Security

In the ATG monolith, production DB credentials lived behind a JBoss SSH gate — effectively unreachable without infra access. After modernizing to microservices on Azure Kubernetes, every developer’s Azure account could read prod DB, Redis, and Service Bus secrets from Key Vault with a single CLI command. VPN and device whitelisting gated the network path, but not the humans. The migration didn’t just change our architecture — it quietly widened the insider blast radius.

The identity industry is stuck between SaaS IDPs that aren’t flexible enough and custom solutions that aren’t secure enough. And for a surprising number of applications, the entire OAuth2 token ceremony is overkill – a session cookie would do.