In the fast-paced world of technology, 17 years is an eternity. When Mr Graham Mason founded Overt Software Solutions in 2010, the landscape of Identity and Access Management (IAM) was a technical "niche" mostly discussed by server engineers in back offices. Today, as Graham highlights in our recent CEO Special interview, identity has become the "front door" of every educational and commercial institution.

The journey began with a deep involvement in the UK Federation and the Jisc ecosystem. For nearly two decades, Overt has been the invisible hand ensuring that students, researchers, and staff can access the knowledge they need without friction.

The Philosophy of Honest, Expert Advice

One of the core themes Graham emphasises is the shift from providing a "product" to providing "expert advice." In 2026, software is plentiful, but expertise is rare.

"It's not about selling a license; it's about understanding the institutional culture," says Graham.

This philosophy is why Overt has outlasted many competitors. By focusing on the unique needs of the UK education sector—specifically the complex relationship between service providers and identity providers—Overt has built a legacy of trust that goes beyond code.

Bridging the Gap: The "Gel" Between Departments

A standout moment in the interview was Graham’s discussion on the "gel" required for a successful IAM strategy. He argues that identity work is often siloed in IT, but its true impact is felt in the Library.

IT Teams manage the security and the servers.
Librarians manage the resources and the user experience.
Management manages the compliance and the budget.

Graham explains that Overt acts as the connective tissue (the "gel") that brings these three disparate groups together. Without this collaboration, even the most expensive IAM tool will fail to deliver a seamless student journey.

Moving Beyond "Coping": The Hidden Signals of Identity Platform Maturity

One of the most striking segments of the interview involves the distinction between an identity platform that is truly working and an IT team that is simply "coping." Graham Mason points out that in many institutions, the status quo is a delicate balance held together by overextended staff.

Identifying the "Coping" Cycle

When an organisation tells us their platform is working, we look deeper. "Coping" looks like a platform that stays up, but requires manual intervention every time a new service provider is added or an attribute needs to be mapped. It looks like a team that is terrified of the next Shibboleth update or a server migration.

Graham highlights that operational maturity isn't just about uptime; it's about the ease of change. A mature system allows for:

Seamless Upgrades: Updating software without fear of breaking the student login flow.
Predictable Scaling: Managing increased loads during peak enrolment periods.
Reduced Friction: Onboarding new journals and resources in minutes, not weeks.

The Role of Visibility and the Shibboleth Dashboard

To solve the "coping" problem, Overt has introduced a new Shibboleth Dashboard. As Graham explains, visibility is the first step toward maturity. Before, problems were often discovered only when a student couldn't log in at 3:00 AM. Now, with alert systems and intuitive monitoring, IT managers can see "what doesn't look right" before it turns into a support ticket. This proactive stance is what separates a modern managed service from a legacy "fix-it-when-it-breaks" model.

Why 24/7 Support is the Backbone of Global Education

The education sector never sleeps. Graham highlights a critical shift in student behavior: the 3:00 AM study session. Whether it’s a student in London finishing a dissertation or a remote learner in Indonesia accessing resources, the demand for access is constant.

Engineers Who Work While You Sleep

"We carry out alterations while everybody's fast asleep," Graham notes during the interview. This isn't just about being available for emergencies; it’s about maintenance without disruption. By operating a 24/7 engineering team across the UK and Indonesia, Overt ensures that:

System Alterations are done during low-traffic windows.
Load Balancing is constantly monitored to prevent "bottlenecks."
Peace of Mind is delivered to the library staff, knowing that the "front door" is always open.

Treating Overt as an Extension of Your Staff

A key leadership lesson Graham shares is the "Extension" philosophy. He encourages institutions to treat Overt engineers as if they belong to their own library or IT staff. This level of integration removes the "us vs. them" vendor mentality. When a librarian has a question about a specific attribute or a journal access issue, they don't just open a ticket—they consult with a partner who knows their system inside and out.

