Today’s guest on Cloud Gossip is Christos Matskas! Christos is a Senior Program Manager working in the Microsoft Identity Division as Developer Advocate. We’re going to learn about his role and challenges and how Cloud Advocacy has evolved over time. Christos is going to explain why he’s active on TikTok and Discord and the role these platforms play in helping him reach more people and developers. We’re going to hear about Managed Identities, what they are and how they can help solve current problems in the cyber-security space. Christos is going to talk about Microsoft.Identity.Web and Cosmos DB as well as sharing his thoughts on the future of Cloud Identity. He is going to explain what are the up-and-coming technologies that excite him the most and what he thinks we should focus on improving in the coming years. We’re also going to discuss the current situation regarding Diversity and Inclusion and learn about some communities that played a special role in Christos’ development. Enjoy the episode and don’t miss the links and resources mentioned in the episode, you can find them at the bottom of the page.
Guest Bio
Christos Matskas is a Senior Program Manager working as a Developer Advocate for the Microsoft Identity Division. His role involves helping developers write more secure and robust software, leveraging the power of Identity and Cloud.
Before joining Microsoft, he was a successful entrepreneur collaborating with companies such as MarkIT, Lockheed Martin, and Barclays. He routinely works with the Azure Active Directory, MS Graph, and Managed Identities and he’s got 15 yrs of experience writing Software on the .NET stack.
Christos contributes regularly to numerous OSS projects and works closely with the developer community to make the space bigger and better. He’s also a dad, husband, speaker, and passionate streamer.
Timestamps
Connect with Christos on:
Connect with Cloud Gossip on:
Connect with Annie on:
Connect with Karl on:
Thanks for listening to Cloud Gossip! You can find us from our website CloudGossip.net.
Please leave us a review and subscribe to us at iTunes, Google, or Spotify!
Karl: [00:00:00] In this episode, we cover the future of cloud identity and the evolution of developer advocacy to watch a digital first approach. Here's a quick taste of the episode, and then let's get going.
Christos: [00:00:14] So managed identities are identities that are issued by Azure active directory. So they are proper accounts that are managed by Azure active directory.
And they allow the intercommunication of services without the need to have passwords.
Annie: [00:00:29] This is Cloud Gossip podcast, demystifying the cloud and the people behind it.
Hi, I'm Annie. I'm a cloud native product marketing manager. I've worked for tech companies ranging from startups to enterprises.
Karl: [00:00:52] Hello my name is Karl and I'm a cloud security leader working in this Swiss financial sector.
You're listening to Cloud Gossip. In today's episode, we are talking about cloud identities.
Annie: [00:01:03] Well, you're very much welcome. And in here today, we have with us, we have Christos!
Who is a program manager at identity division at Microsoft and a former MVP. Welcome Christos! Would you like to briefly introduce yourself and your role?
Christos: [00:01:17] Hi everyone. Thanks for having me here. My name is Christos Matskas. I work as a program manager for the developer advocacy team within the identity division.
And my role is to help developers write more secure and more robust software using our platform.
Karl: [00:01:31] Interesting.
Christos: [00:01:32] It's definitely an interesting role, I'll tell you that!
Annie: [00:01:36] Perfect. So in this interesting role, what does your typical day look like?
Christos: [00:01:41] Funny story is.... that when I asked my manager, before I joined the team: "what does a typical day for a developer advocate identity looks like?"
He said "I have no idea".
Right? And for us every day is very different. We do a lot of developer outreach obviously. So that's our main goal. Our goal is to help developers learn about the platform. Use the platform. Help them to get unstuck when there are any issues or blockers.... but at the same time there are other projects that we like to kick off..... like.... accelerators.... helping other teams, especially within Microsoft ....to actually, you know, make the best use of the platform.
Because I know it sounds surprising but identity is a hard topic, and a lot of people tend to avoid identity in general. So even internally at Microsoft would do a lot of advocacy internally to help, you know, our cloud advocates, our developers, even our developer tools to work better and to end with a security .NET ending.
And that also extends to Azure. So a lot of small projects, a lot of fun projects.
We're encouraged to experiment and try to fail and do different things. So it goes from the traditional developer advocacy....like, you know, speaking at conferences, podcasts, like this one... events, which are all remote these day.
And then also doing the non-traditional advocacy, like setting up a discord community where people can help each other, also doing things on Tick-Tock and Instagram.
