All posts by Ishara Naotunna

Helping You Say GDPRghh Less – Meet Us at the GDPR Summit London!

The process of becoming compliant with the General Data Protection Regulation (GDPR) isn’t simple. Anyone who says otherwise isn’t telling you the truth. However, you can make the process tolerable by using the right technology.

The prime focus of our spring release was to ensure that the entire WSO2 platform is compliant and for our products to be able to provide rapid growth by leveraging the regulation. For instance, WSO2 Identity Server is now able to provide end-to-end consent management as well as the ability to anonymize user data which adheres the ‘right to be forgotten’ rule.

To further help you accelerate compliance, Sagara Gunathunga, a director at WSO2 and a key member of the WSO2 IAM team, will be speaking on “Best Practices: How to Optimize Your GDPR Strategy” at the GDPR Summit held on April 23 at 155, Bishop Gate, London. During his session, he will explore

  • The main factors for optimizing your strategy
  • The role played by IAM
  • How technology helps organizations leverage GDPR to drive growth
  • How to stay up-to-date with other privacy regulations

The event usually witnesses at least 500 attendees and aims to provide an actionable and practical roadmap for organizations to become GDPR compliant. Described as high impact, content-rich and jargon-free, over 40 expert speakers are scheduled to speak at this one-day conference.

Come say hi to our team and attend Sagara’s talk at the GDPR roadmap theatre. Click here to find out more!

Won’t be able to attend? Sign up for our ongoing webinar series to learn about all things GDPR!

Roses are red, violets are blue. We don’t have time to rhyme because the GDPR deadline is coming up soon!

At our last webinar on the General Data Protection Regulation (GDPR) hosted by Prabath Siriwardena and Asanka Abeysinghe, we looked at technical aspects of the regulation and what steps you can take to ensure your security strategy is primed for GDPR.

With less than two months to go, what you need now is the right approach to accelerate your GDPR compliance journey. According to a survey conducted by Forrester research1 a few months ago, 11% of firms are still unsure of what needs to be done and 29% of fully compliant companies may have taken some incorrect steps. This can cause serious issues and lead to hefty fines when scrutinized by governing bodies. From an industry perspective, while financial industries are usually ahead given the constant regulations, media and retail industries could be lagging behind in getting their systems and processes into place.

Your enterprise’s longevity depends on the trust you build with your customers. That’s why user consent and privacy are vital. If the aftermath of the Facebook – Cambridge Analytica scandal taught us anything, it’s that. GDPR may seem like a daunting challenge at first, but by adopting the right technology you can move beyond compliance and take advantage of the regulation to gain your customers’ trust, strengthen their loyalty, and grow your business rapidly.

To help you grasp the complex processes involved in GDPR compliance, the WSO2 Identity Server team is conducting a series of seven webinars which explores how our products are GDPR compliant and what steps you can take to accelerate compliance.

  1. April 10: Accelerating Your GDPR Compliance with the WSO2 Platform – Sagara Gunathunga, Director, WSO2
  2. April 17: The Right Steps to Becoming GDPR Compliant – Darshana Gunawardena, Technical Lead, WSO2
  3. April 24: GDPR Compliance with WSO2 Identity Server – Ayesha Dissanayaka, Senior Software Engineer and Hasintha Indrajee, Associate Technical Lead, WSO2
  4. May 2: GDPR and API Security – Sanjeewa Malalgoda, Senior Technical Lead, WSO2
  5. May 8: The Role of GDPR in Customer Identity and Access Management – Rushmin Fernando, Technical Lead, WSO2
  6. May 15: GDPR Compliance by Design – Ruwan Abeykoon, Associate Director/Architect and Jayanga Kaushalya, Senior Software Engineer WSO2
  7. May 22: The Impact of GDPR on User Experience – Dakshika Jayatilake – Associate Technical Lead, WSO2

Sign up and spread the word!

1 Forrester Research, Inc. “The State Of GDPR Readiness GDPR Readiness Progresses, But Strategies Depend Too Heavily On IT” by Enza Iannopollo with Laura Koetzle, Stephanie Balaouras, Elsa Pikulik and Peggy Dostie, January 31, 2018

We Did It! WSO2 Identity Server is Now OpenID Certified

We thought turning 10 was a reason enough to celebrate, but we’re not done with the celebrations yet. Our Identity Server (IS) team has been working to keep that momentum going. We just became OpenID certified!

Being OpenID certified by the OpenID foundation is a big deal. What is OpenID? OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. “We’ve been compliant with OpenID standards for a long time,” says an ecstatic Prabath Siriwardena, WSO2’s Senior director of security architecture. “Getting the certification puts a stamp on it and gives the assurance users are looking for,” Prabath explains.

WSO2 Identity Server is the most extensible and fully open source IAM provider that can help connect and manage your identities. It’s a key enabler of digital transformation. Our single sign-on bridges protocols such as OpenID, has been a key component offering solutions to enterprises in education, telecommunication, and health among others.

