Jon Gelsey, CEO of developer identity service Auth0, agrees. “The concept of 'security' for an entire Web or mobile app, API or IoT device is complex. Implementing strong security for an application means developers must be constantly aware of rapidly evolving threats, and must have the skill set to properly integrate security into their applications. Since the best security is the one that actually gets deployed, implementation must be as simple as possible for the developer.” He says an identity service will be easier to use, faster to develop with and will provide better security, which he hopes becomes “an incentive for companies to launch applications with proper security in place from day one.”
Marc Boroditsky, who runs Twilio’s Authy service, says the trend to using identity services is well underway in some industries. “Businesses are good at protecting employee information with lifecycle controls but the risk of managing consumer data is beyond their skills. There are really competent service providers that are going to actually deliver a better more deliverable solution. Five years ago, big retailers were starting to work towards offloading that to third party providers. Already the automotive industry, because of the complexity of interactions in the service and manufacturing relationship, is outsourcing identity to a centralised supplier that’s delivering it as a service.”
If you’re accessing OnStar, he points out, you’re going through a service like Covisint.
Security from scale
Real Madrid decided to simplify identity for their developers and they’ve been using Microsoft’s new Azure AD B2C service, which Simons describes as “a private label version of Azure Active Directory to run your consumer site” since it was in private preview. Fans can log in with a username and password, or using a social account like Facebook, and that works on the website or in any mobile apps the team produces. But what they see is a Real Madrid branded page, not a Microsoft one, because it’s easy to style the site.
Improving security with an identity service can save money. “Our pricing is crazy affordable; we can run this for you way, way cheaper than you could run it yourself, and get all the other benefits too,” Simons claims. The first 50,000 consumer identities are free; if your business needs more than that, Microsoft charges “a fraction of a cent per authentication and per stored identity”. That gets you a highly available service running at Azure scale, in multiple data centres around the world (so connections are fast wherever your customers are). “If a data center burns down or a disk goes bad, or whatever we can immediately reroute to another live node so you don’t get any downtime.”