Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 | Auth0 Presents: How to Manage the Complexities of an Internal Technology Platform | Identiverse | Day 4, June 28


Published on

Over the past decade, many enterprises have sought to increase agility by shifting to modular architectures, typified by the broad shift to microservices. At Cimpress, the parent company to Vistaprint and 15 other world-leading Mass Customization businesses, we’ve been on this journey ourselves. Our modular internal platform allows our diverse and autonomous businesses to focus on serving their customers best.

A key benefit of this approach is how it makes the “build versus buy” decision much more granular. There is no need to choose between monolithic solutions; we can mix and match third-party and in-house software components. But this modularity, combined with the diversity of our businesses and all their partners, creates the challenge of managing identity: how do you support a complex interplay of users and applications without crippling adoption, usability, and security?

In this talk, we’ll discuss how Auth0 helped us tackle this challenge at Cimpress, both as an enabler of secure access to our applications and as a microservices-friendly vendor on top of which we can layer differentiating capabilities.

Published in: Technology
  • Be the first to comment

2019 | Auth0 Presents: How to Manage the Complexities of an Internal Technology Platform | Identiverse | Day 4, June 28

  1. 1. ® How to Manage the Complexities of an Internal Technology Platform Presented by Cimpress & Auth0
  2. 2. ® Cimpress & Auth0 Carlos Mostek Senior Solution Architect Auth0
  3. 3. ®
  4. 4. ® Intro Ryan Breen Director, API Management Cimpress
  5. 5. ® About Cimpress • Founded in 1995 by Chairman and CEO, Robert Keane, in Paris • Mass customization capabilities at our core • Cimpress manages a portfolio of businesses, each with its own unique customer value proposition • USD $2.7 billion revenue (TTM Q3 FY19) • ~14,000 team members in +40 offices and manufacturing facilities
  6. 6. ® What is Mass Customization? Producing small orders of custom products that have the reliability, quality and affordability of mass produced goods
  7. 7. ® An Illustrative Example: Prepress • We’re printing uploaded content • Of variable quantity • On different surfaces • At different manufacturers • If the result doesn’t meet a user’s expectations, that’s a refund or exchange • These problems are technically challenging and common across all mass customization vendors
  8. 8. ® Vistaprint in 2013 • We were successful. But we were hitting limits. • We scaled vertically as we grew but were locked into a monolith • Too much NIH, no opportunity to choose the best tool for the job • Too insular: we were Vistaprint and a couple of acquired companies, none of whom could share work with each other • We wanted new growth avenues: more businesses, more flexibility, more reuse of capabilities like Prepress
  9. 9. ® The Big Reset • Most problems can be solved with a corporate rebrand! • Vistaprint ➞ Cimpress • For all the rest, there’s microservices ➕ Team autonomy ➕ Freedom to choose the best tools ➕ Reduce NIH, increase buy decisions • Each service is a product, those products are a platform • Imagine if every business at Cimpress could share the same Prepress tools • Imagine if everyone outside of Cimpress could, too
  10. 10. ® It’s Working! • Teams embraced this new freedom, revisiting all past assumptions • New services were created weekly to solve real business problems 😍
  11. 11. ® It’s Not Working! • Teams embraced this new freedom, revisiting all past assumptions • Now we had a Tower of Babel problem • New services were created weekly to solve real business problems • Now we had a discovery problem • If no one can find or use your services, do you really have a platform? 😍 😢
  12. 12. ® Now, for a strong central democracy • Maybe we need SOME rules • Hamilton was popular at the time, so let’s implement federalism (But nerd it up by calling it an RFC process)
  13. 13. ® A Few Simple Rules… • Every service is REST + JSON • Every service publishes its OpenAPI spec in the same place • Every service authenticates in the same way
  14. 14. ® Vendor Selection: Identity • Security isn’t our business. Buy it. • But don’t buy into someone else’s monolith • Auth0 is standards-based, composable, and microservices-oriented • Powerful, developer-focused tooling • Those are OUR values
  15. 15. ® Getting Productive • Teams can still innovate (on stuff that actually matters) • Auth0 facilitated even more “Buy” decisions • All SaaS vendors must support SAML || OAuth2 via Auth0 • Because we now provide standard interfaces, customers can actually find and use our stuff 🎉
  16. 16. ® Four Years of Progress • In 2015, our Auth0 pilot was a skunkworks effort • 3 developers, 2 internal apps, and 5 users • We used Auth0 Rules to creep on our CEO • As of today • 1,000 internally-developed applications and APIs use Auth0 • 9,000 employees log in to Auth0-secured apps per month • ~100m machine-to-machine calls a day with Auth0 tokens • This year, Vistaprint selected Auth0 to secure end-user traffic
  17. 17. ® Prepress in 2019 • Yesterday, 12 Cimpress businesses made at least 10,000 calls to Prepress APIs • A couple of them made millions of calls
  18. 18. ® Lessons Learned • There’s tension between autonomy and user experience • Focus on your differentiating value, and buy the rest • Only buy from vendors who share your values
  19. 19. ® Is there a pattern here? • Digital Transformation • Distributed Architecture • Standards & Best Practices
  20. 20. ® User Experience vs Security • Step back and analyze your problem space • Don’t migrate your legacy problems; migrate away from your legacy problems • UX and Security are not entirely mutually exclusive • Make sure an expert is involved • Developer Experience follows the same trend
  21. 21. ® Questions?