The Identity & Access Podcast talks to professionals in the IAM industry about their experiences and thoughts on the future of IAM.
Episode 2 features Adam Bradley, Chief Digital Architect from UNIFY Solutions.
We discuss his history in the Identity & Access space and what impact he sees in the future from innovations such as blockchain.
Below the embedded podcast episode and a transcript for today’s episode.
Today’s guest: Adam Bradley: LinkedIn
Identity & Access Podcast Episode 2: Soundcloud
If you missed it -> Episode 1 with Shane Day: Episode 1: Shane Day & The European Identity & Cloud Conference
Transcript for this episode:
Intro Voice: Welcome to the Identity and Access Podcast where we talk to professionals working in the IAM industry about their experiences and thoughts on the future.
Intro Voice: The Identity and Access podcast is sponsored by UNIFY Solutions and identityandaccess.org.
Intro Voice: We hope you enjoy today’s episode.
Joshua Jager: Welcome to the Identity and Access Podcast. Today we are joined by Adam Bradley. He is the Chief Digital Architect for UNIFY Solutions and is based in Brisbane, Australia.
Joshua Jager: Today we’ll be talking to Adam about all things identity, blockchain, AI, and I may even ask him about how his cryptocurrency is going.
Joshua Jager: Adam, welcome to the pocast.
Adam Bradley: Josh, thanks for having me.
Joshua Jager: So Adam, before we get into a little bit about what you do for UNIFY and in the day-to-day work life and perhaps what inspires you about identity, I just want to hear a little bit from you about how you came into the identity space.
Joshua Jager: What first peaked your interest and how did you end up where you are today?
Adam Bradley: I sort of fell into it, I suppose. It was in one of my first roles out of university. I became an operations manager at a private school in Victoria, in Melbourne. Wesley College. I dunno if I can mention brand names or places, but that’s the one.
Joshua Jager: It’s fine.
Adam Bradley: And they were a large, NetWare 311 organization, Microsoft. This is some time ago, as you can might well imagine. And they had implemented some rudimentary identity management components.
Adam Bradley: And because they were a Novell platform, when the Novell IDM piece came out, which was the first, or DirXML as it was called in the day.
Adam Bradley: When it came out it was a thing that interested me, so I was big on automation. I always maintain that if I can’t do myself out of job, then I’m not doing good enough job. So my aim even back before automation was fashionable was to try and be as automated as possible.
Adam Bradley: Purely as you know Josh, I’m quite a big coffee drinker, so I do like to make sure that there’s an amount of time each day set aside for coffee drinking, so automation and coffee drinking are complementary.
Joshua Jager: Awesome.
Adam Bradley: Yeah so the identity management piece, I guess I fell into that and I did the training, set all of that up at the first organization and then promptly applied to Novell for an identity management role or a role at Novell which involved not only identity management, but all of the other components.
Adam Bradley: So I landed fairly young and fairly green in a consulting role –
Joshua Jager: Cool.
Adam Bradley: I was there and had been there, probably on-and-off, little bit more off in the last few years, but more on for the first 20 years of my career.
Joshua Jager: So what stage in your career did you end up at UNIFY?
Adam Bradley: Look, it was after a stint at Novell in Singapore. We’d made the decision to return after a very interesting stint there. I did about seven years all up at Microsoft. Both in Australia and in region up in Singapore doing identity integration work principally, but some also … system integration work to promote the adoption of Office 365 in Region. That was very, very interesting.
Adam Bradley: It was after that role, which was a global role and after there was a pressing need to come back to Australia. No similar role existed, and the role of a consultant at Microsoft at the time was a bit of a lowly one.
Adam Bradley: There was an opportunity at UNIFY to come back, and I’d worked with UNIFY in my time at Microsoft when I was in Australia, and I’d been impressed by some of the larger deployments and the knowledge that the people had, and obviously the IP that existed and some of the technology.
Adam Bradley: So, another coffee meeting with the CEO Mike Goodall down in Kingscliff in northern New South Wales, the deal was struck and I was to come on and obviously become principally the interface between Microsoft, to make sure that I curated those relationships, used those relationships obviously as part of that Office 365 deployment team.