I know it sounds funny, but it's a huge technology community that nobody has really tapped into.... hardly yet. So for us, it's a new opportunity to reach new audiences.
Karl: [00:03:12] That's very interesting. You mentioned all of thesenew mediums.... Discord, Tick-Tock, Instagram...all of those.
That's quite a stretch from what I consider ...kind of... what cloud advocacy looks like.
If I look at ....kind of... the quote unquote, "traditional MVP" or corporate cloud advocate role who travels from a conference to a conference and stays in rooms that look exactly the same and forgets which time zone they are at. How has this kind of transformation been for you?
Christos: [00:03:43] It actually has been fantastic....you know.
I love the fact that we can't travel because it allowed us to think outside the box on how can we scale advocacy outside the traditional role, right? And as you mentioned before, it used to be: fly from one city to another and speak to one event, whether it's a conference or a user group, and tried to get 20, 30, 40 people in the room and get them excited, or get them to learn about the technology that you're passionate about. But it doesn't scale.
You know, there's only so many of us that can fly around the world and there are hundreds of thousands of smaller events and user groups and meetups that we want to reach out. So when I joined the team I actually was on day one of the COVID lockdown. So literally I went to the office for half a day, and then we were told to never come back to the office because COVID.
So us, even as we're starting....
Karl: [00:04:34] That's impact!
Christos: [00:04:34] Yeah, that's impact! So we were challenged to think outside the box and....
.... you know, it's great to be there in person. I mean, I miss the connection, the getting to know people and be able to answer questions face to face.
But at the same time, everybody like the whole tech community transformed very quickly and moved quickly to virtual events.
Which for me opens up a lot of doors, I can speak to, you know, a European conference in the morning and then in the afternoon I can also speak to a US-based meetup... or another event...
.... that I don't have to fly around to be there. I means I can speak to a lot more people and also a lot more meetups get to take advantage of remote speakers.
You know, you can get a lot more talent, a lot more.... I'm not calling myself a talent. I'm just saying that I'm in a pool of fellow of speakers and everybody can reach out and get us to speak to their event. I can speak to Japan. I spoke to Indonesia. I spoke to Singapore. It's just great to be able to do that.
But, you know, events are just one facade of advocacy. How can we be in multiple places and reach out to developers where they are? So for us, the challenge was where do we find new places and where do we go outside of the traditional Microsoft ecosystem?
Because, you know, Microsoft has this kind of a .... that we have our own blogs.
We have our own podcast platform. We have all these traditional things and it's great!
But I'm not going to get to the Python developers because... you know, Python is not traditional Microsoft. So, you know, Python developers is not going to come to the Microsoft channels to find content. Although we do have some fantastic Python courses.... or Rust, which recently put a course out there.
So I need to go... or we need to go as a team where the developers are...rather than they coming to us. And that means spending a lot of time on Twitch streaming to new audiences.
Doing Tick-Tocks. I know it sounds funny and weird, but apparently there's 2 billion users on these platforms. And quite a few of them are technology developers and technology lovers.
So why not address the audience there? And it's a fast-growing platform. Same with Instagram, same with other social media platforms. So, non-traditional fun staff that, although I don't do dancing on tick-tock...so don't search for any videos where I dance.
Strictly technical content, the boring stuff, but still... it's a great kind of experience where...
...we've been given the freedom to go and do fun stuff and try out. It's an experiment. You know, it can work or it might not work, but in the end we've tried.
Annie: [00:07:00] Sure. I think I've seen at least really great examples in both of the platforms recently from like a developer engagement perspective. Do you have any best practices or good accounts to follow on those platforms?
Christos: [00:07:13] Well, I'm still very green to the whole platform. So I'm learning as I go..... I've been what a month, maybe into that one?
I follow quite a few accounts, so I think if you follow one, then you get a lot of recommendations. What I tend to find though, is that the audience there is very hungry for new content.
And they're looking for actual technical content, not just surface stuff. Right. So how do I do X with something? And the nice thing is that you can only focus on one thing because you have very limited time to make that message. So....you know, how can I do one specific things and I can do well? It's all about raising awareness and then point them to another CTA ...like a call to action.
Follow me on Instagram to learn more or come to our blogs and learn more or get more in depth knowledge because.... again, it's very fleeting, right? It happens. You see it, and then it goes away. So you need to entice people to come and follow you on other channels as well. It's an advertising platform, right?
Annie: [00:08:11] Yeah, makes sense.
Karl: [00:08:13] A lot of aggregation of different types of content into one.....which is all about, as you said, advertising. "Follow me on that other series of content."
