Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
News, news analysis, and commentary on the latest trends in cybersecurity technology.
Inside Strata's Plans to Solve the Cloud Identity Puzzle
Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.
February 25, 2021
5 Min Read
Multicloud is the new normal for many organizations — and it's growing fast. But while this approach brings several benefits, it also creates some hefty obstacles: Identity infrastructure often becomes siloed as a result, and applications are locked in by legacy identity management.
It's a problem that Strata Identity was founded to solve. The startup wants to help businesses bring together identity and access management (IAM) systems so handling identities is simpler for administrators and users across both cloud and on-premises systems.
Founder and CEO Eric Olden was running Oracle's security and identity division when he picked up on the pattern of large enterprise customers moving to multicloud environments. Many were asking for tools that were fundamentally different from what the market offered then.
"They wanted a way to make multiple things work together that were never designed to work together," he recalls. Oracle wasn't interested in solving the multicloud problem, Olden says, but he began to see an opportunity in the market as more organizations adopted more clouds.
His decision to leave Oracle and found Strata was also driven by an idea that led to the creation of the Security Assertion Markup Language (SAML), which he co-authored while CTO of Securant in 2000 (Olden later joined Oracle in 2017). SAML is a framework to enable trust between distributed companies; before it was written, there was a notion that identity is only relevant inside a company and doesn't need to be considered outside it, he says.
"As I think about where this has landed, it's really in the world of distributed systems," Olden explains, adding that "five years from now, it'll be completely obvious that the only way to make all these things work is to embrace the distributed notion and stop fighting it with "put it all in one box. Those times are past."
Today's organizations often have various clouds from Amazon, Microsoft, Google, or other companies, along with software-as-a-service applications. Many use a service like Okta to handle sign-in. Each of these systems is treated as a silo, Olden says, because they have built-in identity systems that come with the cloud. IT and security managers have no choice but to build policies and run things on Azure, then separately build policies and run it on Okta, and so on.
"That's really inefficient, and it leads to a lot of security holes," he continues. "If you can't see the forest [for] the trees, then you know you've got a problem because for each one of these things, the attackers can break into one and then move laterally. … You don't see that there's an exposure because it's too complex."
A Big Problem for Big Businesses
Rather than change the way the world is, Strata's technology was designed to work with it. The company created a notion of a "distributed identity fabric" that uses the orchestration pattern. Its Maverics platform connects to identity systems, migrates users and credentials, copies and syncs policies and configurations, then abstracts authentication and session management.
None of this is visible to the user, Olden notes. If someone is logging in to Azure Active Directory as they normally do, it looks identical. When a business uses orchestration for something like migration, he says, it's important that it's not disruptive. Changing the login screen or requiring users to do something like change their passwords could cause additional problems. Strata's approach lets companies migrate to a new system without "a big bang" and associated risk.
For administrators, Strata prioritized defining declarative policies that are human readable, which Olden says is key in DevSecOps. The Maverics platform gives admins APIs to do everything programmatically and store it in GitHub or Bitbucket, which lets them incorporate it with CI/CD pipelines.
"For an admin, we're bringing identity into the modern DevSecOps world with these declarative policies, and the way that we manage and store those policies," he explains. "It may seem like a small point, but this is a huge thing if you're trying to figure out what is going on" or how something is configured."
Olden co-founded Strata along with Topher Marie, CTO, and Eric Leach, chief product officer, with the mentality of solving problems from the perspective of large, complex environments. The three have similar background in working for large organizations, which made this a natural approach, but the mentality also helps create a platform that works for a range of businesses.
"If we can solve it for the biggest banks, then we can make it work for smaller organizations with less complex environments," he adds. After all, distributed identity is a problem small and midsize businesses also face.
What's Up Next
With its latest round of funding secured, Strata is focused on growing its team.
"Now that we've raised that capital, already in the last 90 days we've doubled the size of the engineering team — more than doubled it, almost tripled it," Olden says. Overall, the company's head count has doubled, with the most investment into engineering.
Strata's seed funding went toward building out its base platform. With the Series A and a larger team, it can begin to build more functionality into its products and provide new capabilities its customers are asking for. One of these is related to discovery, and learning what software the business has, where it runs, and how it integrates into their identity management. When a company reaches a certain scale and apps are distributed, there's no single place to look.
"If we can be that single pane of glass that allows all of this to work together, then populating that in an automated way is going to be really important," Olden says.
About the Author(s)
Former Senior Editor, Dark Reading
Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.
You May Also Like
Your Everywhere Security guide: Four steps to stop cyberattacksFeb 27, 2024
Your Everywhere Security Guide: 4 Steps to Stop CyberattacksFeb 27, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
API Security: Protecting Your Application's Attack SurfaceFeb 29, 2024
Securing the Software Development Life Cycle from Start to FinishMar 06, 2024
Latest Articles in DR Technology
Insurers Use Claims Data to Recommend Cybersecurity TechnologiesFeb 22, 2024|4 Min Read
AI-Generated Patches Could Ease Developer, Operations WorkloadFeb 20, 2024|5 Min Read
What Using Security to Regulate AI Chips Could Look LikeFeb 16, 2024|3 Min Read
CISA HBOM Framework Doesn't Go Far EnoughFeb 15, 2024|3 Min Read