Adam Bradley: As you can imagine in South East Asia, there’s some very large customers. One of their customers had over a million users, so we had some very interesting at scale identity challenges to overcome, and sharepoint and exchange and all the others. Again, there were a lot of automation, a lot of pieces there.
Adam Bradley: And then in one of our other big deals in Korea, we had 850 customers under a single umbrella, so we had to automation across all of those 850 also.
Adam Bradley: So I got to know the identity team quite well. I got to know the Office 365 team quite well. And I guess to this day, at some of those, not all of them, some of them have moved on, but many of those relationships still I guess exist to this day, which is great.
Adam Bradley: So that became my role and it was a bit of a … change from Microsoft obviously, coming from a very, very large company to –
Joshua Jager: Sure, yeah.
Adam Bradley: – a much smaller company. But it also gave me a lot more control over my day-to-day activities, which was great. And Mark was kind enough to offer that as well.
Adam Bradley: So yeah, good transition, not as much travel, which is fine but it was really, really good transition into a very specialized identity and access management company.
Joshua Jager: Wow, that’s really cool.
Joshua Jager: So what would you say it is about the identity and access industry that has kept your attention for all these years, and gets you up in the morning and keeps you going?
Adam Bradley: Once I got over the coolness of the technology, which took a while, I must admit, probably longer than it should have. I was deeply interested in how, at the time it, when I was at Novell, how the Novell stack worked and we applied for some really interesting projects like number portability and doing real-time event handling using this identity system.
Adam Bradley: It was a really, really interesting technology, it was almost boundless what it could do with enough time and enough effort. I was lucky enough I guess to have a developer background as well, so I was always, and still am a frustrated coder. So you could kind of make things do things that maybe they weren’t originally designed to do.
Adam Bradley: And we almost used it as an API gateway. That’s obviously a very interesting industry trend at the moment. I’ve got some thoughts on that if you wanna ask me about that later on. Don’t ask me about AI so much, but ask me maybe about API gateways.
Adam Bradley: Yeah so that Novell stack, the Novell IDM, I went overseas, did the training, got quite good at it, and then also got plugged into that community. So, the community itself had some very, very forward looking people, and one of the people … was a gentleman by the name of, I think it was Dick Wood, and he did a very interesting presentation.
Adam Bradley: It was about 2005, maybe 2005 was the first time that he did that presentation. And it was all about what identity actually is, he goes through and talks about identity 2.0. At the time there was a large number of isolated identity stores that service providers would stand up. You had a Yahoo account for Yahoo, you had Insight account for Insight, you had an AltaVista account for AltaVista. You had something for everything.
Adam Bradley: And then all of a sudden, those industry aggregators came along and started to offer things like Microsoft accounts, so you could start to integrate some of the Microsoft accounts. And that was an interesting sort of trend in that direction.
Adam Bradley: But then he was I guess wise enough to understand that they’d just become identity aggregators and attribute aggregators, and obviously that’s what we’ve seen in recent times with some of the social identity providers and Google. They need to know as much as they can about you to be able to sell the notion to the advertisers that they know as much about you –
Joshua Jager: Definitely
Adam Bradley: – obviously to market to you. And so he was not keen on that idea, and I was not keen on that idea when I guess it was pointed out. And ever since, the industry I think has probably got a little bit lazy since that time.
Adam Bradley: And only in recent times I guess, with the advent of some of the newer technologies around the decentralized ledgers, blockchain, what have you, that whole decentralized identity concept. He was well ahead of his time, he introduced that concept in some respects. I’m sure it was standing on the shoulders of giants, I’m sure it wasn’t just him in isolation.
Adam Bradley: It was that that really set the spark, so I was doing identity and access management work to allow me to possibly one day to be involved in something a little bit bigger. But of course, all of those … bigger citizen identity pieces all require the other pieces to be in place anyway.
Adam Bradley: So you can feel as if you’re doing the foundation work in enterprises and for government agencies, if you making all of those systems work as they should from an identity perspective. And then obviously plug in to something a lot greater, and hopefully one day we’ll all be back in control of our information.
