maintain because every piece of code has a cost. It’s a path well-worn by payments, messaging, and databases, all of which have been componentized and assembled as reusable, cloud-based services. Customer identity and authentication are ripe for the same transformation.
Developers say authentication takes the most time and work to build in-house and to maintain, second only to payment processing. To find out why, we asked our partners at DigitalOcean, Netlify, and Vercel about the experiences of developers building on their platforms, and why it’s important that we work together to make identity and security easier for consumer and SaaS app developers. Here’s what they had to say.
- Why do you think it’s important that we simplify identity implementation for app developers?
“At a macro level, it’s about allowing developers to create in the moment of inspiration. If I have a moment of inspiration, the last thing I want to do is build an identity solution. You can start with identity being done. We also really care about identity and personalization and bringing that together with emerging trends around edge computing for every developer.”
“Technology over the last 10 years, even the largest enterprise-deployed websites, was using caching CDNs (content delivery networks) where everyone was getting the same resource. That obviously isn’t personalized, because everyone is the same. You’d have to go to the server an additional time, get the new resource, and then update the page. But this isn’t how the giants of the web are doing it.”
“You go to Google, and they know who you are and give you a personalized search; you go to Amazon and they have your personalized shopping cart. It all comes in one request. With edge computing, everyone can build a website that’s Google-grade with fully dynamic, fully personalized content.” — Malte Ubl, CTO of Vercel.
- Why are development teams struggling to implement identity security and authentication? What challenges are they facing?
“We’re all builders, and we like to build stuff ourselves. But what we don’t like is to also keep maintaining and iterating on it. History shows that we start with building our own passwords and password recovery, and maybe it’s not that hard, and we can learn to do it fast. Then social login or anomaly detection shows up, and we have to go back and integrate that. None of these are really core to your business offering, but nothing is more important than your customers’ experience and security.”
“Doing not just that initial implementation work, but also the constant work to keep up with innovation and new security paradigms is not the way to go for the parts of the stack that aren’t specific to your company. The beauty of modern, composable architectures and the Jamstack approach is they make it really easy to compose our applications with best-in-class services and avoid having to do this kind of work over and over again.” — Matt Biilmann, CEO and co-founder of Netlify.
- Are there any common identity use cases you’re seeing for developers building on your platforms?
“The story we see all the time is where developers build their own identity backend, and then all of a sudden they’re scaling, they have so many customers, and their identity model doesn’t work anymore. Identity is not native to the platform we provide. Our ability to enable that from the very beginning — when someone comes to DigitalOcean with an idea, with a dream to start building a business — keeps this from becoming something that catches up with them later on down the line.
“We’re catching developers very early on, so they implement identity natively as part of what’s being built. There are also a lot of external forces that apply to identity and privacy. A lot of our developers have to deal with sanctioned countries for logins. They change all the time, and it’s not an easy task to keep up with when your engineering team has to deploy code. Abstracting away that complexity can help them make business decisions that might actually change the world.” — Tyler Healy, vice president of security at DigitalOcean.
Identity is foundational for any app. But developers can stumble into spending too much time building and maintaining it in-house. Auth0 now powers Okta Customer Identity Cloud and makes it easy to implement and extend identity for any use case. You can try it with a free plan here.