Christos: [00:08:21] But it makes you think about.... like, what kind of message do I want to put out there? Because you only have what? 80 words they can say in one minute.
So those80 words need to be very carefully curated to make the right impact, to make sure that they pass the message. And then also....and provide right call to action. So....as with everything else, like blogs and longer YouTube videos and tweets, you need to adjust the content to your audience.
Annie: [00:08:47] Perfect, perfect. So in this kind of same topic, what does internally or externally relationships between your customers.... marketing... and other advocates and engineering work? How does those work for you?
Christos: [00:09:00] The main thing that we do as advocates is obviously speak for the division, speak for the product. And at the same time we listen to developers.
So we represent the developers back in the division. If there are any pain points, if there are issues that our developers are facing, our whole point is to be out there to listen to people. And then bring that and make it an actual feedback for the product. That also extends to internal teams where we work carefully with marketing to make sure that we align the message to developers or working with the dev teams to make sure that there's cohesion on the messaging, right?
I mentioned before we started.... the Azure STKs team, which is doing a fantastic job. How do we make the authentication for all of these identities.... sorry for all these libraries.... consistent? So when a (inaudible) signs into the application, they don't have to really authenticate to use the STKs, right? They can automatically get an access token and pass it down the path. So for us, it's.... advocating for developers, but also advocating for the product and then working with all these teams to make sure that the message is consistent.
Karl: [00:10:06] Yeah, yeah. That won't really be easy with all of the different teams having to work with just their own stuff and combining with something that, as you said, they might not be experts on this area.
They want to outsource this worried about identity or these hard topics. Uh, I can imagine how that's something that's not an easy task. I have an anecdote of that myself.
I have several but...so I think that's the kind of .....that we can talk about here! And I dare to repeat in a publicized format.
Quite recently, there was this push of making this after registration passwords expire only within a shorter amount of time. It used to be maximum..... default used to be two years, and now the default is six months and the push is to be......get that number to a lower and lower and lower as possible.
Well, I was just playing around with Azure app service, which has a built in user experience in the portal that lets you also automatically creates this experts with they call expert setting set up this authentication built in or identication or (inaudible) that creates an Azure app registration behind the scenes.
Well.... guess what's the length of that password expiry date? ....10 years.
Christos: [00:11:21] 10 years.?!?! Wow! 10 Years?!?
Karl: [00:11:24] Yes, exactly! I didn't even know is possible to do it anymore. The UX wants you to do in the portal for more than two years, but actually if you go to power cell or Azure CLI there,you can actually get a little bit longer. And apparently that's what they do.
Christos: [00:11:40] Obviously why follow best practices or, you know, it's..... as you say, it's challenging getting all these teams to have a consistent message. Especially now that we actually lowered the default to six months and we also give you an option for three months only passwords.
Now you might say "that's a challenge because what happens when the client credential expires?". There is an MS graph which allows you to, you know, creating your whole (inaudible) and say, "all these apps are going to expire the passwords and then use MS graphic until you renew them.
10 years. Damn. Okay!
I need to have a chat with that team then... obviously. But...., the challenge is that sometimes, you know, these teams will work internally without reaching out to us. And then we find out at the same time that everybody else finds out and then we have to have these kinds of retrospects of "how can we make the experience better?"
So, there's always done this and it's such a huge division, it's such a huge company, 220,000 employees. And everybody's working on interesting projects. Some of them have, you know, accelerators or startup or whatever you want to call them within their teams. And therefore it becomes very challenging to have a full view of everything.
And since identity touches everything. Like, it's almost impossible to do anything without identity, unless you're having some marketing side that doesn't really do anything other than talking about products. We have a challenge of trying to reach out to everyone and make sure that they understand what they're doing.
They follow best practices. And then we have a consistent story.
Karl: [00:13:07] That's right. It's not an easy task to do that internally. Of course, especially if your customers are the more.....external customers are the more vocal ones and getting the mindshare....with things like features.
So, let's talk about identity and what's a new or new ish.
And to get us started, could you do a quick recapsfor our audience?
What are managed identities and what problems do they solve? And how has their evolution been in Azure within the past couple of years?
Christos: [00:13:40] Sure. Yeah, it's been a couple of years that they'd been out. So managed identities are identities that are issued by Azure active directory. So they are proper accounts that are monitored by Azure active directory, and they allow the intercommunication of services without the need to have passwords in between.