Adam Bradley: That’s a big answer to what was a relatively small question, and I guess it hints at some of the other questions I think probably you’re gonna ask a little bit later on.
Joshua Jager: Before we get perhaps into your interests, and you mentioned blockchain there, but I was wanting to ask you a little more about your role here at UNIFY as Chief Digital Architect, and sort generally what you do day-to-day, and what kind of thoughts occupy your mind currently?
Adam Bradley: Gosh, that’s a scary place to have to ask me to go, Josh, but we’ll just delve there for a little bit.
Joshua Jager: What kind of topics occupy your inbox perhaps?
Adam Bradley: No, I think that that’s very reasonable.
Adam Bradley: Every day I wake up I hope that I’m going to be able to work with a customer to get them from where they are to where I believe they need to be. And they may not believe me when I say that they need to be somewhere, but at least to give them some understanding of the trends, the … emphasis that they should be placing on protecting identities.
Adam Bradley: And obviously we’ve seen some very, very large attacks and exploits and what have you, and one of the ideas and one of the benefits obviously of decentralized identity, as I mentioned before is that the individuals are responsible for managing their own attributes, so the claims that they hold, the self asserted claims, or the claims from third parties that they then pass through the service providers, rather than all the service providers holding them.
Adam Bradley: So then there’s not these large honeypots and again, with consolidation of the industry down to a number of large identity providers, more and more of your identity information is being stored in a limited number of places.
Adam Bradley: And so that’s really I guess the thing that concerns me, and it goes back to the early days at Novell in 2005, and identity 2.0. We could see it coming a long, long time ago and we’ve just sort of fallen into this bad habit of allowing these other people, these other aggregators to monetize what really should be ours to own.
Joshua Jager: So these are definitely big questions and you mentioned your goal in life has always been to sort of automate your job. How are are you going in automating your job, answering the biggest questions in identity?
Adam Bradley: I think that’s an excellent question as well. If only I was able to do it half as well as I would like to be able to do it. I’ve got a lot of very, very visual concepts that I struggle day-to-day to try and encapsulate in words or even in pictures. So, not as well I’d hoped, I think it’s fair to say.
Adam Bradley: And in fact, I honestly think that there’s so many points of information. Not too long ago there were too many sources of information to stay plugged in. And I guess that’s one of the things that is the challenge, is to try and stay plugged in. So to automate that, it’s a real challenge.
Joshua Jager: So circling back to some of the things you’re interested in that coming into play in the identity and access industry and you mentioned blockchain, which of course is across many, many, many industries and sectors.
Joshua Jager: But what impact do you see blockchain having on this industry? What sort of impact have you seen it have in the identity and access marketplace? And what role do you think it will have in the future?
Adam Bradley: Well, I think it will have as much impact on the identity and access management market space in the short term as it has in other areas of the marketplace, and that’s not a great deal at the moment. And I think there is some very real technology limitations that exist today, and also legal issues. So there are challenges in both of those regards.
Adam Bradley: I think one of the most interesting examples that I’ve seen there recently was that it’s been adopted for in-game payments for Fortnite I think it was, was announced the other day. So they’re actually using a blockchain solution to obviously come to a consensus view of who’s paid who what in whatever the currency that’s used inside of that game, that micro payment system.
Adam Bradley: So that was a very, very interesting use of the technology, and obviously there’s been some recent announcements also, and a proliferation of identity companies, or companies that have gone to market with ICO ideas, and I think blockchain and identity is just another example of … an abuse of some of that ICO money at the moment.
Adam Bradley: I’m hoping that there will be a consolidation because there’s proliferation but whenever there is one of those, then obviously there will be some sort of consolidation in that market.
Adam Bradley: Microsoft is obviously very interested and is supporting a lot of the technologies, and obviously we have some very strong relationships with Microsoft. I think it’s hugely interesting, again as a enabler for decentralized identity, I think it’s wonderful.
Joshua Jager: Definitely.
Adam Bradley: There’s certainly players in the market outside of the large vendors, outside of the Microsoft vendors and what have you that are using similar technologies and that will use similar technologies to sort of facilitate digital identity, or decentralized identity I should say. It is going to be huge.
