Customer Identity as a Service
We have long advocated for developer services as one of the easiest ways for software engineering teams to gain efficiency. For almost as long, we have kept an eye out for a company that handles the authentication and authorization of an application's users. This is usually the first block of functionality that a team of developers has to implement before they can get on with the task of building the application they imagined. I can only assume that the task of coding the password reset functionality is handed to the developer who drew the short straw.
That is why we are pleased to announce our investment in Stormpath. Launched in 2011, Stormpath powers customer identity infrastructure for thousands of web applications and services from startups to the enterprise.
We have been surprised that this was not one of the early developers services to arise. Possibly this is because the user model in any software application invariably touches every component of an application. Only once the micro-services architecture had become deeply-ingrained in the modern architecture ethos was it feasible for developers to start by outsourcing the user model. Our suspicion is that many an application prototype has simply survived too long for the user table to be later disentangled from the core.
Sometimes you have to skate to where the puck has been lying motionless for 40 years.
- Bret Victor paraphrasing Wayne Gretsky
A second driver behind this change is the need to access a centralized user store from across a suite of applications. As enterprises have continued to stand up application upon application to serve the various needs of their users, each team of developers in a multitude of different business units has re-implemented the same user model. We all know the pain of being required to re-register for the n-th service at our bank. From the point of a consumer in 2015, it is deeply incongruent for a company to claim to manage 'relationships' with their customers and yet have no knowledge of that same customer in a different application.
Stormpath fits all the requirements we look for in a developer-oriented service:
- It solves a broad, horizontal need in every web and mobile application. Every application exists in the context of its users. Stormpath allows developers to offer a flawless experience for the users of the application.
- The user model and the details of its implementation are seldom strategic to any application. It is consequently a perfect candidate for being outsourced, allowing developers to focus on the differentiated functionality.
- Providing users access to the various components of an application is clearly mission-critical. An end-user who is unable to reset her forgotten password smoothly is clearly a lost customer.
- It's easy to implement. Stormpath's service can be implemented in 15 minutes. It offers instantaneous access to a slew of functionality that many developers never get around to adding.
- Global scale. Authentication and authorization logic in applications is increasing in complexity over time. By outsourcing this potential bottleneck in scaling the number of users, developers ensure the availability of their own application, even in the face of exploding usage.
- We believe that application components are ideal candidates for outsourcing when they aren't sexy from a developer's point of view. As we spoke to developers it became clear that implementing modern authorization functionality is marginally worse than a root canal.
- There is one final aspect of Stormpath that we did not explicitly mention in our original post on developer services: Security. As transactions move online, the need for better security is has become acute. We believe that using a secure authentication service is a no-brainer.
Founders Alex Salazar and Les Hazelwood are passionate about their work and have built a team that mirrors their excitement. I look forward to working with the team has they prepare for the next phase of explosive growth.
Originally published September 30, 2015.