Expedia’s Software program Improvement Engineer shares her experience on unified identification methods and scalable applied sciences
In gentle of current high-profile information breaches and cloud safety incidents, the dialog round cloud vulnerabilities and how one can mitigate them has by no means been extra pressing. Gartner predicts that by 2025, 99% of cloud safety failures will outcome from buyer errors, regardless of the more and more subtle safeguards applied by cloud suppliers. Misconfigurations and gaps in experience stay main points as organizations broaden their cloud utilization. As seen in current information breaches, these missteps spotlight that cloud safety isn’t solely the suppliers’ accountability however a shared obligation between distributors and shoppers.
To handle these rising considerations, we’re talking with Asha Seshagiri, a lead software program engineer specializing in Identification and Entry Administration (IAM) at Expedia, who has over 12 years of expertise working with cloud-native applied sciences at corporations like IBM, Visa, and Expedia. Asha has been instrumental in creating One Identification, a unified authentication platform throughout Expedia’s a number of manufacturers, and One Key, a loyalty program that serves tens of millions of customers. With cloud safety challenges turning into extra advanced, Asha’s experience gives essential insights into how companies can stability innovation with safety, significantly in large-scale cloud environments.
You contributed considerably to creating the One Identification answer, which unified the authorization system throughout a number of Expedia manufacturers, together with over 300 million consumer accounts. How essential do you assume it’s for giant corporations like Expedia, working throughout a number of manufacturers and companies, to create unified identification administration methods? How does it have an effect on consumer expertise and safety on such a big scale?
Unified identification administration methods like One Identification are essential for giant corporations working throughout a number of manufacturers, equivalent to Expedia. They streamline each consumer expertise and safety processes. From the consumer’s perspective, having a single set of credentials to entry numerous platforms vastly enhances comfort. It reduces the necessity to handle a number of passwords, simplifies login throughout completely different companies, and builds belief, as customers expertise seamless transitions between manufacturers whereas retaining management over their private info.
On the safety facet, centralizing identification administration permits for uniform safety insurance policies and extra constant entry management. Superior safety mechanisms like multi-factor authentication (MFA) and behavioral analytics could be utilized throughout all platforms, enhancing safety with out complicating the consumer journey. Moreover, consolidating consumer information into a typical platform mitigates dangers related to fragmented methods, permitting for faster responses to potential threats.
General, this unified method not solely improves safety but additionally ensures that each the consumer expertise and safety measures scale effectively because the enterprise grows, offering long-term operational advantages.
Within the One Identification challenge for Expedia, customers may authenticate through numerous strategies, together with passwords, one-time passcodes (OTPs), and social logins. How did you handle the mixing of those various authentication strategies whereas sustaining a stability between ease of use and excessive safety for such a big consumer base? Moreover, how did microservice architectures assist help this technique because it scaled to tens of millions of customers?
Integrating a number of authentication strategies within the One Identification challenge required balancing consumer comfort with safety. Every methodology — passwords, OTPs, and social logins — supplied completely different ranges of accessibility, and our objective was to create a unified expertise with out compromising safety.
We used microservice structure to help this integration at scale. As an alternative of counting on a monolithic system, we break up the platform into smaller, impartial companies, every dealing with particular facets of the authentication course of. This allowed us to develop, replace, and scale particular person elements — equivalent to password administration, OTP processing, and social login integration — with out disrupting the complete system. As consumer demand grew, we may simply add extra capability or introduce new options by updating solely the related microservices.
On the safety facet, we employed behavioral analytics and anomaly detection to watch consumer exercise and shortly determine potential safety threats. This proactive method, mixed with a versatile microservices structure, allowed us to take care of a excessive degree of safety whereas providing a seamless login expertise for tens of millions of customers throughout numerous Expedia manufacturers. This structure ensured that each safety and consumer expertise scaled effectively because the platform grew.
Furthermore, you had been instrumental in creating the framework for One Key system at Expedia, which unified loyalty packages throughout greater than 20 journey manufacturers, serving tens of millions of customers. How do you see the way forward for loyalty packages within the period of digital transformation?
Loyalty packages have gotten a central a part of how corporations have interaction with their prospects, and digital transformation is reshaping how these packages function. The work we did on constructing the framework for One Key at Expedia is a good instance of how loyalty methods are evolving. By unifying the rewards throughout a number of journey manufacturers inside the Expedia Group, One Key permits prospects to earn and redeem factors seamlessly throughout completely different platforms—whether or not they’re reserving flights, lodges, or rental vehicles. This type of unified expertise is precisely what customers anticipate within the digital age.