Adam Bradley: I’m hoping that one we’ll just all wake up and it will be the case. And I think that there are reasonably good options and reasonably good standards and technologies in place, and ideas, and people with ideas at the moment that will allow for that to happen.
Adam Bradley: So it should be one day significantly more valuable and significantly less risky for service providers and information aggregators to not have to store that information, and for it to be stored in a decentralized fashion.
Adam Bradley: It’s a lot harder to break seven billion smartphones than it is to go one large data store and break that. But no more honeypots hopefully.
Joshua Jager: So do you see blockchain as integral to achieving that state, or do you think there may be some sort of hybrid between the technology we have now and blockchain? Or something completely different?
Adam Bradley: Well look, blockchain is a lovely layer over the top of what is just public and private key cryptography to come to a consensus view. So if there’s the need for consensus, if there’s the need for independent consensus or an independent trust, then it’s a great technology.
Adam Bradley: I think for many where that institutional trust already exists, then it’s probably not gonna be necessary, but decentralized identity is still possible. And I’d like to think that there are, we could get to a point one day when the technology allows and when the law allows, that it is the underlying technology behind decentralized identities.
Adam Bradley: There are initiatives in place already that Decentralized Identity Foundation, or federation, I should say, of which all of the key and prominent blockchain identity providers, or blockchain based identity providers are currently part of at the moment. They’re all members. The notable exception was IBM, and they’ve joined recently.
Adam Bradley: ID2020 have joined recently, which are a fascinating organization about providing verified digital identity for disenfranchised and underprivileged, and for those people that just otherwise don’t have any form of identity, don’t have bank account, have no way of associating an asset with an identity, which obviously is one of the key … requirements for any sort of long term prosperity.
Adam Bradley: So there are some wonderful initiatives. It seems like the industry players are coming together, and I’m cautiously and possibly a little naively optimistic around the future success of that particular initiative. I sure hope so. Like I said, there are some technology and legal issues, which probably the legal ones will usurp all the technology but yeah, I think it will by rosy. I really hope it will be. I really am hopeful.
Joshua Jager: So from a customer standpoint, and you’ve obviously talking to many customers, is blockchain even coming up in conversations from the customer’s side?
Joshua Jager: Are they cautious of blockchain because there’s been a lot of, of course, negative press around cryptocurrencies, which are closely tied to blockchain in people’s minds?
Adam Bradley: I think yes to all of that.
Adam Bradley: The challenge is to … disambiguate the two. So to say cryptocurrencies and blockchains, they’re tied obviously very closely to each other, but they’re certainly different initiatives.
Adam Bradley: I guess we have to go back, and I have to when I do talk to these sorts of customers and say “Here’s a service catalog” or “Here’s all of the possible things that you need to consider. Aspects, capabilities that you need to consider when you look at digital identity”. And decentralized identity is just one of them. And using blockchain an decentralized identity is just one of those capabilities.
Adam Bradley: And I can certainly talk to, there are a number of different examples, in fact the Philippines have just implemented a blockchain based identity solution in the country. I’m not sure based on recent happenings there whether that’s a good thing or a bad thing, I guess time will tell.
Adam Bradley: But the shining light in all of this was of course Estonia who, not too many years ago had a very, very large set of cyber attacks, and took a very, very strong stand around making sure that they were going to be in a position where that would never happen again. And they at the time were mindful enough, and the technology was in its infancy, but obviously it was suitably mature that it allowed them to adopt some of these capabilities.
Adam Bradley: I think there’s a lot of moves in the industry as well around data sharing and data aggregation, especially from governments, so open data initiative in Australia for example. A lot of that is tied to consent.
Adam Bradley: I think consent is a very interesting component as well, and obviously if I’m not in control, at a very low level, at very granular level, if I’m not in control of who I am and the aspects, or the attributes, or the claims that make me me, and also who I’m prepared to allow them to be released to, then I’m at a huge disadvantage.
Adam Bradley: And Estonia established that criteria, so they have some very strict data control and data handling mechanisms and release mechanisms and consent mechanisms. And I think Australia’s just coming on board now with a lot of those things and that push in the industry will also the adoption. Although I suspect people will be looking to do as little as possible, as they often are from a compliance perspective.
