Oktane20 happening now (plus new products)

Oktane is Okta’s annual customer conference. It’s also went Okta likes to dump a LOT of product announcements, so I like to follow along.

This year Oktane20 has gone fully virtual, and can be joined for free, so I’ll be following along over the next 2 days.

Here’s a pic of their virtual conference lobby that I’m sitting in til the CEO keynote starts: https://www.dropbox.com/s/ordvg0bamfsflln/Oktane20lobby.jpg?..

I’ll be watching it in the background and will give add’l updates on this thread. In addition to Oktane20, Okta scheduled an investor day today.

A few press releases have dropped already:

New platform layout - Okta Platform Services

• ask Twilio has been doing, and Okta has started last year, they are creating their platform as building blocks for API integration for partners and customers
• further situates Okta to be able to embed deeply into customers workflows
• platform:

• Identity Engine (their core contextual Auth engine)
• Directories (user mgmt)
• Integrations (integrating with partners, aka SaaS apps)
• Insights (ML/AI engine over it all)
• Workflows (no-code environment for building complex identity-based enterprise workflows)
• Devices (device mgmt)

By building Okta Platform Services with a modular, service-oriented architecture, Okta, along with its customers and partners, can quickly create new features to speed innovation for everyone in the ecosystem.

New product - Okta Fastpass: https://investor.okta.com/news-releases/news-release-details…

• passwordless login across devices, apps and OSes
• includes iOS, iPadOS, macOS, Android, and Windows
• use Okta Verify app to register device
• once device is registered, employees can access their apps on any device without ever needing to enter a password
• available Early Access late this year

Once end users register their device via the Okta Verify application, a strong binding is created in the Okta Identity Cloud between the user and the device. When accessing an Okta-managed application via a browser, desktop application, or a native mobile application, end users are not prompted for a password. This means users get an end-to-end passwordless login experience when using devices that support biometrics, from unlocking the device, to registering the device to Okta with no password prompt, to subsequent logins on the same device. Optionally, administrators can create fine-grained policies that combine Okta Device Trust, endpoint security integrations, and other adaptive policies with Okta FastPass to deliver secure, passwordless experiences for only managed, compliant devices.

Okta now has deep partnership with EPP providers (Crowdstrike, VMWare/CarbonBlack, Tanium): https://investor.okta.com/news-releases/news-release-details…

• strengthened partnerships with leading EPP providers (aka the software protecting the DEVICE from malware)
• helps provide deeper contextual security back to Okta products (aka the ML/AI features for advanced security)
• ties into Okta Verify app on device

Relying on the Okta Devices Platform Service, the Okta Identity Cloud is able to ingest those device risk signals to create a comprehensive risk profile of an individual login attempt. Okta can now make access decisions based on security posture signals from an individual’s device, using data delivered by both Okta Verify and leading endpoint management and endpoint detection and response partners. Together with partners, Okta can determine if the operating system is up-to-date, whether or not the device is jailbroken, if the device contains any malware, if the device is managed by IT, and whether or not a firewall is disabled. Okta can then leverage these signals to make the appropriate contextual response to an access request, such as denying access or prompting for an additional factor.

Okta upgrading the Partner Connect program: https://investor.okta.com/news-releases/news-release-details…

• improved Partner Accreditation program
• free technical training for partners
• newly launched Okta Innovation Center
• marketing tools for partners

-muji
long OKTA

raw notes from Oktane20 start

Sections of the conference app:
65 breakout sessions
Keynotes (20 people in total over 2 days)
Sponsors
Okta Hub - customer hub, developer hub, help desk
Okta for good
Ask the Experts

partner pavilion w/ virtual booths for:
Zoom, Dropbox, Yubico, VMWare, RingCentral, Slack, SurveyMonkey, Box

CEO keynote:

(started late… most of it was obviously pre-recorded, esp interviews)

Okta for Good is partnerning w/ COVID-19 foundations now.