By becoming OpenID certified, we’re joining a list of industry giants who also have this certification including Yahoo! Japan, University of Chicago, Verizon, Salesforce, Paypal, and Google. Now WSO2 Identity Server can provide the assurance to its users that it really conforms to the profiles of OpenID connect protocol.

Kudos to our IS team on this feat and looking forward to many more successes!

Ask an Expert: Catching up with IAM Guru, Prabath Siriwardena

Prabath Siriwardena, WSO2’s senior director of security architecture, has a lot to be proud of. He’s an accomplished author, speaks at conferences such as Qcon, ApacheCon, WSO2Con, EIC, IDentity Next, OSCON and OSDC, and has over a decade of experience working with Fortune 100 companies.

We caught up with Prabath recently to get his take on the significance of GDPR, the future of open source IAM solutions, his personal journey at WSO2, and why he believes the world always needs fresh ideas.

1. What has your journey at WSO2 been like, Prabath?

I completed 10 years at WSO2 last year, having joined on the 1st of November 2007. It’s been a great journey with an awesome set of people around me – both the colleagues at work and the customers.

The joy of working at WSO2 is that you always get an opportunity to help someone solve a challenging problem.”

I’ve learned a lot from both these groups. The joy of working at WSO2 is that you always get an opportunity to help someone solve a challenging problem. It can be as simple as building a federated login scenario with a SaaS vendor to more complicated use cases like building an identity architecture to accommodate millions of users. Overall it’s a very satisfying, rewarding journey – looking back, I’ve enjoyed every second of it.

2. What’s the most recent problem you’ve helped solve?

I get the opportunity to talk to and work with many WSO2 customers, each problem is quite interesting. Engaging with customers allows me to understand their pain points. Once you know their pain points, you can work with them to find and build a solution.

Let me give you one example. Recently we worked with a customer based in San Francisco, California, a large company with hundreds of departments. Each department has its own applications and an identity store. The employee records are scattered between those different identity stores – and a given employee has to maintain multiple records under each department if they have to access any of the applications provided by that department. This has been the way the company operated for several years. A real productivity killer – but, convincing 100+ departments to build a unified identity platform across the company was challenging, both technically and politically. We’ve had several long discussions with their technical teams and is now in the process of building a unified identity platform with WSO2 Identity Server, in a phased approach.

3. GDPR has surely caught on and everyone is throwing this term around. But there’s a deadline approaching and we need to act fast. What’s the simplest way an enterprise can get started and what do they need to keep in mind?

GDPR is a historical milestone in all the initiatives brought up so far to protect consumer privacy. Even though it’s more applicable to EU, it has a global impact in the way it’s designed. Becoming GDPR compliant starts with a self-assessment – understand what data you collect from your employees, partners, suppliers, customers, and any other entities you work with. Then you need to see how the data is being stored and processed. If you occupy third parties in the process of data collection – or if you share data with third parties for further processing, then you also need to worry about them being GDPR compliant. Once that’s done, you can come up with a phased approach to be GDPR compliant. It’s always recommended that you consult a lawyer or any GDPR consultancy firm to validate your approach and get their guidelines. GDPR is a law, so you should not mess with it!

There are no all-in-one or tailor-made solutions for GDPR. This is where WSO2 Identity Server has a key role to play. WSO2 Identity Server, as an identity provider, gets directly involved in processing personal data. We have made the product GDPR compliant and also provide a portal for consent management.

4. What’s the future like for open source IAM solutions?

A decade back, the IAM market was mostly dominated by Oracle and IBM. The entry barrier was high and was not justifying the cost over the benefits.

Today the number of companies occupying an IAM solution is much better. Cloud-based IAM solutions and open source IAM solutions increasingly reduce the cost of entry.

There are more than 100 Universities in USA and Canada, using WSO2 Identity Server for free, with no support from WSO2. That’s the beauty of real open source.”

According to Gartner, by 2021 open source IAM components will be used for one or more IAM functions by 30% of organizations, up from 20% at the end of 2016. Apart from open source, there are a large number of companies that use homegrown IAM solutions – around 20%. In the next few years, I would expect these companies using homegrown IAM solutions to select an open source IAM product. Unless you have a dedicated set of engineers, who have expertise on IAM, it’s hard to keep up with the pace in which the IAM industry is evolving.

Another important fact I would like to highlight here is open source licensing. Not all open source licenses give you the same level of freedom. Apache 2.0 is the most business-friendly open source license. You can do anything with a product released under Apache 2.0. All WSO2 products are released under the Apache 2.0 license and WSO2 is the 8th largest open source software company. There are more than 100 Universities in USA and Canada, using WSO2 Identity Server for free, with no support from WSO2. That’s the beauty of real open source.

5. What are the benefits of an open source IAM solution?

There are multiple reasons why someone would pick an open source IAM vendor over commercial off-the-shelf (COTS) software. At one point, COTS had an edge over the features, but no more. Most of the open source IAM products out there can compete with any COTS product, in terms of features, and of course, perform better.