Adam Bradley: But no, we’ve certainly spoken with some banks and in the FSI that already have a reasonably good understanding of what blockchain is and what I can do, and how it can be applied. So I think they’re probably two or three years ahead of everyone else because they were hugely concerned about the implementation of blockchain in their industry, and certainly in the remissions payment, not remissions, remittance payments I should say. It’s devastated that industry, the traditional industry.
Joshua Jager: I think those industries that kind of identified it early as a potential threat or hugely innovative thing in their space are ahead of traditional players.
Adam Bradley: They certainly are and I guess also the liabilities around … the banks obviously have some very strict “Know your customer” type requirements, and I think people are getting sick of having to provide 100 points every time.
Adam Bradley: There’s a lot of, I guess a lot of tension around identity and proliferation of identities. We’ve dealt with some customers and some governments I should say in South East Asia that are struggling with this issue already, where they want to be able to do decentralized identity projects but then they fall back to an identity per agency, which is awful, as you can imagine.
Adam Bradley: Yeah, that there’s an enormous churn in the industry … there’s enough things I think lining up at the moment that might actually mean that some of these initiatives will be pulled through. Obviously the challenge with all of these things is making sure that everyone benefits, so it’s a very challenging Venn diagram where the individual that the service provider and presumably the technology operator all have to have a little something out of it.
Adam Bradley: And I think in the past it’s only been two of the three at best, but now I think people are coming together and understanding that there can be more to it. And it can benefit all three parties. One of things obviously that I need to be mindful of when I talk to customers is “Is this actually undermining their business plan or undermining their business model?” And often times it is, and that’s obviously not the people, you certainly can’t have those conversations with those people.
Adam Bradley: That was a long answer as well. Sprawling.
Joshua Jager: It’s okay.
Joshua Jager: So, what kind of blockchain skills do you think developers and people in the industry should be looking to acquire? Or at least be aware of going in to the future?
Adam Bradley: Well, that’s a challenge isn’t it? At the moment, with the tension for BI and data skills, I think –
Joshua Jager: Do you see … let’s just say 50% of all the ICOs go out of business, the organizations that had an ICO.
Joshua Jager: There’s gonna be a flood of blockchain enabled developers on the market at that point. So, if it does become more mainstream there may be ample supply of … resources out there.
Adam Bradley: Look, if there’s ample supply of developers, I guess the challenge still is that some of the technologies are probably 12 to 18 months from getting to the point where they can scale sufficiently. I think, still Ethereum’s around 10 transactions a second, I think Bitcoin and the technologies underlying Bitcoin are half that.
Adam Bradley: So, that doesn’t excite the industry particularly. When you need just sort of, in those public blockchains at least, get up around 100,000 to deal with some of the credit providers. Or the credit card and credit gateway providers, and the sort of transactions that they’re putting through. So I think technology will still be the thing that holds it back.
Adam Bradley: I know recently I indulged and bought a cryptokitty on Ethereum, and it took me many hours, in fact I think it was a couple of days before that transaction was actually confirmed. So that was –
Joshua Jager: I think that completely slowed down the Ethereum network for quite some time.
Adam Bradley: It did. It was just a curiosity at the time, but those sorts of challenges aren’t going to please organizations. And even some of the proof of work algorithms at the moment, obviously there’s a lot of … negative press around the sort of power that those things are taking, and there are other consensus algorithms out there.
Adam Bradley: In fact, there are many far better but they also aren’t as well tested and so human nature and the ability of clever people to exploit those through engineering circumstances that mean that they can gain, those things aren’t known yet.
Adam Bradley: So whilst the proof of work has been very reliable, and quite lucrative for certain people, a move to another consensus algorithm that allows for some of the scalability numbers means that we’re kind of back to 2008 again with respect to testing it in the wild. So how long will it be before people are happy with that new consensus algorithm? It’s at least 12 if not 12, maybe it’s a year, one to three years away before it’s mainstream.
Joshua Jager: So moving away from the decentralized –
Adam Bradley: Do we have to?
