We've spent years telling folks that $X is too hard; so just out-source to $LIB or $PACKAGE or $VENDOR. Now we've got a whole huge group of builders, managers of makers that make these plans/calls.

We should stop saying $X is too hard and start, at least, trying to help more folk realize it can be done in house.

It all started when it became "too much trouble to host your own email" and then all the centralization and vendorification happened...and stay off my lawn!

To be fair, when people host their own email we end up with them also not patching the exchange servers and subsequently getting hacked anyway.

On average decentralization would make it less safe not more though. Most medium/small and even some large businesses would definitely mess something up if they had to do it themselves

I honestly wonder when/if there will be a time where everything will be insourced again and thus removed from the cloud.

90% of the world's compute power is not cloud. Guesstimate from the traffic patterns at telecom (including non internet capacity).

> it seems like sso could be cheap oauth in house

It's outsourcing risk. Auth is hard, we all know it (yes, it is hard), and it's cheaper to outsource to a company who has it as their core competency, than hire internal experts.

“Cheaper” is an interesting term to use when we’re talking about auth. I guess it depends on how much a company values the ability of outside entities to not have access to internal resources. Some companies would peg that value at the entire value of the company.

A lot of companies rely on third party vendors for physical access management because who wants to in-source maintenance of locks/doors/badge readers/etc.

I’m not sure why it comes across as unusual for wanting to outsource a service that is incredibly easy to get wrong to someone whose core focus is getting that right.

Unfortunately Okta seems too eager to downplay these incidents, but that doesn’t mean all authentication services are equally flawed.

Some companies also trust an outside entity to get it right more than they trust themselves.

Some companies are also happy to be able to blame a third party. And there's safety in numbers. A risk mitigation of a different kind.

One place to go to deactivate many logins for an ever expanding world of SaaS systems is basically necessary in 2023 for enterprise. Okta has been building that.

Amazing sales team. Was working at auth0 when okta bought them and they kept going on about how great oktas sales org was.