Expedia’s Software program Growth Engineer shares her experience on unified id methods and scalable applied sciences
In mild of latest high-profile information breaches and cloud safety incidents, the dialog round cloud vulnerabilities and how one can mitigate them has by no means been extra pressing. Gartner predicts that by 2025, 99% of cloud safety failures will outcome from buyer errors, regardless of the more and more refined safeguards carried out by cloud suppliers. Misconfigurations and gaps in experience stay main points as organizations broaden their cloud utilization. As seen in latest information breaches, these missteps spotlight that cloud safety just isn’t solely the suppliers’ duty however a shared obligation between distributors and purchasers.
To handle these rising considerations, we’re talking with Asha Seshagiri, a lead software program engineer specializing in Identification and Entry Administration (IAM) at Expedia, who has over 12 years of expertise working with cloud-native applied sciences at corporations like IBM, Visa, and Expedia. Asha has been instrumental in creating One Identification, a unified authentication platform throughout Expedia’s a number of manufacturers, and One Key, a loyalty program that serves hundreds of thousands of customers. With cloud safety challenges changing into extra advanced, Asha’s experience provides essential insights into how companies can steadiness innovation with safety, notably in large-scale cloud environments.
You contributed considerably to creating the One Identification answer, which unified the authorization system throughout a number of Expedia manufacturers, together with over 300 million consumer accounts. How necessary do you assume it’s for giant corporations like Expedia, working throughout a number of manufacturers and providers, to create unified id administration methods? How does it have an effect on consumer expertise and safety on such a big scale?
Unified id administration methods like One Identification are essential for giant corporations working throughout a number of manufacturers, akin to Expedia. They streamline each consumer expertise and safety processes. From the consumer’s perspective, having a single set of credentials to entry numerous platforms drastically enhances comfort. It reduces the necessity to handle a number of passwords, simplifies login throughout totally different providers, and builds belief, as customers expertise seamless transitions between manufacturers whereas retaining management over their private data.
On the safety facet, centralizing id administration permits for uniform safety insurance policies and extra constant entry management. Superior safety mechanisms like multi-factor authentication (MFA) and behavioral analytics may be utilized throughout all platforms, enhancing safety with out complicating the consumer journey. Moreover, consolidating consumer information into a typical platform mitigates dangers related to fragmented methods, permitting for faster responses to potential threats.
General, this unified method not solely improves safety but in addition ensures that each the consumer expertise and safety measures scale effectively because the enterprise grows, offering long-term operational advantages.
Within the One Identification undertaking for Expedia, customers may authenticate through numerous strategies, together with passwords, one-time passcodes (OTPs), and social logins. How did you handle the mixing of those various authentication strategies whereas sustaining a steadiness between ease of use and excessive safety for such a big consumer base? Moreover, how did microservice architectures assist assist this method because it scaled to hundreds of thousands of customers?
Integrating a number of authentication strategies within the One Identification undertaking required balancing consumer comfort with safety. Every methodology — passwords, OTPs, and social logins — supplied totally different ranges of accessibility, and our aim was to create a unified expertise with out compromising safety.
We used microservice structure to assist this integration at scale. As a substitute of counting on a monolithic system, we cut up the platform into smaller, impartial providers, every dealing with particular elements of the authentication course of. This allowed us to develop, replace, and scale particular person parts — akin to password administration, OTP processing, and social login integration — with out disrupting the whole system. As consumer demand grew, we may simply add extra capability or introduce new options by updating solely the related microservices.
On the safety facet, we employed behavioral analytics and anomaly detection to observe consumer exercise and rapidly establish potential safety threats. This proactive method, mixed with a versatile microservices structure, allowed us to keep up a excessive degree of safety whereas providing a seamless login expertise for hundreds of thousands of customers throughout numerous Expedia manufacturers. This structure ensured that each safety and consumer expertise scaled effectively because the platform grew.
Furthermore, you have been instrumental in creating the framework for One Key system at Expedia, which unified loyalty applications throughout greater than 20 journey manufacturers, serving hundreds of thousands of customers. How do you see the way forward for loyalty applications within the period of digital transformation?
Loyalty applications have gotten a central a part of how corporations interact with their clients, and digital transformation is reshaping how these applications function. The work we did on constructing the framework for One Key at Expedia is a good instance of how loyalty methods are evolving. By unifying the rewards throughout a number of journey manufacturers throughout the Expedia Group, One Key permits clients to earn and redeem factors seamlessly throughout totally different platforms—whether or not they’re reserving flights, accommodations, or rental vehicles. This sort of unified expertise is strictly what customers anticipate within the digital age.
