Risky Bulletin Podcast Summary Episode: Sponsored: The Geopolitics of Trust Release Date: June 22, 2025 Host: Tom Uren Guest: Fletcher Heisler, CEO of Authentic

Introduction

In this episode of Risky Bulletin, host Tom Uren engages in an insightful discussion with Fletcher Heisler, the CEO of Authentic, an identity provider company specializing in self-hosted identity solutions. The conversation delves into the intricacies of identity management in cybersecurity, the evolution from home lab enthusiasts to enterprise-level deployments, and the geopolitical factors influencing trust in technology solutions.

Authentic's Identity Solution

Fletcher Heisler introduces Authentic as a robust open-source identity provider (IDP) that caters to both individual enthusiasts and large enterprises. With over a million installations and seven years of active development, Authentic has established a significant community presence.

[00:16] Fletcher Heisler: "Authentic is the open source project that has, let's say over a million installations, a very wide community, been in development for seven years."

This expansive adoption underscores Authentic's reliability and adaptability in managing identity solutions across diverse environments.

From Home Labs to Enterprise Adoption

Authentic's journey from home labs to enterprise solutions highlights a unique growth trajectory. Many users initially experiment with Authentic in their personal projects before recognizing its scalability and integrating it into their professional environments.

[01:26] Fletcher Heisler: "We've actually had a lot of Home Lab users then kind of graduate and take us to work and decide. I have experience in here, I can see how it could scale to what I need and introduce things that way."

This organic transition reflects Authentic's flexibility and the trust it garners from its user base, facilitating smooth scalability for businesses experiencing growth.

Authentic as a Integrative "Glue" for Multiple IDPs

In larger organizations, managing multiple identity solutions can lead to complexity and inefficiency. Authentic addresses this by acting as a unifying layer that integrates various IDPs, streamlining orchestration and reducing reliance on disparate systems.

[02:30] Fletcher Heisler: "We can stand up as a full-fledged IDP alongside those other sources and say maybe you have AD and that's your source of truth... We also can be the glue there."

By consolidating different identity providers, Authentic not only simplifies management but also enhances interoperability and consistency across platforms.

Drivers for Transitioning to Authentic

Several factors drive companies to consider switching to Authentic:

1. Cost Efficiency: As companies scale, maintaining multiple IDP solutions can become financially burdensome.
2. Enhanced Security: Authentic offers advanced security features that surpass conventional solutions.
3. Compliance Requirements: Meeting stringent regulatory standards becomes more manageable with Authentic's comprehensive compliance support.

[03:47] Fletcher Heisler: "Maybe you have some FedRamp High customers who are saying, how are you going to ensure this with all these different vendors?"

These elements collectively make Authentic an attractive option for businesses seeking sustainable and secure identity management.

Commitment to Security

Security is paramount in Authentic's offerings. The company emphasizes transparency, rigorous security testing, and source availability to build and maintain trust with its users.

[05:04] Fletcher Heisler: "We're very transparent in terms of CVE reporting... We publish all of our pen test results, we get at least annual pen tests, everything is source available."

Authentic's approach ensures that customers have visibility into the security measures in place, fostering a secure environment tailored to their specific needs.

Suitability for Different Company Sizes

Authentic is particularly beneficial for companies that prioritize security and require extensive customization. While it may demand more effort compared to out-of-the-box solutions, the benefits in terms of security and flexibility are substantial.

[07:13] Fletcher Heisler: "It's more effort than it's worth. For someone maybe just starting up a brand new small company... go with Google Workspace or something like that."

For established organizations handling sensitive data and complex identity requirements, Authentic proves to be a worthy investment.

Geopolitical Considerations and Sovereign Tech Stacks

Authentic acknowledges the growing trend of sovereign tech stacks, especially in regions like Europe, where there is a preference for non-US providers to mitigate geopolitical risks.

[08:00] Fletcher Heisler: "Half at least of our business is non US based... particularly in Europe... looking at not having to rely on a US provider."

This strategic positioning allows Authentic to cater to international clients seeking greater control over their data sovereignty.

Open Core Model and Company Structure

Authentic operates on an open core model, offering a predominantly open-source IDP with additional enterprise features available under a separate license. This model ensures that the core functionalities remain accessible while providing advanced capabilities for paying customers.

[09:50] Fletcher Heisler: "Open core. So open source, which we also build upon additional code which is not technically open source, but it's still source available."

Moreover, Authentic's status as a public benefit company underscores its commitment to maintaining open-source integrity and preventing undue influence from external entities.

[10:12] Fletcher Heisler: "We're a public benefit company... we're always going to maintain open source. We're not just going to start charging for those parts or taking them out of the open source product."

Conclusion

The discussion with Fletcher Heisler highlights Authentic's pivotal role in the evolving landscape of identity management. By offering a transparent, secure, and flexible solution, Authentic addresses the complex needs of modern enterprises while navigating the geopolitical challenges of trust in technology. For organizations seeking a reliable and adaptable IDP, Authentic presents a compelling option grounded in open-source principles and a steadfast commitment to security.

Notable Quotes:

• Fletcher Heisler [00:16]: "Authentic is the open source project that has, let's say over a million installations, a very wide community, been in development for seven years."

• Fletcher Heisler [01:26]: "We've actually had a lot of Home Lab users then kind of graduate and take us to work and decide. I have experience in here, I can see how it could scale to what I need and introduce things that way."

• Fletcher Heisler [05:04]: "We're very transparent in terms of CVE reporting... We publish all of our pen test results, we get at least annual pen tests, everything is source available."

• Fletcher Heisler [08:00]: "Half at least of our business is non US based... particularly in Europe... looking at not having to rely on a US provider."

• Fletcher Heisler [10:12]: "We're a public benefit company... we're always going to maintain open source. We're not just going to start charging for those parts or taking them out of the open source product."

This summary encapsulates the core discussions of the podcast, providing a comprehensive overview for those who haven't listened to the episode.