A very basic example would be having a front-end that goes into a database to get some data and traditionally to do that, it had to have a connection string. Or some key that would allow you to get access to that specific service. The problem is that that key needs to be stored somewhere. Many times we see these in conflict files and environment variables, which means that they become an attack factor for somebody that wants to compromise your application integrity, or your application data.
And we want it find a way to eliminate that. So, manged identities allow a service....a front-end service... to communicate with the backend service via a managed identity.
And that identity is trusted by both parties and therefore I don't need to have a connection string with secrets.
So if I'm calling into SQL server or Postgres sequel, I don't need to pass a password and a username. I'm just saying "this connection string will use a managed identity. And since that master dent is trusted by both parties, I don't really need a secret." And therefore we're moving into secret less applications where we eliminate the need to store a secret.
In the past, you could resolve that by having Kimo.
Where Kimo would allow you to store all your secrets in a very safe location. The problem was that you still had to access Kimo at some point and therefore you had to have a secret for Kimo and it was a vicious cycle where you could not eliminate the secrets,.
Managed identities allow you to do that.
And there are two types. One is a managed identity assigned to your front end resource. Therefore, the life cycle of that resource is tied to the identity or identities tied to the resource. So if I have a web app that calls into SQL and I delete that web up, the identity goes with it.
But there are certain scenarios where we may want to provide user assigned or user created managed identities.
And those identities are actual resources that live on Azure, and I can assign multiple identities to one resource or multiple resources to one identity. And it means that I have full control of the lifecycle of that identity and full control of the permissions. So think about a web app where it needs to call storage and it also needs to call a SQL or Key vault.
I can have two different identities and therefore full auditing on who accesses what and very different permissions. So one identity can only access storage and the other identity can only access SQL and they can't mix and match. And our SDKs allow you to benefit from that. Therefore it becomes super secure, or at least a lot more secure than the past. We eliminate secrets, developers don't have to worry about managing secrets.
Companies don't have to worry about secrets being compromised and they have somebody in the team rotating those secrets for your managed identities or you haveAzure active directory automatically rotating those seekers for you.
Therefore you don't have to worry about that. I love managed identities! It Is probably one of my favorite features in Azure.
Karl: [00:16:48] It's a lovely feature. And you mentioned that.....as a security person I love the fact that someone else who actually knows what they are doing and proverbially is even a machine, not a human being.... actually manages those operations.
So when we take an example that we discussed a little bit earlier about having someone manually configure a expiry time for a password. That can be anything! If you are a human, you wouldn't really care about this particular case. 10 years I'll be around. I'll be out of this company already. It doesn't matter.
It's different with a dedicated product like that.
Christos: [00:17:23] And one thing I didn't mention about managed identities and this is..... although it's predominantly an Azure feature, so it's an Azure service accessing another Azure service. We've extended that capability outside of Azure. So your front end could leave anywhere.
It can be on prem, it can be even in another cloud and via Azure arc. It Allows you to actually have an amount of certainty anywhere.
So I can have a managed identity on my local machine and I can still access those services securely. Therefore it's not just an Azure privilege anymore. It becomes available to anyone because we want developers to write secure software. That's the bottom line.
Karl: [00:17:56] That's a very good....good evolution of that because you still had that one piece, one last piece, which was about the developer who actually sits on the work-station. They need to be able to access those resources some way, one way or another as well.
So they'd be able to swap around or have some sort of a local app settings or something similar that mimics those resources, but then....
....in reality when we deploy to cloud.... that's when we will actually be able to use those managed identities. But now you're saying that it's actually my workstation as a developer would act as.... it would get Azure arc in it, then that would actually.....could also use these managed identity on its own
Christos: [00:18:36] Exactly! Kaboom!
And we worked with the Azure STKs team to actually make that a flawless experience.
Because Azure Arc, even though it makes your machine look like an Azure VM, it is not even an Azure VM. So there were different end points and different ways to acquire the tokens behind the scenes. Most developers not need to know about that.
Now it just works. So you don't have to write any custom code, just go. And that's the key, right? Going from developer to QA, to production without changing a single line of code. That's what I love about it. It's flawless to the developer, flawless to the release team and everybody else.
Karl: [00:19:12] Exactly! And that makes my job as a security guardian better because then I can actually go ahead and see: "okay throughout the life cycle, no one has to use anything else except managed identities. I get all of that tracking all of that logging from one centralized place...and there's no this inherent trust about, did you really manage, did you copy at one point to your clipboard, this particular only developer environment secret?