Line between being a tech company and not a tech company is blurred - we are all tech companies now

most companies use:
collaboration platform
cust data platform
infrastructure platform
HR platform
finance platform

identity platform then needed to tie them all together, so is most important choice

during Work From Home era, identity is the centralizing force for worker mgmt

irony is that as Okta gets more successful, identity becomes less visible - user interactions become more transparent as security improves

Apple at last WWDC debuted new SSO library extension, tying identity to device

world’s only Identity Platform

customers use Okta for its flexibility, workflow

now the broad platform is called Okta Platform Services
https://www.okta.com/platform/

• modular components
• build custom solutions faster
• extends tech

• Identity Engine

• core auth services moving into modular system

• Okta Identity Engine (modular apis from last years Oktane19)
• Adv Server Access
• Access Gateway
  … taking their time to release it, to get it right and assure no impact

• Directories (user mgmt)

• Universal Directory

• Integrations (partner network)

• Okta Integration Network (now 6500+ integrations)

• Insights

• ML/AI over it all

• Okta Workflows [NEW]

• adv liftcycle mgmt, provisioning
• tying together:

• Okta Hooks (from last year’s Oktane19)
• Azuqua acquisition (Mar 2019)

• getting built into every product across platform
• code-free workflow building tool via “cards” (stages)
• tie into or trigger okta events or partner events

• Okta Devices [NEW]

• policies across all of a user’s devices
• new Okta Verify app for iOS, iPadOS, Android, Windows, Mac
• can take context of device into account (managed vs unmanaged device)
• Zero Trust mentality
• full view of all devices
• deeper partnership w/ EPP providers

New product: Okta FastPass

• passwordless auth across all devices
• new product integrated across Directories + Identity Engine + new Devices service
• eliminates need for ActiveDirectory
• sets the stage for next-gen Identity Mgmt

Breakout Session

I think the breakouts categories are interesting as it shows what trends are driving Okta right now.

Technical breakouts categories:
Zero Trust
Lifecycle
Cloud Access
Hybrid IT
Customer Identity
Integrations
Developer
Future of Identity
Leadership + Industry

I sat in a session “Learn How IT Leaders at Box, Slack, Zoom and Okta are Helping Remote Workers” with 4 SaaS providers talking about impacts of this pandemic. It was MC’d by the CIO of Box.

• Zoom workers are already heavily remote - didn’t have much adjustment to working life.

• Most companies were ready for this - already had remote work options.

• Stay-at-Home is a great test for the future of work layout.

• Slack had a plan in place for this, but the sheer rapidness of volume increases has surprised them.

• Business culture has had to ramp up quickly.

• Okta feels lucky to be cloud-friendly and remote-friendly, was already work-from-home one day a week.

• Cloud-first and cloud-native is having a lot of success now, but still have physical needs. Seeing increase in break-fix requests (broken devices) due to Stay-at-Home. Hiring hasn’t stopped - still have need to on-board new users and get them devices. Device inventory is dwindling.

• Another effect that SaaS providers cannot control: Everyone at home has been filling home bandwidth. E.g. Billy in the next room streaming 4k Netflix is affecting Zoom meeting quality.

• Distractions are high - pets, kids, spouses. Loneliness for single folks is a factor. Seeing a lot of social meetups - Happy Hour Open Mics, virtual WaterCooler, etc. Okta and Zoom empl had a cross-company “best background” competition over Zoom.

• Security threats are still going strong - fake COVID-19 focused malware, phishing attempts. Box has seen significant increase in malware attacks in inbound email.

• Okta is offering Adaptive MFA for free right now. They too are seeing way more phishing attacks.

• Huge focus on integrations helping in this situation. Slack is focused on helping ‘war room’ situations, chat rooms can launch Zoom meetings from the platform.

• Zoom had a CIO webinar, 96% said they were currently remote, 90% said their company was prepared for remote work. Employees aren’t so sure.

• Companies using SaaS integration platforms are doing remote work well.

