New product launches, added services and industry collaboration part of strategy.
“Identity has become the key to security and to get security right, you have to get identity right.”
Opening the Oktane conference in Las Vegas, Okta CEO Todd McKinnon said the company has a “long-term commitment to lead the industry in the fight against identity-based attacks.”
Citing the Verizon DBIR statistic that over 80 percent of security breaches involve some kind of compromised identity, McKinnon said “the stakes have never been higher for identity.”
Stakes are High
He said: “A simple way to sum it up: identity is security. The threat environment that we are all living in, it raises the bar for what an identity system has to be. It has to be agile and respond to threats. It has to be deeply integrated into every part of your ecosystem. It has to be independent and neutral, not part of some monolithic stack that's trying to lock you into one ecosystem.”
Acknowledging that the world has moved on from the advent of cloud computing in 15 years, and now work is being done to build a platform and a set of capabilities that would help companies adopt the cloud, McKinnon said that today identity is still the entry point to the digital world, “but it's become so much more with more than that” and Okta has moved to build a new risk model to secure the cloud.
This includes new capabilities to the Workforce Identity Cloud, including unmanaged SaaS service accounts, governance risks, and identity verification. “We had always thought of Okta, as an identity company, and while that's still true, in a world where identity is security, Okta is a security company,” McKinnon said, pointing out that the company has “had an all hands on deck approach to build to become one of the most secure companies in the world.”
McKinnon cited the company’s Secure Identity Commitment, which was announced earlier this year, as part of a “long-term commitment to lead the industry in the fight against identity-based attacks.”
The commitment is around building market-leading identity products that are secure by default, hardening corporate infrastructure, championing customer best practices and elevating the entire industry to be more protected from attacks.
“We will not stop until there are no more identity-based attacks,” he said, saying it starts with helping ensure that customers are best protected. This is being enabled by the company’s Secure Identity Assessment - announced at last year’s Oktane - and where Okta engineers ensure that your Okta installation is set to the highest secure configuration, and to make sure everything's locked down and up to your posture.
Best Practises
Saying that the assessment is now being rolled out to a total ecosystem, McKinnon said the team has “worked with some of the most secure organizations in the world, and we've learned a lot and we want to share those best practices with you.”
He said: “The best thing about it is that as your identity security posture improves over time, We can reassess it, and make sure you're attaining a level, you want you require, and you're maintaining that level, even as your technology infrastructure and ecosystem evolves.”
McKinnon said the company is intent on “putting all the pieces in place to eliminate identity-based attacks and let's be clear, we will not stop until we get there: and what an amazing accomplishment that will be.”
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
