By pushing a Zero Trust model, Okta is actually pointing out that they’re just one piece of a potential solution. As they point out in their own blog post: https://www.okta.com/resources/whitepaper/zero-trust-with-ok… , Forrester’s Zero Trust white paper (http://www.virtualstarmedia.com/downloads/Forrester_zero_tru… ) has three main parts:
• Ensure all resources are accessed securely regardless of location
• Adopt a least privilege strategy and strictly enforce access control
• Inspect and log all traffic
There is nothing in Okta that I’m aware that inspects all traffic. They’re an Identity Management company. If there’s a virus on your machine, once you’re logged into that machine, the virus could potentially do bad things with your identity.
This is where ZScaler comes in. It literally looks at all traffic before it gets to its destination, in both directions and even if SSL is used.
Okta actually acknowledges its solution set isn’t complete. From the above link: The Okta policy framework is a condition and actions engine that acts as the first line of defense in keeping your organization secure, and based on the conditions you have defined, the policy engine will respond with actions such as allow, deny, prompt for MFA and more. Our upcoming behavioral detection policies enhance the Okta policy framework to track unusual activity such as anomalous location, anomalous IP, and anomalous devices. (emphasis added)
In short, Okta’s solution will involve using AI to determine what might not be actual authorized requests. But, as far as I can tell, that’s not in place today.
That said, it would seem that integrating Okta into an existing environment is easier than integrating ZScaler, and currently doesn’t require that you trust a third party with all your traffic, both internal and external.