By now, you should be fully aware of the GDPR’s data requirements for your own application, but have you talked with your data partners? If your application takes advantage of third-party tools and components to add functionality or track user information, they need to be compliant as well. The new regulations state that data privacy needs to be maintained throughout the entire lifecycle of an application, through every data controller and processor. Take the time to ask your data partners how they ensure GDPR compliance, including their security framework and how they manage data.
In just over a month, the EU’s General Data Protection Regulation (GDPR) becomes fully enforceable and will dramatically impact data privacy standards. Unfortunately, some companies, especially in the US, aren’t even sure what data is protected. With thousands of possible data points that can be collected, what data is included and excluded? Traditionally, companies built data privacy only around explicit user data like name, address, phone number, and credit card numbers. The GDPR defines a much wider scope. Applications that aren’t compliant could be headed for steep fines. Are you ready?
If you follow us on Twitter (if you don’t, you can fix that now) you’ll notice that we post about data security breaches hitting the internet community. We don’t do it to be malicious or gloat about their failures, but to increase awareness beyond the core community of security professionals. Keeping computer systems secure is a complex challenge, and few people are well-versed in its many facets and subtleties. We deal with security every day with our customer identity and access management platform Passport, so we encourage as much discussion as possible to hear current trends and risks. We hear all the time “We just need to lock it down” or even worse “See? You can’t stop cyber breaches.” Fortunately, neither of these are true.
The General Data Protection Regulation (GDPR) defines a set of “user’s digital rights” and becomes enforceable on May 25, 2018. Download this developer’s guide to understand how it will affect a developer’s role and responsibilities in application development.
SAP announced on September 24, 2017 that they plan to acquire customer identity management company, Gigya, at a reported valuation of $350 million. Gigya will be integrated into SAP’s Hybris Profile Service, which offers data matching and enrichment capabilities.
This announcement is one of many we have seen this year in the accelerating identity space:
- August 2016 – Ping acquires UnboundID
- March 2017 – Okta acquires Stormpath
- September 2017 – SAP acquires Gigya
- September 2017 – Google Cloud acquires Bitium
- October 2017 – Mitek acquires ICAR
Forrester states that 81% of enterprises are planning to implement or expand the use of CIAM systems. By acquiring Gigya, SAP further validates the CIAM space.
What’s Next for Gigya?
Stormpath was acquired by Okta and the API was shut down entirely. It is currently unclear if Gigya’s offerings and APIs will remain in service once the acquisition is complete. There are no details expanding upon the integration strategy referenced in the press release for current customers to evaluate. Will price increase? Will Gigya remain an independent platform? How will the speed of innovation be impacted?
Naturally, this can create uncertainty for current Gigya customers much like it did for Stormpath customers after the Okta acquisition. As details continue to be released around SAP’s plans for the Gigya platform, it is smart to take the time to consider all possibilities and reassess your options.
Inversoft Passport is a Customer Identity and Access Management (CIAM) platform that adds authentication, authorization and user management to any web and mobile app with modern REST APIs. It enables businesses to secure applications for their users and focus on revenue driven efforts.
Passport is a great alternative to Gigya. Out of the box, it delivers:
- Easy to use RESTful APIs
- Client Libraries written in Python, Ruby, PHP, Node.js, Java and C#
- User registration and login
- User management interface
- OAuth 2.0
- JSON web tokens
- Single sign-on
- Configurable password encryption
- Two-factor authentication
- Custom user data and user data search
- Localized email templates
- Transactional webhooks and custom events
- Reporting & analytics
Our goal is to provide a CIAM platform that is simple for developers and seamless for end users. Most importantly, we understand the pains of migration and know how to mitigate the risk. We’ve already been through this process with our customers.
DataStax successfully migrated off Stormpath to Passport with minimal downtime, zero friction and no user password resets. DataStax was able to repeatedly test the Passport migration with a single click import prior to the live switch to reduce the risk of a failed migration and build confidence. To learn more, see our DataStax Case Study.
If you don’t already have an account with Inversoft, sign up for a free trial of Passport. Once your account is setup, you can review our documentation to learn about our APIs.
Gigya has documented an export procedure that provides a method of transforming and exporting user data to match a target schema.
IdentitySync is Gigya’s ETL solution (Extract, Transform, Load) that offers an easy way to transfer data in bulk between platforms. Use it to transfer user data from Gigya to a third-party platform or vice versa, or even from one Gigya database to another.
Follow the instructions in the IdentitySync documentation. Export your transformed Gigya user data in JSON format and import that file using our API. The Passport Import API will consume this JSON data allowing you to easily bulk import your existing users into Passport.
The Import API helps to minimize export/import time, reducing the risk of a large scale outage or customer interruption. When switching to Passport, our customers have see results including:
- Reduced latency
- Improved performance
- Increased security
- Reduced IT overhead
We are also available to build a custom migration tool on your behalf to minimize the effort needed to import your users from Gigya to Passport.
Are you an existing Gigya customer and don’t want to move to SAP?
Please contact us at firstname.lastname@example.org to start your migration to Passport.