Point of view
Point of View
A clear position on how identity platforms should be engineered — and why most organisations get it wrong.
Identity Platforms Are Not Infrastructure
They are software systems.
Treating them as configuration-heavy infrastructure leads to instability, drift, and operational risk.
Configuration Is Code
If configuration is not versioned, reviewed, tested, and deployed through pipelines, it cannot be trusted.
Manual platform administration does not scale.
Identity Needs Testing
Authentication journeys, token flows, policy decisions, and orchestration logic are behaviour.
Behaviour must be tested.
If it is not tested, it is guesswork.
DevOps Has Not Been Properly Applied to Identity
Many organisations apply DevOps to applications, but not to identity or security platforms.
This creates a dangerous gap where the most critical systems are the least engineered.
Platform Engineering Applies to Security
Identity platforms should be:
- reproducible
- testable
- observable
- deterministic
- safely promotable across environments
Anything less creates operational fragility.
Better Tools Are Not Enough
The future of identity is not just better platforms.
It is better engineering models.
The organisations that win will be the ones that treat identity as a disciplined engineering system rather than a specialist administrative function.