Expedia’s Software program Improvement Engineer shares her experience on unified identification programs and scalable applied sciences
In gentle of latest high-profile knowledge breaches and cloud safety incidents, the dialog round cloud vulnerabilities and how one can mitigate them has by no means been extra pressing. Gartner predicts that by 2025, 99% of cloud safety failures will outcome from buyer errors, regardless of the more and more subtle safeguards carried out by cloud suppliers. Misconfigurations and gaps in experience stay main points as organizations broaden their cloud utilization. As seen in latest knowledge breaches, these missteps spotlight that cloud safety just isn’t solely the suppliers’ duty however a shared obligation between distributors and purchasers.
To deal with these rising considerations, we’re talking with Asha Seshagiri, a lead software program engineer specializing in Identification and Entry Administration (IAM) at Expedia, who has over 12 years of expertise working with cloud-native applied sciences at corporations like IBM, Visa, and Expedia. Asha has been instrumental in growing One Identification, a unified authentication platform throughout Expedia’s a number of manufacturers, and One Key, a loyalty program that serves hundreds of thousands of customers. With cloud safety challenges changing into extra complicated, Asha’s experience presents essential insights into how companies can steadiness innovation with safety, notably in large-scale cloud environments.
You contributed considerably to growing the One Identification answer, which unified the authorization system throughout a number of Expedia manufacturers, together with over 300 million consumer accounts. How vital do you suppose it’s for giant corporations like Expedia, working throughout a number of manufacturers and providers, to create unified identification administration programs? How does it have an effect on consumer expertise and safety on such a big scale?
Unified identification administration programs like One Identification are essential for giant corporations working throughout a number of manufacturers, akin to Expedia. They streamline each consumer expertise and safety processes. From the consumer’s perspective, having a single set of credentials to entry varied platforms vastly enhances comfort. It reduces the necessity to handle a number of passwords, simplifies login throughout completely different providers, and builds belief, as customers expertise seamless transitions between manufacturers whereas retaining management over their private data.
On the safety facet, centralizing identification administration permits for uniform safety insurance policies and extra constant entry management. Superior safety mechanisms like multi-factor authentication (MFA) and behavioral analytics might be utilized throughout all platforms, enhancing safety with out complicating the consumer journey. Moreover, consolidating consumer knowledge into a standard platform mitigates dangers related to fragmented programs, permitting for faster responses to potential threats.
Total, this unified strategy not solely improves safety but in addition ensures that each the consumer expertise and safety measures scale effectively because the enterprise grows, offering long-term operational advantages.
Within the One Identification challenge for Expedia, customers may authenticate through varied strategies, together with passwords, one-time passcodes (OTPs), and social logins. How did you handle the mixing of those various authentication strategies whereas sustaining a steadiness between ease of use and excessive safety for such a big consumer base? Moreover, how did microservice architectures assist assist this method because it scaled to hundreds of thousands of customers?
Integrating a number of authentication strategies within the One Identification challenge required balancing consumer comfort with safety. Every technique — passwords, OTPs, and social logins — provided completely different ranges of accessibility, and our objective was to create a unified expertise with out compromising safety.
We used microservice structure to assist this integration at scale. As a substitute of counting on a monolithic system, we break up the platform into smaller, unbiased providers, every dealing with particular features of the authentication course of. This allowed us to develop, replace, and scale particular person parts — akin to password administration, OTP processing, and social login integration — with out disrupting the complete system. As consumer demand grew, we may simply add extra capability or introduce new options by updating solely the related microservices.
On the safety facet, we employed behavioral analytics and anomaly detection to watch consumer exercise and shortly establish potential safety threats. This proactive strategy, mixed with a versatile microservices structure, allowed us to take care of a excessive degree of safety whereas providing a seamless login expertise for hundreds of thousands of customers throughout varied Expedia manufacturers. This structure ensured that each safety and consumer expertise scaled effectively because the platform grew.
Furthermore, you had been instrumental in growing the framework for One Key system at Expedia, which unified loyalty packages throughout greater than 20 journey manufacturers, serving hundreds of thousands of customers. How do you see the way forward for loyalty packages within the period of digital transformation?
Loyalty packages have gotten a central a part of how corporations have interaction with their prospects, and digital transformation is reshaping how these packages function. The work we did on constructing the framework for One Key at Expedia is a good instance of how loyalty programs are evolving. By unifying the rewards throughout a number of journey manufacturers inside the Expedia Group, One Key permits prospects to earn and redeem factors seamlessly throughout completely different platforms—whether or not they’re reserving flights, resorts, or rental automobiles. This sort of unified expertise is precisely what customers anticipate within the digital age.
