Twenty years ago, almost everything in the IT world was on-premises: hardware and software, including the tools you used to verify who your users were and what they could do in your systems. In today’s cloud-native world, almost nothing is on-prem, and because of the explosion of apps, remote users and devices, it has become a considerably more complicated task, by orders of magnitude, to verify the identity of a user — or a service — and determine policies that say what they are and aren’t allowed to do.
Yet, half of that challenge—authenticating a user’s identity—has been mostly solved, or at least standardized. About ten years ago, with the shift to cloud-based applications and remote users, enterprises suddenly needed authentication for each endpoint and app, so there was an explosion of usernames and passwords. Yet, hackers quickly became wise to this scheme, as harvesting passwords and simply logging into the “front door” was much easier than hacking highly secure backend servers. Enterprises needed a way to better protect passwords and logins.