Or did you actually do something worse with it?"
So always one step furthe....., but you mentioned getting this into the hands of developers and there's something new. I heard about this change to a new set of libraries called Microsoft.identity.web.
Christos: [00:19:59] Yes!
Karl: [00:19:59] There was an announcement related to that, but what is it and why is that such a big deal?
Christos: [00:20:06] Well, this is very specific to .NET Developers and especially ASP NET developers. And the story was not good there before, you know.
ASP net identity had its own kind of identity system where if you were in video studio and said file new project, I wanted to create a new ASP NET website or an API.
It would actually set up the authentication for you, but it was using the ASP NET identity libraries. So as a developer, you go through that experience and your users can now sign in. But let's say you want to call an API or a backend service. Now you need to get an access token.
At that point you are like, "okay, I have my user authenticated. How do I get an access token? "
And....there was no good story there. You actually had to download MCL or install it an extra package called Mcell.NET Which would allow you to go and acquire your tokens. And thereforereauthenticate the user and go through that dance, which did not really get a good experience, neither for the user, nor for the developer.
Therefore, the team worked hard to unify that experience and therefore build everything on top ....of the Microsoft authentication library. So now with Microsoft Identity web, which is built on top of MCL.... developers get both the authentication and the talking acquisition capabilities within that same library.
So we can sign in the user and then go and acquire tokens for them to call other (inaudible) services. It also comes with a built in caching system, which was not there before you have to build your own cache. It's also built in very well into the ASP net core. And therefore the controllers can quickly acquire the necessary libraries or codes to authenticate users.
We obstructed the law of the complexity. So for example, if an API gets a token, it needs to confirm that they are of the right scopes. In the past, you had to write 20, 25 lines of code to do that. You have to actually look at the scopes within the token and enumerate them. Then look for a specific one.
We took that and converted it into a single line of code. So you go HTTP context. Does my user have the right permissions or scopes? You pass the scopes and ithappens for you. Same for the authentication. It actually takes one line of code to set up the middleware to do the authentication for you, which is mind-blowing.
And for my perspective, Microsoft Identity WEB takes the authentication process to the right direction. At the same time we obstructed a lot, but at the same time, you can also get all the goodness behind the scenes. So if you really want to mess with your tokes, if you really want to look at the token acquisition and what happens there.
If you really need to change the UI that comes out of the box, then yeah. You can go ahead and do that as well. So the best of both worlds, I think for that library. And I'm really excited about that. And the team is adding a lot more features like recently with 1.9, we added support to acquire and call Azure services with Microsoft identity web.
So If you need to go to the storage, you don't have to download the storage SDK can actually go and acquire the tokens and then do the call yourself if you'd need to. So a lot of goodness there and interoperability with other things. So, I am very excited about that.
Karl: [00:23:16] That really sounds promising and you mentioned this transparency also that it's not a black box. It's not something that it's that easy version where you outsourced it completely and someone, does this for you and trust us. We'll know how it works. If it's really something that I can actually trust and work on.
Christos: [00:23:36] That's right!
Annie: [00:23:37] Perfect!
So let's then look into the future of it. So with the recent attacks, like Solorigate drawing focus to cloud and identities, could you share what are the next focus areas for security and cloud identities in the coming year or two?
Christos: [00:23:53] Azure active directory and Azure active directory, B to C are continuously expanding and extending their capabilities to ensure that we protect our users and our users data.
So from a developer perspective, you have a platform that scales to over 30 billion authentications a day. So if you need scalability, you have that.
It supports most of the major platforms and languages and there are more libraries coming out all the time. We just released no JS. And by just, I mean, a month and a half ago,....
Man! Time flies by!
So a month and a half ago, we released the no JS Mcell libraries.
That means that you now have a built-in Mcell library, four nodes, first party class library. We're looking to go in other languages. So the future is extending the platform and providing the best capabilities. We work very hard to work around things like implicit flows and making sure that people don't use implicit flow anymore because it's a lot less secure because everything happens on the browser.
So now we support all languages and all libraries, support, authorization code flow with pixie, PKC, group key for code exchange. And therefore, whether you're creating a single page application or a server side app....you know that you have the security you need for your applications and it's not compromising your users' data.
And then I think they have exciting things for me coming ahead... are...tokenbinding, which means that you bind the talk into specific secrets that is issued. So in effect there's a signature that goes ahead and when that token gets passed around we know that it came, it was issued for a specific application only, and only the application can use that token to call downstream APIs.