Joshua Jager: Just opening up a little, what other things do you see on the horizon, coming maybe from the large players in the industry, what different thought paradigms are you seeing coming forward in the thoughts based around the future of identity?
Adam Bradley: Well I guess we’re in the cyber security field. Whenever anyone asks “What do you do?” I say I’m in cyber security, and then I immediately say “I’m sorry we don’t do a particularly good job”.
Adam Bradley: So, I think one of the things that I have seen in recent times is, it’s some of the really obvious things that haven’t been dealt with well, are now starting to be taken seriously.
Adam Bradley: The internet and the security around dealing with aspects of people connecting to servers, and people connecting to people, and servers connecting to servers, a lot of those aspects were just taken for granted. There’s been significant exploits in recent times around secure sockets and TLS, even cookie handling. And so there are some industry initiatives around token security, there’s some initiatives just to basically tighten those protocols.
Adam Bradley: Some of those protocols are close to 40 years old. They’ve certainly evolved but the original constructs to run the DARPA network, where it was a closed network just for the US army, no longer apply and haven’t applied for some time. We’re built on very, very old, very, very ancient technology, and I guess ours days of reckoning have come, with respect to having to I guess take pause and be a little bit better about some of the things that we do.
Adam Bradley: And I don’t think that’s any different with identity, I think it’s been done as an afterthought in many respects. I think that probably is true of … most of the organizations I’ve been to. And so the liability, that exist now legally, legal liabilities around data loss and information privacy I think now are getting people to have to go and unpick all that they have done and start to make some investments in that space.
Adam Bradley: And I know a lot of the government’s risk and compliance platforms … the saviynt’s and the salepoint’s are doing particularly well to give organizations some idea of their liability and their exposure. Whether they do something about it obviously is something entirely different.
Adam Bradley: But again we’re based and we’re burdened by often mainframe technologies, banks are still often running old mainframes. Up until fairly recently Centerlink was running on 30-year-old computers. Their mainframes there were ancient, and just didn’t have the controls in place to manage the securities around, or the security around identities.
Adam Bradley: So there’s a lot of mopping up to be done. I don’t know … if I was still alive, we’d probably be having this conversation in 30 years time. I know I’m still having conversations that I had many, many years ago when I first entered the industry. I suspect we still will.
Joshua Jager: So before we run out of time, how’s your cryptokitty?
Adam Bradley: Well, I’ve actually diversified, Josh. So thank you for that. I’ve actually got some Monero now. I think I have .00006. I think I’m just over four zeros and a five. Yeah, yeah I’m just having a look.
Joshua Jager: So you sold your cryptokitty?
Adam Bradley: No, the cryptokitty is still there.
Adam Bradley: I guess even as someone that’s dealt with a lot of blockchains, I still have trouble with multiple digital wallets. So I probably still need to come to terms with that.
Adam Bradley: I guess the recent ICO bubbles and the recent cryptocurrency bubble has been something that I would have liked to have benefited from, but it was pretty obvious, I think they said “If your hairdresser starts recommending a investment, then it’s probably the time to get out”. And I think that proved to be the case just recently.
Joshua Jager: It did.
Adam Bradley: Blockchain, sorry Bitcoin I should say is challenging. But no look, I hold a little bit of a few different cryptocurrencies but certainly nothing to write home about.
Adam Bradley: I think I’ll, that was one of the plans for this year, to buy my kids a digital wallet and put some currency on it and hopefully –
Joshua Jager: Future investment.
Adam Bradley: Hopefully one day it’s worth something. Yeah, maybe when they turn 21, it might actually be worth something.
Joshua Jager: Awesome Adam.
Joshua Jager: Well, thank you for coming on today’s podcast, and I’ll look forward to talking to you again soon.
Adam Bradley: Josh, thank you very much. I can’t help but think we’ve spoken about nothing but blockchain, but I think we did speak about a little bit of other stuff –
Joshua Jager: A little bit of other stuff.
Adam Bradley: And I took your lead, and I didn’t mention anything about roller derby.
Joshua Jager: That’s a whole podcast.
Adam Bradley: It is indeed. Thanks for your time.