Then the cost. Most of the open source products do not have any licensing cost, but a production support model. This definitely reduces the initial product purchasing cost. One key reason I see why people go for open source IAM products is the ‘freedom’.

Most of the open source IAM products out there have a proven track record. I can speak for WSO2 Identity Server, where we have many large scale deployments around the globe, for millions of users.”

The freedom to examine the source code, freedom to extend the capabilities, and freedom to make business decisions.

That’s about scalability, how about security? Irrespective of a product being open source or not, you need to worry about the security of the product. At WSO2, we put a lot of effort into building all WSO2 products in a secure manner. We use both open source (OWASP ZAP) and commercial code scanning tools (Veracode, IBM AppScan). All these tools are integrated into the build system and no product releases are done without fixing any of the reported issues.

6. How did you start working in IAM?

It just happened. When I joined WSO2 in 2007, I was assigned to the WSO2 Identity Server team. At that time it was called, ‘Identity Solution’ – and we only had 4 members in the team. WSO2 was founded in 2005, where SOAP, SOA, web services were at the top of the hype. We had a strong, solid foundation in that space. Both of our founders are pioneers in the web services domain, and authored many key web services specifications. Axis2, Synapse, Rampart, WSS4J are top open source Apache projects initiated and mostly contributed by WSO2 employees at that time. Apache Rampart is the web services security module for Axis2 – and it has all WS-Security, WS-Security Policy, WS-Trust specifications covered. Around 2006/2007 we were closely working with Microsoft for interop testing, and that was the time Microsoft came up with an open specification called ‘Information Cards’, which is based on WS-Security and WS-Trust. Since we already had them implemented in Rampart, it only needed a little more effort on top of that to build support for Information Cards. That’s how the WSO2 Identity Server was born in 2007 – and it was one of the very first implementations of Information Cards in Java.

7. What is your proudest accomplishment in recent times?

WSO2 Identity Server celebrated its 10th anniversary in December 2017. Looking back, there are many proud moments that were accomplished as a team. Today, WSO2 Identity Server is a globally recognized brand and is one of the top open source IAM products. There are more than 40 million users globally using WSO2 Identity Server for authentication on daily basis. There are more than 100 paying customers, which we are extremely proud of. Just to name a few, Nissan, HP, GE, Verizon, Vodafone, Seagate, Department of Homeland Security (DHS), Verifone, Align Tech, WEST, Nutanix, Trimble and many more. It’s extremely satisfying to see how the product evolved over the last 10 years and is now trusted by many Fortune 100 and Fortune 500 companies to build the most critical parts of their core business on top of WSO2 Identity Server.

8. What advice would you like to give a budding developer or an architect to better their career?

Failing to innovate is the biggest failure in anyone’s life. The world does not lack technical skills, but fresh ideas.”

Failing to innovate is the biggest failure in anyone’s life. The world does not lack technical skills, but fresh ideas. Fresh ideas are born when you start feeling your problems and those of others. You may choose to live with the pain or get rid of it by fixing the problem. The latter leads to innovation. There is always room for improvement, room for innovation. Capitalize on those and enjoy what you do.

You can follow Prabath here and read his blog here.

10 11 12 – WSO2 Identity Server Keeping the Bad Guys Away Since 2007!

WSO2 Identity Server turns 10 today on the 11th day of the 12th month of this year! Over the years the team has grown, research and development efforts have evolved, we’ve procured some big-name customers and various team members have gone on to publish stellar books on identity and access management.

To commemorate this day we thought we’d pick a few cool things (from a long list) about WSO2 Identity Server:

  • WSO2 Identity Server manages more than 40 million identities across the world.
  • Fully open source, WSO2 Identity Server has thousands of FREE users.
  • Mobile Connect support from WSO2 Identity Server is available for more than 900 million users in India.
  • Our first customer, ELM, manages over 4 million user identities and we’re still a part of their digital journey.
  • (Let the name dropping begin) Some of our other customers include Verifone, West Corporation, Verizon, HP, Seagate, Nutanix, T-Systems, and many in the educational industry such as Brigham Young University, New York University and Australian Catholic University.
  • We offer over 40 connectors in our connector store so that you can integrate with any system and enhance your system capabilities.
  • Single sign-on (SSO) and identity federation are our forte. You can ask any of our customers! Here’s a link to the latest version of the WSO2 Identity Server.
  • We were the winner for “Identity as a service” in 2011 at the KuppingerCole European identity awards. We also helped one of our customers to bag an award at EIC 2015 for their Mobile Connect implementation.
  • Prabath Siriwardena, our director of security architectures, is not only a renowned figure in the IAM space, but also the author of Advanced API Security, Maven Essentials and more.
  • Concerned about GDPR or PSD2? Want to know how Customer IAM can help you with digital transformation? We have got your covered for 2018 and beyond!

Congratulations to our IAM team for their amazing feats over the years and special thanks to one of our starting members Ruchith, who has gone off to accomplish amazing things! You can read Prabath’s blog to get the full low down on how we started.