How Customer Success Architect Julian Lywood-Mulcock applies music to identity challenges.
Playing flute, violin, and piano gave Customer Success Architect Julian Lywood-Mulcock a thorough understanding of how each player comes together to form an orchestra. Although his soloist career never brought him his big break, it did lead him to obtain a Ph.D. from Durham University in machine creativity by using music as a vehicle of interaction between himself and an AI.
During a long stint at Accenture, Julian worked on challenging identity problems for businesses across the UK and Europe, until a customer need for passwordless authentication confirmed his interest in working at Auth0.
"Think you might need professional services help with your identity solution. Auth0 Customer Service Architect-EMEA @jlnwlm shares the questions you need to ask."
We sat down with Julian to talk about how his musical background informs his work with customers, why you need to solve identity first in any AI scenario, and how he helps customers work through identity pros and cons.
On how Julian’s musical background informs his understanding of system architecture:
People talk about music being very much like mathematics. I think there's an element of truth in that. There's always patterns and there's always something within it that makes it music. Designing system architectures is very much like music. You're dictating your orchestra, and that orchestra in this context just happens to be a lot of systems or a particular application.
On why identity should be the first consideration in any AI scenario:
If your business is looking at using AI services, get your identity services in check first. Because if you don't, you're going to have a hell of a problem trying to get an understanding of your customers and also your AI understanding your customers, too.
On why he sticks with identity:
There's a pattern in music called an antecedent and a consequent. An antecedent is like your call, and your consequent is your response — very much a dialog, which is how I like to think of identity. The challenge is making sure everyone (or everything) knows who (or what) it’s talking to — identity is an integral part of having a dialog between at least two parties. I've stuck with identity because I enjoy clarifying that dialogue.
On why identity matters:
I think one of the core reasons is that our customers want to understand who their customers are.
Identity is integral in the B2C domain because our customers need to understand their customers: who they are and what they want so they can better communicate with them, provide personalized experiences, and customize their products. From a marketing perspective, this allows our customers to be more accurate in what they provide to their customers.
In the other domains, like the B2B domain and the B2E domain, where marketing personalized experiences are lower priority, giving end-users easy access to systems with a single set of credentials is immensely powerful, making secure and reportable use of systems a click of the 'Sign In' button.
On what’s in Julian’s toolkit when he works with customers:
- Security comes first. How do I mitigate as much risk as I can for this customer's customers?
- You have to be quite confident in knowing that what you're saying: hey, here's the best practice, and this is why.
- Understanding who's in the room. Am I speaking to a business owner? Am I speaking to a developer? That is absolutely integral to success because there is no point talking to a business stakeholder about access tokens because they're just going to switch off.
- Knowing that you can't possibly know everything there is to know about identity — you have to want to learn. And you need to want to apply your knowledge.
On working with Auth0’s Professional Services Team:
One of the best parts of working with the professional services team is the breadth of understanding of everybody within it.
On what Julian can do at Auth0 Professional Services that he can’t do at another company:
Deliver. It's the ability to deliver an end-to-end solution, which enables our customers to offload identity services and focus their resources on other priorities. Plus, the satisfaction of knowing that millions of people worldwide are using our services.
On the most intriguing customer problems Julian faces regularly:
Creating a single identity for multiple brands — we can create very specific tenants for customers and link that either to a database that they already have or we can link that to a master tenant, as it were, which is kind of a big tenant that ties everything together. There are many different ways of doing it, and all of them have their pros and cons. And then it's a business decision.
Data Migrations — If you're moving identities, that means you've got to move secure information from one place to another. And if you don't have the capability to move that securely, then that means that customer is going to need to reset the password if you move them. Auth0’s lazy migration process means that our customers can move their passwords and that whole identity across from wherever it is right now into Auth0 in as secure a manner as possible, mitigating as much risk as possible.
Passwordless — You do not need to store passwords. What we're saying by using passwordless is actually using other methods to verify that you are the person you say you are. This mitigates password breaches because you simply don't have passwords to breach. However, one of the problems is that it blows customers’ minds when you talk to them about this. Very often the user experience teams are most against passwordless experiences, because they have highly customized flows that are dependent upon the whole sign in: you enter a username/password, then you do this, then you do that. From a UX perspective, passwordless could be perceived to break that very familiar pattern. Again, it's a pros/cons case. "Here's what we can do, here's what we can't do, and here's how it's going to benefit you as a business."
On how modularizing helped solve a customer’s digital transformation challenges:
We had a customer who is going through a major, major, major digital transformation. They're moving two different platforms. One is their identity platform. That's us. And the other is their bookings platform.
They've got millions and millions of users all around Europe. In terms of what they have today, which is a legacy architecture that cannot be unpicked in any timely or logical way. We provided the ability to migrate all of their users (without having to reset their passwords!), and the identity services those users sign in with, in one deployment. This is a leap for them, and was a core component of why Auth0 is their partner. We continue to deliver improvements to their identity services with milestones set for introducing Social Login, and bringing in federated B2B services to their booking platform.
On what the customer gets out of a whiteboarding session:
Confidence in us. Customers want to know how long a solution is going to take. And nine times out of 10 our time to market raises eyebrows because it's that quick.
On the value of a providing security-focused opinion regardless of whether or not customers follow Auth0’s advice:
There is not one person that I have met or engaged with at Auth0 where the mitigation of risk is not a priority.
I had a customer very recently ask me about how frictionless we can make a particular experience. And we went through some of the patterns they had already documented. We took it back and we reviewed it in the office, and I just went, "Hold on a second. Is this really what they're asking?" So we realized that there was this massive security hole in what they'd asked us to do. Knowing there is a large expansion opportunity with this customer, I told them, "You are seriously putting your end users at risk." That also puts our expansion opportunity at risk.
But I know that it's my job to make sure those end users are secure.
On advice for customers considering professional services:
Ask yourself how you’re managing identity today. If the answer is "I’m not sure" or "Well, we've got this here and we've got that there, and sometimes we do this, and sometimes… And isn't there somebody over in that department that does that?" Please reach out. We can help.