Netflix is perhaps best known in the technology community for its early decision to move its streaming business entirely over to Amazon Web Services.
But that’s not the only way that the company is staying on the cutting edge. What Netflix’s internal IT group is doing is “almost more radical than what we’ve done in the cloud,” said Adrian Cockcroft, cloud architect at Netflix, speaking recently during a Reuters cloud panel discussion.
“We’re systematically disassembling corporate IT components and using OneLogIn as a SaaS authentication system,” he said.
Mike Kail, vice president of IT operations at Netflix, has been overseeing the process. Netflix declined our request for an interview with Kail to hear more details of the project and said it doesn’t discuss its internal IT policies externally. But we learned a bit from OneLogIn, the single sign on service Netflix uses to manage its cloud services.
Netflix’s cloud first strategy is not particularly unique. But its philosophy is. “They go a bit further than most in saying that identity is the new parameter. Firewall is useless. They care more about access to data than anything else,” said Thomas Pedersen, CEO of OneLogin.
To execute that idea, Netflix had a challenging requirement: it wanted a vendor that could easily support SAML. SAML is an authentication standard that manages authentication and authorization without requiring users to sign in with a password.
OneLogIn supports SAML and says it has helped over 100 cloud app providers enable SAML. The result for Netflix is that when users are in the office, they don’t have to enter a password to access any of the cloud services that are supported by OneLogIn. Outside of the office, they still have to sign in once with OneLogIn to access their cloud services.
“They have been very adamant about using SAML wherever possible and wherever they had an app that didn’t support SAML they would try to influence vendors to implement it,” Pedersen said.
In a case study OneLogin posted not long after setting up its service with Netflix, Kail revealed a bit about how he feels about passwords. “Your security is only as strong as your weakest password,” Kail said in the case study. “With OneLogin, we’ve eliminated the need for passwords altogether. Having a single set of credentials managed internally and securely is a huge win for both IT and the end user.”
Currently, Netflix has around 90 apps managed in OneLogIn with around 2,000 employees able to access them, said Pedersen. The services include Dropbox, Docusign, Workday, Safari Books, SD Elements, ServiceNow, and Google Apps.
In fact, Netflix has eliminated Exchange email in favor of Gmail for all employees. “They took the old Exchange servers and shut them down and moved the entire company email to Google Apps,” Cockcroft said.
Netflix is also using OneLogIn’s iPad app. In the case study, Kail said that iPads are the dominant tablet his employees use and that the OneLogIn app lets them easily access all their cloud apps. It also lets IT quickly revoke access if an employee leaves the company.
Companies like Netflix like single sign on solutions like OneLogIn because they can dramatically reduce the number of calls to IT for help recovering passwords. Provisioning users can also get easier as can revoking access.
Okta offers a similar service to OneLogIn and Microsoft is now getting into the game. It recently announced that its customers, using certain Microsoft products and services, will be able to manage passwords for third party cloud apps through Active Directory.