This human-centric approach to high-tech support is what allows institutions to scale their digital offerings without overwhelming their internal teams. As technology becomes more complex with the introduction of AI and advanced MFA, having a partner who carries the operational burden becomes a competitive necessity rather than a luxury.

The "Trust Framework": Navigating the Future of Security, AI, and Identity Integrity

As the conversation with Graham Mason draws to a close, the focus shifts to the most critical currency of the digital age: Trust. In a landscape where data breaches are becoming more sophisticated, Graham emphasizes that security is no longer a standalone feature—it is part of a wider Trust Ecosystem.

Compliance is Only the Starting Line

Many institutions pride themselves on being "compliant," but Graham challenges this notion. While Overt is proud of its Cyber Essentials Plus and ISO 27001 accreditations, Graham notes that these are simply the "entry stakes." True security lies in the operational execution.

"If you have an outdated mechanism, the security is gone," Graham warns. This highlights a common pitfall in higher education: setting up a system and then forgetting it. Identity platforms like Shibboleth require constant grooming. Whether it's rotating security certificates, updating to the latest software version to patch vulnerabilities, or ensuring that Multi-Factor Authentication (MFA) is seamlessly integrated, the work of a security partner is never "finished."

The Privacy of the "Masked" Student

One of the most technical yet fascinating parts of the interview covers how Federated Access actually protects the individual. Graham explains that in the "old days," service providers would know exactly who was logging in—often having access to usernames and even passwords.

Under the modern Overt managed model, the student’s identity is masked. By using sophisticated attribute mapping, Overt ensures that the service provider only knows that the user belongs to a specific "authorized group" (e.g., a first-year biology student). This privacy-first approach is essential in 2026, where GDPR and data sovereignty are top-of-mind for every management team.

The AI Horizon: Recognition Beyond Technology

When asked about the future, Graham’s perspective is grounded yet visionary. He recognizes that Artificial Intelligence (AI) is already beginning to influence how Overt operates.

"I noticed the other day on ChatGPT... they actually took some of our references from our website," Graham observes.

He envisions a future where AI doesn't just answer questions, but proactively monitors system health. However, he remains adamant that technology is only as good as the people behind it. His hope for Overt's legacy isn't that people remember the specific version of software they used, but rather the seamlessness of the experience.

"We may not get the recognition, because the system doesn't break down," Graham laughs. For Overt, the ultimate success is being so reliable that you forget they are there—providing a fun, functional, and expert environment where technology empowers education rather than hindering it.

Key Takeaways: A Legacy of 17 Years and the Path Forward

Mr. Graham Mason’s journey from 2010 to today is a testament to the power of specialisation. By staying focused on the "hard problems" of identity and access, Overt Software Solutions has become a cornerstone of the UK’s educational infrastructure.

As we look toward the next decade, the message is clear: Whether it's through 24/7 engineering support, innovative Shibboleth dashboards, or a relentless focus on departmental collaboration, Overt is here to ensure that the "front door" to knowledge remains open, secure, and always accessible.

Ready to hear more?

You can watch the complete interview by clicking here.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
tve_leads_unique	1 month	This cookie is set by the provider Thrive Themes. This cookie is used to know which optin form the visitor has filled out when subscribing a newsletter.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
c3po.jpg	Session	This pixel tracker, set by metricool.com, collects data on the user’s navigation and behaviour on the website. This is used to compile statistical reports and heatmaps for the website owner.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook as part of their embedded services on our websites (likes, sharing etc.).
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
ClientId	1 year	No description available.
li_gc	2 years	No description
OIDC	6 months	No description available.
OutlookSession	session	No description available.
tl_1206_1206_4	1 month	No description
tl_544_544_1	1 month	No description

The Future of Identity and Access Management (IAM): Key Takeaways from the Overt CEO Special Interview

17 Years of Digital Identity: From UK Federation Roots to Global Scale