Are there any compliance specs you don't think you'll be able to meet?
The only ones we have shied away from completely, that we're going to spend zero time on, are the DoD, military ones. It's funny, we were at AWS Re:Invent and a couple of DoD people said, "No, you really should look at it." We've worked with the military in the past, and everything had to be on-prem and secured and air-gapped, etc., so when they came up we said, we're not a good solution for you. But they were like "No, no, no, you don't understand. We're changing." We're a little skeptical of that one but we'll see.
We haven't spent a ton of time on all the regulations yet but we will over time. I don't see that there should be any significant issues. It's just work.
Is there a sweet spot in terms of the size of companies you target?
Initially, a few hundred people to maybe a thousand, two thousand people. I think that's going to be the sweet spot. Rather than size, it is going to be people that have Macs, that use AWS or have Gmail. Those are great targets for us because they've already taken that step to the cloud and they've already got stuff that AD can't control.
Any pieces you have yet to fill out? Do you have everything you need at this point?
There is more we need to fill out. We have this core directory and we have some major protocols, but we want to surround that with all the major protocols. We have LDAP. We have SAML. We'll do Kerberos; we'll do all these different protocols so any type of application or device that needs to auth, we'll support that protocol.
So you aren't LDAP based?
The database is not LDAP based but we expose LDAP so you can auth with us via LDAP. Part of the reason we built around a proprietary database is because we wanted to surround it with all the open protocols. If we base it on LDAP then the question is how do you hook it to Kerberos? How do you hook it to SAML? How do you hook it to IWA? How do you hook it to RADIUS, all these other things?
So we said let's build our own and then we'll build the interfaces for the protocols we need. That's not something that directories have done. There's two directories out there, really. There's AD, which is effectively based on LDAP and Kerberos. Then you've got LDAP, which is obviously based on LDAP. Nobody has said, "Let's build this directory and give you every single major protocol as a way to auth and control." If somebody builds an application that needs OAuth2, okay, great. You can auth with us via OAuth2. Or somebody builds one that's LDAP based. Great. Use that. That's the thinking.
Sign up for CIO Asia eNewsletters.