Thales | Security for What Matters Most
More About This Author >
Thales | Security for What Matters Most
More About This Author >
You’d be forgiven for thinking digital identity has little in common with LEGO bricks. One is about control, security, and invisible infrastructure. The other? Colour, creativity, and building joy. But spend five minutes with Jakob William Nielsen, LEGO’s Lead Engineer for Identity and Access Management, and the parallels start to click into place: structure, intention, and innovation in every piece of architecture, whether we’re talking about bricks or identity.
We met Jakob in Berlin — tall, bearded, and unmistakably Viking-esque. In this conversation, he shares how LEGO’s IAM team has transformed a traditional backend function into a product in its own right, designed with flexibility, usability, and future-proofing in mind.
How does LEGO use digital identity as a way to interact with playful consumers across all age groups?
Everything we do with our external account system must encompass the playful character of our products. Everything. At times it has been discussed if perhaps the feeling was a bit childish, especially for adult shoppers spending real money buying in the online store, but I wholeheartedly believe that everyone deserves to connect with their inner child every now and again. I think that is something that our brand grants even the most serious of adults both the ability and space to do.
Modularity, creativity, and structure — LEGO has always brought art and engineering together. Exhibits like The Art of the Brick show how a single brick can become something incredible with the right vision. Artist Nathan Sawaya has recreated famous works like David and the Mona Lisa in LEGO form. When you think about IAM at LEGO, do you see similarities in these guiding principles?
I think it is important to realize that unique situations often require unique solutions, but just like the bricks in our products are interchangeable and capable of near-infinite combinations, so should a good software platform be. We try to avoid building countless solutions to slightly different problems, but rather deliver a platform consisting of a number of modules that can be combined to suit almost any need out there.
What’s the next “build phase” in your IAM evolution? Are you planning new layers or capabilities?
While we deliver a fair bit of digital experiences, we are first and foremost a production company. This means that while we do have the traditional office workers, there are other types of employees across the globe. We will be looking into providing IAM capabilities to the systems that are used in those places as well.
You used to run identity and access like a traditional operations team, but now your team builds it more like a product. Could you tell us a bit about this transformation?
Many IT disciplines are still seen as purely operational, while they need to be treated as a strategic function. LEGO’s digital transformation required splitting the digital portfolio into product domains and API-enabling products where possible.
At the time, I was working on our external identity product, “LEGO Account,” which already operated as a digital product with a dedicated agile team. I was brought into the new Colleague Enablement department to help kickstart API-enablement.
Operational work focuses on maintaining stability, but treating systems as digital products means recognizing stakeholders and planning for evolution to meet current and future needs.
Understood; from backend to a strategic product — what would be the three words that sum up the value of this transformation?
Agility, interoperability, and focus on business value.
If you could give other tech leaders one “instruction manual page” on how to rethink IAM in a modern context, what would be on it?
Delegate responsibility intelligently. Too many cloud products still rely on a centralized admin model, which doesn't scale in large organizations. Expecting a global IAM team to configure workflows for every business unit is unrealistic, but giving full admin rights to local teams is risky. Instead, enable scoped delegation: let teams manage only what's within their domain.
How do you see identity evolving over the next five years, and what do we need to do today to prepare for that?
With all the new machine learning tooling emerging currently, I imagine there might be a natural shift towards user experience — in the sense that as advanced analytics and real-time monitoring get easier to do, they start to play a natural role in running an IAM platform. Unless you have a completely home-rolled system, these things are increasingly being built into the product you buy. In time, this hopefully gives everyone the capability to concentrate and expand more on how to best use the IAM platform rather than monitoring if everything is in working order.