Expedia’s Software program Growth Engineer shares her experience on unified id techniques and scalable applied sciences
In mild of latest high-profile information breaches and cloud safety incidents, the dialog round cloud vulnerabilities and learn how to mitigate them has by no means been extra pressing. Gartner predicts that by 2025, 99% of cloud safety failures will outcome from buyer errors, regardless of the more and more subtle safeguards carried out by cloud suppliers. Misconfigurations and gaps in experience stay main points as organizations broaden their cloud utilization. As seen in latest information breaches, these missteps spotlight that cloud safety is just not solely the suppliers’ accountability however a shared obligation between distributors and shoppers.
To deal with these rising considerations, we’re talking with Asha Seshagiri, a lead software program engineer specializing in Id and Entry Administration (IAM) at Expedia, who has over 12 years of expertise working with cloud-native applied sciences at corporations like IBM, Visa, and Expedia. Asha has been instrumental in creating One Id, a unified authentication platform throughout Expedia’s a number of manufacturers, and One Key, a loyalty program that serves thousands and thousands of customers. With cloud safety challenges changing into extra complicated, Asha’s experience gives essential insights into how companies can steadiness innovation with safety, notably in large-scale cloud environments.
You contributed considerably to creating the One Id resolution, which unified the authorization system throughout a number of Expedia manufacturers, together with over 300 million person accounts. How necessary do you suppose it’s for big corporations like Expedia, working throughout a number of manufacturers and providers, to create unified id administration techniques? How does it have an effect on person expertise and safety on such a big scale?
Unified id administration techniques like One Id are essential for big corporations working throughout a number of manufacturers, resembling Expedia. They streamline each person expertise and safety processes. From the person’s perspective, having a single set of credentials to entry varied platforms tremendously enhances comfort. It reduces the necessity to handle a number of passwords, simplifies login throughout completely different providers, and builds belief, as customers expertise seamless transitions between manufacturers whereas retaining management over their private info.
On the safety aspect, centralizing id administration permits for uniform safety insurance policies and extra constant entry management. Superior safety mechanisms like multi-factor authentication (MFA) and behavioral analytics may be utilized throughout all platforms, enhancing safety with out complicating the person journey. Moreover, consolidating person information into a typical platform mitigates dangers related to fragmented techniques, permitting for faster responses to potential threats.
Total, this unified method not solely improves safety but additionally ensures that each the person expertise and safety measures scale effectively because the enterprise grows, offering long-term operational advantages.
Within the One Id challenge for Expedia, customers may authenticate through varied strategies, together with passwords, one-time passcodes (OTPs), and social logins. How did you handle the mixing of those various authentication strategies whereas sustaining a steadiness between ease of use and excessive safety for such a big person base? Moreover, how did microservice architectures assist assist this technique because it scaled to thousands and thousands of customers?
Integrating a number of authentication strategies within the One Id challenge required balancing person comfort with safety. Every methodology — passwords, OTPs, and social logins — provided completely different ranges of accessibility, and our aim was to create a unified expertise with out compromising safety.
We used microservice structure to assist this integration at scale. As an alternative of counting on a monolithic system, we break up the platform into smaller, unbiased providers, every dealing with particular elements of the authentication course of. This allowed us to develop, replace, and scale particular person elements — resembling password administration, OTP processing, and social login integration — with out disrupting your entire system. As person demand grew, we may simply add extra capability or introduce new options by updating solely the related microservices.
On the safety aspect, we employed behavioral analytics and anomaly detection to watch person exercise and shortly determine potential safety threats. This proactive method, mixed with a versatile microservices structure, allowed us to take care of a excessive stage of safety whereas providing a seamless login expertise for thousands and thousands of customers throughout varied Expedia manufacturers. This structure ensured that each safety and person expertise scaled effectively because the platform grew.
Furthermore, you had been instrumental in creating the framework for One Key system at Expedia, which unified loyalty applications throughout greater than 20 journey manufacturers, serving thousands and thousands of customers. How do you see the way forward for loyalty applications within the period of digital transformation?
Loyalty applications have gotten a central a part of how corporations interact with their clients, and digital transformation is reshaping how these applications function. The work we did on constructing the framework for One Key at Expedia is a good instance of how loyalty techniques are evolving. By unifying the rewards throughout a number of journey manufacturers inside the Expedia Group, One Key permits clients to earn and redeem factors seamlessly throughout completely different platforms—whether or not they’re reserving flights, inns, or rental automobiles. This sort of unified expertise is strictly what customers anticipate within the digital age.
