Authorization has become a very complex and technically challenging problem for developers in the age of SaaS and cloud. Only a handful of the most sophisticated and large engineering organizations at companies like Microsoft, Google and Netflix have started to publish their solutions, which shows just how hard an architectural challenge authorization is.
When we were exploring the issues in modern Identity and Access Management (IAM), we learned that application developers can build a seemingly perfect SaaS application for an enterprise, but quickly run into substantial obstacles when integrating into the customer environment: single sign-on, authorization, audit trails, and unique IT department compliance requirements. These are necessary for enterprise customers but not all within the scope of an application developer’s toolkit. Among them, authorization needs escalate in complexity, especially for modern distributed architectures, which makes it one of the most difficult things to do well.
To put it in simple terms, if authentication is identifying who is on your doorstep, authorization is what you allow them to access and do once they’re inside your house. Thanks to some standards and services like OAuth2, OIDC and Auth0 (recently acquired by Okta), it’s relatively straightforward to delegate authentication to an identity provider (e.g. Google). but there are no real meaningful contenders for the authorization. It’s why we believe authorization will follow the same path as authentication: that SaaS developers will buy an authorization-as-a-service solution rather than build it themselves.
Authorization in a SaaS and cloud-native world is costly and time-consuming to build and maintain. Homegrown solutions frequently fall short of enterprise-grade requirements and quickly scale in complexity. This presents a technical, manageability and security challenge for modern development teams, and which is what makes it a large, emerging market opportunity.
With authentication being a solved problem, the right set of circumstances now exists for a talented technical team to build the robust authorization system every SaaS developer needs. Aserto stood out in this space because of its two powerhouse cofounders. Omri Gazitt, Aserto’s CEO, has always been at the forefront of solving dev infrastructure problems, whether it was as a general manager for Microsoft Azure or as the Chief Product Officer of open-source companies like Puppet. We also had the opportunity to work with Omri closely as part of his time as an Executive-in-Residence with us and observed his impressive expertise, leadership skills and entrepreneurial acumen first-hand. Chief Technology Officer Gert Drapers was the principal architect behind the initial version of Azure’s Active Directory, a distinguished technologist of HPE Cloud Platform and Chief Architect at both Puppet and Hulu. Both bring deep domain expertise and have seen what’s required to make authorization work in a modern cloud environment.
It’s exciting to consider the possibilities Aserto is opening up in the enterprise space, and we’re delighted to come along on the journey.