Trying forward, I consider loyalty applications will proceed to shift in direction of personalization and real-time rewards. Clients are more and more on the lookout for applications that not solely present factors but in addition ship extremely related provides, tailor-made to their conduct and preferences. This requires methods that may course of huge quantities of information rapidly, analyze it, and adapt to the consumer’s wants in real-time.
Briefly, as loyalty applications develop into extra dynamic and customer-centric, they might want to proceed evolving to ship the customized experiences that customers now anticipate.
At IBM, you labored on optimizing cloud safety options, notably with the KeyProtect undertaking, which focuses on encryption and key administration for cloud environments. How have information safety approaches advanced with the widespread adoption of cloud applied sciences, and what are the largest challenges corporations now face in defending their information, particularly in hybrid and multi-cloud environments?
As cloud adoption has elevated, information safety has shifted from defending on-premises infrastructure to securing information distributed throughout a number of cloud environments. The KeyProtect undertaking at IBM, the place we developed encryption and key administration options, was designed to deal with these challenges, particularly for corporations working in hybrid and multi-cloud environments.
One of many key shifts has been the necessity for efficient encryption key administration. Making certain that information is encrypted each in transit and at relaxation is crucial, however managing entry to decryption keys is equally necessary. To assist corporations preserve robust safety with out the complexity of constructing key administration methods from scratch, we supplied KeyProtect APIs. These APIs permit companies to combine safe key administration straight into their methods, eliminating the necessity to develop on-premises options.
Automation was essential on this course of. By automating key administration and risk monitoring duties, we enabled corporations to keep up excessive ranges of safety with out sacrificing efficiency. This automation helps streamline the mixing of safety options into current methods, guaranteeing that information stays protected whereas minimizing the operational overhead related to handbook administration.
Briefly, as cloud safety evolves, automation and built-in APIs are important instruments that assist companies navigate the complexities of information safety in hybrid and multi-cloud environments.
Many corporations face challenges when implementing cloud options, particularly in terms of scaling and safety. What recommendation would you give to organizations which are simply beginning to transfer to cloud platforms?
For corporations simply beginning their cloud journey, my greatest recommendation is to plan for scalability and safety from the very starting. It’s straightforward to concentrate on getting up and operating rapidly, however for those who don’t construct a robust basis, you’ll face challenges later when your wants develop.
Begin by adopting a cloud-native method, the place purposes are designed to take full benefit of cloud options like elasticity and microservices. This makes it simpler to scale with out having to re-architect down the road.
On the safety facet, I like to recommend prioritizing automation for issues like monitoring and risk detection. Utilizing instruments that combine safety straight into your cloud infrastructure will assist make sure you’re at all times protected as you scale. And don’t overlook to implement robust entry controls and encryption—these are non-negotiables for cloud safety.
Given your expertise in creating scalable options, how do you see the way forward for cloud computing and its impression on the business as an entire? What applied sciences do you assume will dominate within the subsequent 5-10 years?
Given my expertise with scalable options, akin to the event of microservices at Expedia and Visa, and cloud-native safety methods at IBM, I consider the way forward for cloud computing will probably be pushed by even better flexibility, automation, and safety enhancements. Over the subsequent 5-10 years, I see serverless architectures and edge computing taking part in a big position. Serverless computing, which permits builders to run code with out managing the underlying infrastructure, is gaining traction as a result of it allows corporations to scale extra effectively. For instance, at IBM, we leveraged containerization and microservices, permitting us to scale particular parts independently, which is a key benefit of cloud-native approaches.
Edge computing can even develop into crucial as industries like healthcare, manufacturing, and autonomous autos require real-time information processing. As a substitute of routing all information to centralized cloud servers, edge computing processes information nearer to the place it’s generated, lowering latency and bettering efficiency. That is notably related in my work on safe methods, like KeyProtect at IBM, the place information safety on the edge is as essential as within the cloud.
Safety will proceed to evolve, and I anticipate zero-trust architectures to develop into the norm. In methods like those I developed at Expedia, the place we unified id options throughout a number of platforms, steady authentication and authorization have been important for securing distributed cloud environments. Zero belief will improve this, guaranteeing that each consumer, system, and software is authenticated no matter their location.
Lastly, synthetic intelligence and machine studying will probably be totally built-in into cloud operations, driving automated useful resource administration and risk detection. At Expedia, we carried out event-driven architectures and monitoring methods, which allowed us to automate responses to efficiency and safety points. AI will improve these capabilities, making it simpler for corporations to scale securely and effectively whereas optimizing assets in real-time. Mixed with applied sciences like Kubernetes and Docker, which I labored with extensively, these developments will dominate the cloud panorama.
