A Leading IAM Architect on Why He Joined HYPR
Spencer Yezo, Sr. Product Manager, HYPR
5 Min. Read | October 21, 2021
Until recently, I spent my entire career in the financial sector, focusing on Identity & Access Management (IAM) technologies. I began as a developer building applications centered around directory server technology. I quickly moved to engineering positions that involved deploying and managing various IAM products at scale. Eventually I started taking architecture roles, which required viewing things through a different lens: one where long-term strategy and design are of the utmost importance.
Regardless of the role, the one constant occurrence is change. Programming languages change, authentication protocols change, technology vendors change and of course, the threats change. When putting together an architecture for an enterprise-grade service, the goal is to ensure that you are flexible enough to accommodate this change while still holding true to the target state. This is where solid architectural principles come in. The new service not only must be able to integrate into the current enterprise, it should be able to adapt to future requirements. Moreover, the service should perform a specific task with a clear role and responsibility defined. Scope creep is not just an issue for projects — it can happen with enterprise services as well. Failure to account for this in your architecture will hinder the ability to adapt to the changes around you.
HYPR Follows Sound Architecture
It’s rare that a company is built on the same architectural principles that define oneself. HYPR's solution checks every box.
Open Industry Standards
Long disproved is the notion that closed or proprietary protocols provide greater security than those developed and matured by the collective industry. Similar to solutions that attempt to roll their own cryptography, this approach is not only less secure (i.e. security through obscurity) but it presents a more attractive target in general to threat actors.They know the technology is only as strong as the few individuals who developed it, compared to the cumulative knowledge of a much larger community. Industry standards tend to evolve over time based on real-life experiences and advancements in technology. Simply do a search for OAuth on the IETF website to drive that point home.
Another key benefit of building a product on top of industry standards is interoperability. It provides a seamless way to integrate with other products since they all speak the same language. While HYPR is the only True Passwordless MFA solution on the market, the underpinnings are based on the FIDO UAF and FIDO2 protocols and numerous components are FIDO Certified. HYPR has been a board member of the FIDO Alliance since 2019 — our board delegate is CEO/CTO and cofounder Bojan Simic — and we’ve been member and contributor since 2015.
Decoupled Authentication Services
As mentioned, each service needs clearly defined roles and responsibilities. By decoupling the authentication service from the identity service, you achieve the greatest architectural flexibility. Many enterprises already have SSO or federation services in place. They should not be required to build out parallel or competing IdPs just to add new authentication capabilities. HYPR can be seamlessly integrated into the existing authentication/identity stack. If the goal is to specifically add modern phishing-resistant authentication to an existing ecosystem, an adapter or plug-in based integration is the most efficient and architecturally sound approach. HYPR provides adapters/integrations to integrate their service with all major identity providers.
Every enterprise has its own unique requirements above and beyond what a vendor provides. Unfortunately, many times this results in the vendor building these specialized requirements into their core product to the detriment of the rest of their customers. This adds unwanted complexity and overhead into the software, often with limited benefit to the greater population. HYPR's platform, however, offers a capability called “Extensions,” which gives enterprises the ability to build their own business logic into HYPR's runtime events. This allows HYPR to maintain focus on capabilities that better align to authentication services — their core proficiency. For example, an extension can be used to verify if the device or token was issued by the enterprise, as opposed to Bring-Your-Own-Devices (BYOD). Another would be to revoke a user’s existing MFA tokens after successfully upgrading to HYPR’s FIDO-based solution.
While providing an API interface is nothing new, the differentiator is the extent to which the APIs are exposed and the capabilities they offer. By exposing the entire lifecycle management and runtime via API, enterprises can build HYPR into their existing MFA onboarding processes and mobile applications. The UX or the processes of onboarding that users are familiar with do not need to change. You can control how to introduce passwordless technology into your environment along with its look and feel. The same holds true for your administrative UX, which the helpdesk or various support teams are already accustomed to. From their point of view, they are not working with a brand new tool, they are getting a new capability within the existing tool. To take this to a deeper level of abstraction, API gateways can be introduced between existing applications and HYPR to push the business logic off of the application itself. The benefits go on, but the bottom line is that as long as APIs are available, enterprises can integrate however they see fit. HYPR's architecture provides that flexibility, giving the customers unlimited options for integration.
HYPR Checked All My Critical Boxes
While these are not the only considerations when evaluating an MFA solution, they are critical to ensure that you are making the correct choice for your organization. It is these intangibles and features that set HYPR apart from the rest.If you are a frequent reader of HYPR's blogs, you are already familiar with why phishing-resistant MFA is fast becoming a necessity for enterprises of all sizes, and that providing this capability is part of HYPR's core mission. The blog title refers to “Why I decided to join HYPR." Besides the company’s amazing leadership, team and vision, the answer is that HYPR's solution satisfied every architectural principle I have followed throughout my career. It is a best of breed solution in the authentication space that I have been working in for 20+ years. What’s not to like?
Oh, and HYPR is hiring! If interested, please check out our open positions.