Before Brian bootstrapped both FusionAuth and its sister company CleanSpeak, he studied computer engineering at the University of Colorado, Boulder. After graduating, he solved complex technology challenges for companies like Orbitz, BEA, US Freightways, XOR and Texturemedia.
From there, it’s his coding strategies, work with fortune 500 organizations and secure CIAMs, that Brian Pontarelli established his ability to solve login, registration, and user management challenges for companies and helping the grow from a handful of users – to millions.
M.R. Rangaswai: How did FusionAuth come to be? What’s the company’s origin story?
Brian Pontarelli: I’m a software developer myself, so I’ve focused my work and my entrepreneurial efforts around things that make life easier for developers. As the world has shifted to putting more technology in our hands, developers have had a more important role in terms of how we live our lives – whether we, as consumers, think about it or not. They are building the tools we use to bank, to communicate and to travel. It’s been a passion of mine to help them do their jobs more efficiently so they can continue to build innovative tools for us.
After heading up multiple engineering teams at a number of tech companies like BEA Systems and Orbitz Worldwide, I shifted gears and founded my own company, Inversoft, which was created in 2005. At Inversoft, we started building a basic profanity filter for Java applications, which we grew into CleanSpeak – a robust platform for filtering and moderating user-generated content.
It became clear pretty quickly that CleanSpeak clients needed an authorization and user management solution for their end users. We created Passport, which was rebranded FusionAuth, in 2017 to meet this need. It’s a complete, developer-focused API-first customer identity access management (CIAM) platform and brings everything back full-circle in terms of making things easier for developers. Identity and access management is absolutely necessary, especially as we have moved so much of what we do online — think banking, gaming and communicating — and into apps. CIAM is also really hard and developers don’t have the time to build in-house solutions that work well, so we built it for them. We worry about all standards and compliance, and work to make it super simple for developers to integrate CIAM into the tech they are creating.
M.R.: How has COVID impacted the growth of your organization?
Brian: While COVID has been very damaging for some businesses, we’ve seen incredible growth since the start of the pandemic. Our clients have more and more of their own customers moving online as companies shifted to work-from-home policies, kids transitioned into remote learning, etc. With their customers moving online, companies have had a harder time securely managing their end users. They need help ensuring users are who they say they are and keeping track of what they should have access to.
As the pandemic has continued, a lot of companies have validated that CIAM is a critical part of their technology stack, but have realized they don’t want to build it or maintain it themselves. It’s hard to do and it takes away from their core focus. Many are also realizing that work-from-home is not going to end when the pandemic ends; companies are going to be forced to continue addressing this problem and need a solution that fits their needs now and in the future. They know that authorization and customer management need attention, but have a conflict because they are tied up in their own growth and working to meet their end users’ needs. Because of this, they have turned to FusionAuth to take care of the critical IAM and customer management so they can focus on their core business.
M.R.: What is next in the authentication/authorization industry?
Brian: It’s always hard to say what’s next, but we do know that this space will continue to change as two things happen: 1) hackers continue to grow in sophistication and find new ways to access user information and steal identities, and 2) the growth of new online users is not going to slow down.
Things that we see gaining momentum and that we pay attention to are things like Fast ID Online (FIDO) and WebAuth, both of which are new approaches to more securely authenticate users, and neither of which is well understood. We see that true passwordless authentication is gaining momentum but is a nut that hasn’t yet been cracked, though there will be additional investments in trying to make it work. And Zero Trust, which is meant to stop security breaches by removing the concept of trust within the network architecture, has received a lot of attention over the past 2 – 3 years though we don’t see that it’s the panacea that some practitioners do.
No matter what, we are going to continue to live our lives online and via apps, so it’s critical that organizations continue conversations and invest in making sure they can verify who their users are and what they should have access to.
M.R. Rangaswami is the Co-Founder of Sandhill.com.