I am sure many already know this, but I wanted to hammer home a thesis argument for OKTA following my reading of their Q4 Earnings Call Transcript. From the CEO, Todd McKinnon, on the call:
“Lastly, I’d like to address one final strategic priority for the year, security. The architecture for security shifting from network-centric to identity-centric as the firewall can no longer protect the nucleus of the enterprise. The Okta identity cloud lays the foundation for a zero trust security framework which includes advanced capabilities like contextual access management and continuous authentication.”
In layman’s terms, when you are at work, and on the company network, that would be an example of a network-centric firewall. You are using their computer, their cables, their router, etc, etc. However, say you take a trip to a foreign country, and still have to access confidential company information. Now, you are reliant upon the security of your personal phone/laptop, whatever hotel or cafe’s wireless network you might be on, and even the servers in your geographical location that are trying to access your company’s servers back home. This creates many more potential “leak points” for hackers to gain access from. A network-centric system has no ability to monitor and secure the data from all these leak points that you are transmitting data from. A user identity-centric system however, focuses on monitoring and securing the user, regardless of what device or network they may be on, or what location they find themselves at. Now, tell me a single company that doesn’t want that style of security?
One last line from McKinnon:
“When we started the company, our bet on the cloud was far from a sure thing and while it’s still relatively early, today the movement to the cloud is inevitable and it has now created huge opportunities in security that we are also well positioned to capture.”
I’m way long OKTA.
A user identity-centric system however, focuses on monitoring and securing the user
This technology could apply to a company like DocuSign and its system of agreements platform, as well. Why require on a signature if every identity on-line can be veritably unique to each individual? Checking an agreement box would serve same purpose as manually signing in this case.
Long DOCU & OKTA
“Lastly, I’d like to address one final strategic priority for the year, security. The architecture for security shifting from network-centric to identity-centric as the firewall can no longer protect the nucleus of the enterprise.”
He elaborated on this in an answer during the Q and A, and it was my favorite part of the call:
The old world was like, you had the network perimeter and a you put all your security rules in your firewall and you had a VPN outside of that and everything outside was not secure and everything inside was secure. Moving to a zero trust world is where you don’t trust that perimeter and what it means is that you have to do security all the way down to the individual level. … So, the global IT market is $1 trillion. But cloud is only 20% of that. It’s only about $200 billion, if you add up all the infrastructure to service, all the SaaS apps, all that stuff. It’s still only 20%. So we are basically at a tipping point where companies have so much cloud now that they really have no choice. They can’t trust the perimeter because 20% things aren’t in their perimeter.
Zscaler and Okta making the same macro security pitch. OKTA can’t match ZS in this, but plenty of room for two. OKTA states their zero trust is based on pattern recognition.
What I heard OkTA say is that their competing against MSFT in this space. And their advantage is figuring out how to integrate single sign on within all the applications in an enterprise system.
The recent acquisition will allegedly make it easier for OKTA to make these rules goes deeper (sign in to this DB…then pass that along to this other DB…etc etc)
Then OKTA has all the rules written and just manages login patterns for the user as “zero trust”
But true security looks something like ZS where outside of your network, you rely on a completely separate network. OKtA is simply scanning before you arrive.
This is my read, but I welcome corrections. There is overlap that folks should be aware of.
JAF - I agree, thats my (limited) understanding as well.