Wanting forward, I imagine loyalty packages will proceed to shift in the direction of personalization and real-time rewards. Prospects are more and more in search of packages that not solely present factors but additionally ship extremely related gives, tailor-made to their habits and preferences. This requires methods that may course of huge quantities of knowledge shortly, analyze it, and adapt to the consumer’s wants in real-time.
In brief, as loyalty packages grow to be extra dynamic and customer-centric, they might want to proceed evolving to ship the personalised experiences that customers now anticipate.
At IBM, you labored on optimizing cloud safety options, significantly with the KeyProtect challenge, which focuses on encryption and key administration for cloud environments. How have information safety approaches advanced with the widespread adoption of cloud applied sciences, and what are the largest challenges corporations now face in defending their information, particularly in hybrid and multi-cloud environments?
As cloud adoption has elevated, information safety has shifted from defending on-premises infrastructure to securing information distributed throughout a number of cloud environments. The KeyProtect challenge at IBM, the place we developed encryption and key administration options, was designed to deal with these challenges, particularly for corporations working in hybrid and multi-cloud environments.
One of many key shifts has been the necessity for efficient encryption key administration. Guaranteeing that information is encrypted each in transit and at relaxation is crucial, however managing entry to decryption keys is equally essential. To assist corporations preserve sturdy safety with out the complexity of constructing key administration methods from scratch, we offered KeyProtect APIs. These APIs permit companies to combine safe key administration immediately into their methods, eliminating the necessity to develop on-premises options.
Automation was essential on this course of. By automating key administration and menace monitoring duties, we enabled corporations to take care of excessive ranges of safety with out sacrificing efficiency. This automation helps streamline the mixing of safety options into current methods, guaranteeing that information stays protected whereas minimizing the operational overhead related to handbook administration.
In brief, as cloud safety evolves, automation and built-in APIs are important instruments that assist companies navigate the complexities of knowledge safety in hybrid and multi-cloud environments.
Many corporations face challenges when implementing cloud options, particularly with regards to scaling and safety. What recommendation would you give to organizations which can be simply beginning to transfer to cloud platforms?
For corporations simply beginning their cloud journey, my greatest recommendation is to plan for scalability and safety from the very starting. It’s simple to concentrate on getting up and operating shortly, however if you happen to don’t construct a powerful basis, you’ll face challenges later when your wants develop.
Begin by adopting a cloud-native method, the place purposes are designed to take full benefit of cloud options like elasticity and microservices. This makes it simpler to scale with out having to re-architect down the road.
On the safety facet, I like to recommend prioritizing automation for issues like monitoring and menace detection. Utilizing instruments that combine safety immediately into your cloud infrastructure will assist make sure you’re at all times protected as you scale. And don’t overlook to implement sturdy entry controls and encryption—these are non-negotiables for cloud safety.
Given your expertise in creating scalable options, how do you see the way forward for cloud computing and its impression on the business as a complete? What applied sciences do you assume will dominate within the subsequent 5-10 years?
Given my expertise with scalable options, equivalent to the event of microservices at Expedia and Visa, and cloud-native safety methods at IBM, I imagine the way forward for cloud computing can be pushed by even higher flexibility, automation, and safety enhancements. Over the following 5-10 years, I see serverless architectures and edge computing enjoying a big position. Serverless computing, which permits builders to run code with out managing the underlying infrastructure, is gaining traction as a result of it allows corporations to scale extra effectively. For instance, at IBM, we leveraged containerization and microservices, permitting us to scale particular elements independently, which is a key benefit of cloud-native approaches.
Edge computing will even grow to be crucial as industries like healthcare, manufacturing, and autonomous autos require real-time information processing. As an alternative of routing all information to centralized cloud servers, edge computing processes information nearer to the place it’s generated, lowering latency and enhancing efficiency. That is significantly related in my work on safe methods, like KeyProtect at IBM, the place information safety on the edge is as essential as within the cloud.
Safety will proceed to evolve, and I anticipate zero-trust architectures to grow to be the norm. In methods like those I developed at Expedia, the place we unified identification options throughout a number of platforms, steady authentication and authorization had been important for securing distributed cloud environments. Zero belief will improve this, guaranteeing that each consumer, system, and software is authenticated no matter their location.
Lastly, synthetic intelligence and machine studying can be absolutely built-in into cloud operations, driving automated useful resource administration and menace detection. At Expedia, we applied event-driven architectures and monitoring methods, which allowed us to automate responses to efficiency and safety points. AI will improve these capabilities, making it simpler for corporations to scale securely and effectively whereas optimizing assets in real-time. Mixed with applied sciences like Kubernetes and Docker, which I labored with extensively, these tendencies will dominate the cloud panorama.