And the other one, which is extremely exciting is the continuous access evaluation for tokens. That means that if you are issued a token to access your email and you receive a call that you've been fired, that token will still be valid for the duration of that issuance. So if it's for one hour and you just got in and your manager calls and says:
"Christos... it was great working with you. Thank you very much. Um, so you're out!"
I still have access to my email for an hour now. This has been a major challenge for companies where they want to revoke access to those private emails or private data. And therefore they had to come out with some really exotic and adventurous ways of revoking tokens.
But, you know, since the token is on my machine, it's very hard for anyone to revoke it. Now, what we are working on, and it's part of a larger consortium, which would not load, it's establishing an RFC for continuous action evaluation, where, when somebody sends a token, there's an evaluation whether that user still has access to the resources.
And therefore if I get fired and my permission is revoked, the platform will automatically be able to escalate, you know.... look for the right permissions. And if I am revoked, then it will discontinue access to that. The challange now is like, how can we agree on a consistent experience for developers and platforms to implement that? Therefore we're still working on establishing or defining the standard, but at the same time, we are working on some implementations for first party things like MS graph.
So for example, MS Graph has a very crude draft of how we want to implement it. Andsome applications can benefit from that. It's not the standard though, so it could change in the future, but at the same time, you know, we'll try to innovate and provide some solutions in the space. And therefore, if you try to access graph, certain libraries will now ,take advantage of continuous access evaluation....
....and therefore if your permissions have been revoked, you can't get access anymore. And that will mean a lot to a lot of companies, because it's very important to be able to revoke tokens. That's also improving the resiliency of the platform because now I can also issue a 24 hour token and therefore I don't have to go back to, you know, get my token every hour.
If the backend is down, let's say Azure active directory is down.
Karl: [00:28:04] It could happen.
Christos: [00:28:06] It happened! We'll try to make sure that it doesn't happen again, but I cannot guarantee for that. We'll try to hit our five or four nights... I can't remember....
But the whole point is that as a company as we are now....we don't want, you know, to have this kind of like: "Hey, you get a 24 hour token and if I need to revoke it, I can revoke that at any time."
So I don't have to worry about that.
Karl: [00:28:24] Yeah. Yeah. I've been hearing about this continuous access and it's a little bit puzzling to me. So could these, for example, help me also enforce that some protected resources, even though there is this 24 hour token..... that some protected resources will require, let's say a re-authentication to an MFA
Christos: [00:28:45] Yes.
Yeah there's machine learning. So for example, if you're signing in from Seattle all the time, and suddenly we see a sign-in from Germany, right? That looks like suspicious behavior. And we have over 30 billions indications a day. So our machine learning is evolving very, very fast. And we already provide a lot of features for security, but that sounds like suspect behavior.
I mean, you could have flown to Germany and that's fine. We will step up the authentication for you. And therefore the continuous action evaluation will say, "well, wait a minute. You've been signing in from Seattle all these time. How come you're in Germany" or you know, different times of the day.
So for example, there are all these different rules that can be applied to enforce continued action evaluation. So it's not just, you know, it's not just, "Hey, you left the company so you can't access the data anymore... but Hey, I'm seeing some weird behavior here. Why are you trying to access these resources, you know, with these different criteria?"
And then that will become a trigger for continuous action evaluation. So there you have it..
Karl: [00:29:45] Beautiful. It sounds like a beautiful future indeed. Before we move to our recurring segments. I do have a quick question that's kind of a bonus question over here. You mentioned the SLS and I have a feeling that this..... there is some sort of connection here.
I'm personally very excited now that I allow managed identitiy it's a one way that I like to use to connect to my Azure data platform as a service environments. And now finally, Cosmos DB also supports Azure 80.... I can use managed identities. So could you tell us, why did you take so long?
Christos: [00:30:25] I asked about that when I joined the company.
Like why is Cosmos DB not taking advantage of managed identities?
There was an issue with the Saab nine millisecond SLA that we had as a promise for cosmos DB. And the fact that for managed identities to work, you had to do a round trip to Azure active directory, which could have slowed down things.
The team has found a magical way to do it. So I don't know how they achieved that, but now it is doable. And I did put a blog post out there that shows how you can do it with no JS and managed identities and Cosmos DB, which is brilliant!