Wanting forward, I consider loyalty applications will proceed to shift in the direction of personalization and real-time rewards. Prospects are more and more on the lookout for applications that not solely present factors but additionally ship extremely related gives, tailor-made to their habits and preferences. This requires techniques that may course of huge quantities of information shortly, analyze it, and adapt to the person’s wants in real-time.
In brief, as loyalty applications grow to be extra dynamic and customer-centric, they might want to proceed evolving to ship the customized experiences that customers now anticipate.
At IBM, you labored on optimizing cloud safety options, notably with the KeyProtect challenge, which focuses on encryption and key administration for cloud environments. How have information safety approaches advanced with the widespread adoption of cloud applied sciences, and what are the largest challenges corporations now face in defending their information, particularly in hybrid and multi-cloud environments?
As cloud adoption has elevated, information safety has shifted from defending on-premises infrastructure to securing information distributed throughout a number of cloud environments. The KeyProtect challenge at IBM, the place we developed encryption and key administration options, was designed to handle these challenges, particularly for corporations working in hybrid and multi-cloud environments.
One of many key shifts has been the necessity for efficient encryption key administration. Guaranteeing that information is encrypted each in transit and at relaxation is essential, however managing entry to decryption keys is equally necessary. To assist corporations preserve sturdy safety with out the complexity of constructing key administration techniques from scratch, we supplied KeyProtect APIs. These APIs permit companies to combine safe key administration instantly into their techniques, eliminating the necessity to develop on-premises options.
Automation was essential on this course of. By automating key administration and menace monitoring duties, we enabled corporations to take care of excessive ranges of safety with out sacrificing efficiency. This automation helps streamline the mixing of safety options into current techniques, making certain that information stays protected whereas minimizing the operational overhead related to handbook administration.
In brief, as cloud safety evolves, automation and built-in APIs are important instruments that assist companies navigate the complexities of information safety in hybrid and multi-cloud environments.
Many corporations face challenges when implementing cloud options, particularly in the case of scaling and safety. What recommendation would you give to organizations which can be simply beginning to transfer to cloud platforms?
For corporations simply beginning their cloud journey, my largest recommendation is to plan for scalability and safety from the very starting. It’s simple to deal with getting up and working shortly, however when you don’t construct a robust basis, you’ll face challenges later when your wants develop.
Begin by adopting a cloud-native method, the place functions are designed to take full benefit of cloud options like elasticity and microservices. This makes it simpler to scale with out having to re-architect down the road.
On the safety aspect, I like to recommend prioritizing automation for issues like monitoring and menace detection. Utilizing instruments that combine safety instantly into your cloud infrastructure will assist make sure you’re at all times protected as you scale. And don’t neglect to implement sturdy entry controls and encryption—these are non-negotiables for cloud safety.
Given your expertise in creating scalable options, how do you see the way forward for cloud computing and its impression on the trade as an entire? What applied sciences do you suppose will dominate within the subsequent 5-10 years?
Given my expertise with scalable options, resembling the event of microservices at Expedia and Visa, and cloud-native safety techniques at IBM, I consider the way forward for cloud computing will likely be pushed by even higher flexibility, automation, and safety enhancements. Over the subsequent 5-10 years, I see serverless architectures and edge computing enjoying a major function. Serverless computing, which permits builders to run code with out managing the underlying infrastructure, is gaining traction as a result of it permits corporations to scale extra effectively. For instance, at IBM, we leveraged containerization and microservices, permitting us to scale particular elements independently, which is a key benefit of cloud-native approaches.
Edge computing can even grow to be essential as industries like healthcare, manufacturing, and autonomous autos require real-time information processing. As an alternative of routing all information to centralized cloud servers, edge computing processes information nearer to the place it’s generated, decreasing latency and bettering efficiency. That is notably related in my work on safe techniques, like KeyProtect at IBM, the place information safety on the edge is as essential as within the cloud.
Safety will proceed to evolve, and I anticipate zero-trust architectures to grow to be the norm. In techniques like those I developed at Expedia, the place we unified id options throughout a number of platforms, steady authentication and authorization had been important for securing distributed cloud environments. Zero belief will improve this, making certain that each person, gadget, and utility is authenticated no matter their location.
Lastly, synthetic intelligence and machine studying will likely be absolutely built-in into cloud operations, driving automated useful resource administration and menace detection. At Expedia, we carried out event-driven architectures and monitoring techniques, which allowed us to automate responses to efficiency and safety points. AI will improve these capabilities, making it simpler for corporations to scale securely and effectively whereas optimizing sources in real-time. Mixed with applied sciences like Kubernetes and Docker, which I labored with extensively, these tendencies will dominate the cloud panorama.