Wanting forward, I consider loyalty packages will proceed to shift in direction of personalization and real-time rewards. Prospects are more and more in search of packages that not solely present factors but in addition ship extremely related presents, tailor-made to their conduct and preferences. This requires programs that may course of huge quantities of information shortly, analyze it, and adapt to the consumer’s wants in real-time.
Briefly, as loyalty packages turn into extra dynamic and customer-centric, they might want to proceed evolving to ship the personalised experiences that customers now anticipate.
At IBM, you labored on optimizing cloud safety options, notably with the KeyProtect challenge, which focuses on encryption and key administration for cloud environments. How have knowledge safety approaches advanced with the widespread adoption of cloud applied sciences, and what are the largest challenges corporations now face in defending their knowledge, particularly in hybrid and multi-cloud environments?
As cloud adoption has elevated, knowledge safety has shifted from defending on-premises infrastructure to securing knowledge distributed throughout a number of cloud environments. The KeyProtect challenge at IBM, the place we developed encryption and key administration options, was designed to handle these challenges, particularly for corporations working in hybrid and multi-cloud environments.
One of many key shifts has been the necessity for efficient encryption key administration. Guaranteeing that knowledge is encrypted each in transit and at relaxation is essential, however managing entry to decryption keys is equally vital. To assist corporations keep robust safety with out the complexity of constructing key administration programs from scratch, we supplied KeyProtect APIs. These APIs enable companies to combine safe key administration immediately into their programs, eliminating the necessity to develop on-premises options.
Automation was essential on this course of. By automating key administration and menace monitoring duties, we enabled corporations to take care of excessive ranges of safety with out sacrificing efficiency. This automation helps streamline the mixing of safety options into current programs, guaranteeing that knowledge stays protected whereas minimizing the operational overhead related to guide administration.
Briefly, as cloud safety evolves, automation and built-in APIs are important instruments that assist companies navigate the complexities of information safety in hybrid and multi-cloud environments.
Many corporations face challenges when implementing cloud options, particularly relating to scaling and safety. What recommendation would you give to organizations which are simply beginning to transfer to cloud platforms?
For corporations simply beginning their cloud journey, my greatest recommendation is to plan for scalability and safety from the very starting. It’s straightforward to deal with getting up and operating shortly, however if you happen to don’t construct a robust basis, you’ll face challenges later when your wants develop.
Begin by adopting a cloud-native strategy, the place functions are designed to take full benefit of cloud options like elasticity and microservices. This makes it simpler to scale with out having to re-architect down the road.
On the safety facet, I like to recommend prioritizing automation for issues like monitoring and menace detection. Utilizing instruments that combine safety immediately into your cloud infrastructure will assist make sure you’re all the time protected as you scale. And don’t neglect to implement robust entry controls and encryption—these are non-negotiables for cloud safety.
Given your expertise in growing scalable options, how do you see the way forward for cloud computing and its influence on the business as an entire? What applied sciences do you suppose will dominate within the subsequent 5-10 years?
Given my expertise with scalable options, akin to the event of microservices at Expedia and Visa, and cloud-native safety programs at IBM, I consider the way forward for cloud computing might be pushed by even better flexibility, automation, and safety enhancements. Over the subsequent 5-10 years, I see serverless architectures and edge computing taking part in a big position. Serverless computing, which permits builders to run code with out managing the underlying infrastructure, is gaining traction as a result of it allows corporations to scale extra effectively. For instance, at IBM, we leveraged containerization and microservices, permitting us to scale particular parts independently, which is a key benefit of cloud-native approaches.
Edge computing may even turn into essential as industries like healthcare, manufacturing, and autonomous automobiles require real-time knowledge processing. As a substitute of routing all knowledge to centralized cloud servers, edge computing processes knowledge nearer to the place it’s generated, decreasing latency and enhancing efficiency. That is notably related in my work on safe programs, like KeyProtect at IBM, the place knowledge safety on the edge is as essential as within the cloud.
Safety will proceed to evolve, and I anticipate zero-trust architectures to turn into the norm. In programs like those I developed at Expedia, the place we unified identification options throughout a number of platforms, steady authentication and authorization had been important for securing distributed cloud environments. Zero belief will improve this, guaranteeing that each consumer, system, and software is authenticated no matter their location.
Lastly, synthetic intelligence and machine studying might be totally built-in into cloud operations, driving automated useful resource administration and menace detection. At Expedia, we carried out event-driven architectures and monitoring programs, which allowed us to automate responses to efficiency and safety points. AI will improve these capabilities, making it simpler for corporations to scale securely and effectively whereas optimizing assets in real-time. Mixed with applied sciences like Kubernetes and Docker, which I labored with extensively, these traits will dominate the cloud panorama.