But it was one of the things that I was missing.... especially considering how big Cosmos DB is for us and how we talk about Cosmos DB in samples and examples. You know, conference talks, it's becoming almost a default tool because it's so versatile.
It was always a pity to just think that we could only use keys to authenticate the service and it didn't support Azure Active Directory. And now it has our back supports so we are all based access control. Plus Azure active directory to backfill authentication, which means they can lock down the permissions to your Cosmos DB data.
And you can also apply that to a specific identity....so only certain people or certain accounts can access your Cosmos DB. I'm very excited!
Now, as I said, this was a thing that we wanted to make sure that we meet RSLs. I don't know how the team managed to do that, but it's actually super exciting and I'm happy that I see that consistency.
Karl: [00:31:54] They cheat the speed of light anyway! I think there is something.... something to it there.
Christos: [00:31:58] Yeah. It's the warp around the Microsoft's the...Redmond!
Karl: [00:32:04] All right!
Annie: [00:32:05] Perfect!
Then moving on to our recurring segments....exciting. So the first recurring segment is future of tech. Where we talk about exciting things in tech.
So what are the three things in tech that make you the most excited at this moment?
Christos: [00:32:34] I would say AI and machine learning. They're moving very, very fast from speech-recognition, to you know, vision and all the other capabilities that are provided. And I'm not thinking about Microsoft capabilities here, I'm talking about overall.... as Humanity the fact that we're able to take advantage of AI and machine learning to solve problems.
It's extremely exciting. I think we're still far away from machines taking over the world, but. I would like to see how we can benefit more as a human race from these technologies. So that's the first one. The second one is robotics, drones and self-driving cars.
That's exciting. Although I really enjoy driving cars and, you know, being in control.
I'm still amazed how my car can drive itself around bends and follow traffic. And it just amazes me. The fact that, you know, it can solve a lot of problems like accidents on the road. It is scary, but at the same time, it's like a magical world, right?
You know, your car can drive better than you because it has a lot more sensors and a lot more capabilities, a lot more processing capacity. What is missing obviously there is the ethics, which is something that we're very hardworking on Microsoft, along with Google and Amazon and Facebook. They're all trying to come up with a way that technology will serve humans and will allow us to protect each other rather than you know, taking over control.
So, you know, less accidents on the roads and a lot more capabilities. Like, one of our PM's lead PM's the other day went for a bike ride and he took his drone with him. So his drone was following him around as he was cycling in the forest. And it's amazing that you can have a technology that does that for you and records some amazing videos. So that's the third one.
And finally, I would say augmented reality. Like one of the things that we realized these days is that we miss this human interaction. I'm literally looking forward to going back into some reality, but at the same time, I'm thinking....if there's a conference in Europe, why do I have to be there?
Why not just have some kind of an augmented reality or virtual reality where I can interact with the other participants there almost like in your life, but doing it from the comfort of my home...you know.
It will be good for the environment. It will be good for the human element that is missing out there.
I don't know like how much human element is in virtual reality, but let's assume that it is.
Again, it will help the environment. It will have the, you know, the community and it will solve quite a few problems there. Isolation being one of them, like why are not my grandkids not able to see their grandpa in full physical form rather than doing it through Skype. Right?
So these are the three things I think. We'll see a little more attention. Can I put a forth there? Batteries, man!
We need better ways to store energy. And there's been all these different initiatives here and there but, you know, solving the battery problem will probably be the next big thing.
Karl: [00:35:30] In a sustainable format as well.
Christos: [00:35:32] Yes. Yeah!
Karl: [00:35:34] That's another big topic there. Well, while you did mention magic a couple of times. So if you would have a magic wand that wouldgranted you one wish to make a single technology a reality and this can be any kind of Sci-fi stuff or anything kind of more practical like batteries, you know, how boring an engineering answer is batteries.
Uh, so what would be your pick?
Christos: [00:35:59] Quantum computing.
Ubiquitous quantum computing, not under my desk. I don't think that will ever happen. Or it might happen, you know, I can't predict the future, but being able....
Karl: [00:36:10] On every desk!
Christos: [00:36:12] A quantum computer on every desk! That will be the next mission for Maxwell. Thank you very much, sir!
Let me just call Satya. I think that will be the next great idea. No joke aside. I think with quantum computing, ubiquitous quantum computing in a way that it can reliably and efficiently run, then we could solve a lot of problems.
From, you know, Illnesses like Alzheimer's to cancer, to finding problems to human solutions that we haven't been able to find yet.
