I must admit to not being super experienced with the prevailing options from an integration standpoint (blue team ops stuff has never been my jam) but the vibe I get from a technical perspective is that outsourcing to an identity management provider makes sense in a mid-sized (esp. rapid growth) org where your cross-ecosystem identity management needs exceed your ability to support an internal function to handle it to a satisfactory degree. but large tech orgs *can* support that in-house, so...
Comments
Displaying 0 of 1 comments
Graham Sutherland / Polynomial
In response to this post... ultimately that leaves me with the impression that large orgs are opting into this model for other reasons. given the evidence so far, I don't think it's controversial to say that there's an increased technical risk to homogenising and centralising identity management, resulting from a range of factors (greater incentives for threat actors, increase blast radius of incidents, etc.), so that rather points to accepting higher tangible risk in exchange for lower responsibility for that risk.
(probably also a degree of cost structuring and budgetary nonsense involved too, as there often is)
by Graham Sutherland / Polynomial ;
@gsuberland My current company is pretty large (~30k people). We use some hosted authentication ostensibly because it’s easier to integrate new acquisitions. They just need access to the Internet, not to our internal AD servers.
Of course, balkanization is still a thing. We use around six different “single” sign-on providers, with multiple instances of several of them (e.g, I have three separate accounts which all authenticate through Okta and which are used for slightly different things). A lot of us are still managing ~15 accounts.
by Zimmie ;
Likes: 0
Replies: 2
Boosts: 0