And then at the same time, free as time to go and populate Mars or do some other fun stuff that humans are designed to do.
Like human exploration beyond our boundaries of earth, or, you know, fix Earth because there's a lot of problems here as well. I think quantum we'll touch form human race, but getting there reliably might take us some time. So if I could use the magic wand, that will be it.
Annie: [00:37:04] Perfect! Magic is needed then a lot. So, yeah, moving on to the second recurring segment of this episode, which is diversity and inclusion.
So have you encountered any really good projects or initiatives in diversity and inclusion?
Christos: [00:37:38] Not as much externally. And I think that's a problem in general for our sector or for our community in general. I know Microsoft is doing quite a lot with trying to be a little more diverse.... from hires to promotions to helping people achieve their goals, right?
Regardless of race or age or whatever. I'm getting old as well. So sometimes I'm thinking, you know, "who's going to hire me at the age of 50, righ?". That's something that we have to face as an industry.
I don't really know of any good projects to be honest, but I think...internally at Microsoft we do a lot of education.
A lot of brown bags, a lot of discussion about how can we help have a more inclusive community. So I hope we can see things happen in the future.
Karl: [00:38:24] That's a beautiful sentiment there. So you mentioned a lot of those internal trainings as well. Is there any sort of a specific tip or any specific learning that myself and Annie and our listeners could take home and use to lift others and minorities up?
Christos: [00:38:41] Yeah. As a middle-aged white man, it's very hard to actually get a perspective of this problems, right? So these kinds of trainings and discussions actually allow us a lot of awareness on where the problem is. And(inaudible) is very important. Being in a room where somebody is being discriminated for, you know, race, age, experience or whatever is very very sad.
So being able to have allies in that room to support you in what you're doing, and also point out that, you know, people should not be judged in general. It's hard.
So I think from my perspective, because I've been very lucky I haven't really experienced anything firsthand. But it's important for me to get the awareness of what happens to other people and how can I actually see something happening because you know, if it doesn't affect you, it's very hard to be aware of the problem.
So listening to other people will learn, what are the things that affect them and then make sure that they don't experience them in the future. Being remote actually has removed a lot of these kinds of issues because you don't really see them. You don't experience them in the same way.
Cause everyone's on Skype, right? Or everyone's on teams or everyone's on Zoom. So very different from being in one room where people can be sidetracked or they're very quiet at the same time. It also brought to light that a lot of people that were remote in the past would be sidelined because they were not in the same room.
Now that you know, it's like a blank field.
So one of the things that we would notice in the past, if somebody is on a call, whereas other five people are in their room, that person on the call never get the chance to talk.... or you know, pass their opinion. So, being inclusive to everyone is important. And I think we're learning as we go, but there's still work to be done. I'll tell you that.
Annie: [00:40:31] For sure. And then to the last recurrent segment of the day, which is community corner.
So,it takes a village to raise a child. No one does this alone. For sure. So would you like to give a shout out to the communities close to your heart?
Christos: [00:40:58] I would say the .NET Foundation is doing a great job in trying to support our community members, MVPs and open source contributors. And I think GitHub with the latest day innovation that has come to the GitHub stars, they have GitHub programs, they have MVPs.
It's great to see recognition for people that write software that everybody benefits from, right? Because...you cannot build anything today without using open source. So giving recognition to the people that build those tools, it's very important.
Sponsorship as well. So I would say, if you can, whether you're a company or an individual and use somebody else's tools, please support them and help them. Whether it's through direct contributions to them via codes or documentation or tests.
Sponsor them if you can contribute that way. And if you are a big company, then please, please, please do support the open source community because...you know, we become better developers by working together rather than working apart or having proprietary software all over the place. So from my perspective, these are the two great open sources, probably the greatest community that is out there right now.
Karl: [00:42:04] Excellent! With that we are nearing the end of our episode. So today we talk with Christos Matskas identity product manager focusing on advocacy at Microsoft.
We learned all about managed identities and we learned about the future of cloud identity, such as continuous access evaluation and how the whole role of this internal and external advocacy has moved and shifted in this digital shift that we've all experienced.
Annie: [00:42:32] Perfect. Well, Christos truly thank you for being here
Christos: [00:42:35] Thank you for having me. It was great talking to you.
Karl: [00:42:38] Pleasure talking to you Christos.
Hey, thanks for listening to Cloud Gossip. You can find us from our website Cloud Gossip.NET Please leave us a review and subscribe to us at iTunes, Google, or Spotify.