• May be some Zoom fatigue. Zoom usage has exploded, but Slack for one is stressing to its employees to have more social meetings and less work meetings, and instead rely on other channels. [Of course, this benefits Slack, but seems a very legit point.]

• Companies are starting to allow an employee stipend for ramping up remote work capabilities quickly. Slack both provide employees a base device package, as well as stipend for furniture. Box also giving stipend. Okta is making sure engineers get the same setup at home.

• Best of Breed SaaS companies are rising - those providing crucial business operations.

• Okta tries to have 2 providers for everything for its infrastructure (monitoring, etc). Is going through analysis of what cloud companies might be in trouble just in case. Want to be ready.

• Situation is proving workers can be productive & secure working at home.

• Rules are adapting where they need to (physical signatures needed, in-person signoffs, etc). There will be a new normal after this.

Rough notes from another Oktane20 session.

Roadmap: Security

Okta has been advancing Passwordless authentication for a while
2012 - Desktop SSO
2017 - PIV/Smartcard
2018 - Device Trust
2019 - Factor Sequencing & WebAuthn
2019 - Email Magic Link

ThreatInsight - GA 8mo ago
4000 orgs have enabled it so far
60% auto block suspicious IPs
13M suspiciious events detected in Feb 2020

HealthInsight - GA in Jan
personal security recommendations
actionable recommendations
dynamically updated

Okta focus in upcoming Identity Engine release (Q4 2020)

SIMPLIFY POLICY MGMT

• share policies between SaaS apps
• step-up auth requirements (eg use MFA) on critical sensitive data apps (instead of all or none)

Okta FastPass

• registers devices with a specific user
• checks context (network used, etc)
• can step-up auth requirements (eg use MFA) for use identified as high-rish

Authentication Assurance

• next evolution in Factor Sequencing
• set security outcomes desired
• can set diff policy for diff user classes or app classes (sensitivity, contractors allowed, etc)
• requirements can be based on login context
• allows passwordless auth
• define multiple factors

example: you can set FastPass passwordless policy on non-sensitive apps (team communications), but require Adaptive MFA on sensitive apps (HR, finances)

IMPROVE THREAT DETETION

• Threats are ever changing
• Even with MFA, can be bypassed by user, or getting hit by phishing attempt
• Compromised devices

Allowing custom MFA
Adopting FIDO2 - all browsers now supportd
more devices embedding FIDO2 capabilities

Risk Engine: Risk-based Auth for Okta Verify

• can prompt user to verify auth attempts in Verify app

ThreatInsight moving past bad-actor identification via IP.
Preventing unofficial email clients.

INCREASE END-USER SELF SERVICE

Focus on lowering help-desk requests. End users can now see recent sign-ins, and security events like account changes. Redesigning entire End User settings UI, can access from any device.

Exposing it via API, enterprise can wrap their own end-user settings app. Providing more flexible account manage. Can recover factors using other factors, instead of requiring IT support. (As opposed to the “security question” method.)

Allowing enrolling Verify factors on multiple devices (Apple Watch, phone, MacBook TouchID).

OK last writeup in this thread - and saved the best for last. I hope these Oktane reports were helpful. Still a few more sessions I could watch, but I think I got out of them what I wanted. I find these conference keynotes and interviews pretty insightful into where Okta is going with their platform. Give the thread a like if you found value as I did.

Here is my notes on the Morning Keynote of Day 2. I posted a bit of this before in a separate post on how Analytics seem a very valuable service right now, after seeing how Tyson CTO was heavily using Analytics to be a lot more nimble during this pandemic. https://discussion.fool.com/analytics-are-crucial-right-now-3446…

This session writeup is very interesting reading it now again after the COO’s recent TMF interview that has been posted here recently. https://www.fool.com/investing/2020/04/14/motley-fool-live-o… He talked about consumer-facing (ever so slightly) in that interview, and it was the whole start of this earlier talk. Makes me wonder what Okta is up to. [RED ALERT RED ALERT - future pivot being spotted, a move into consumer-facing side that could easily be built over their enterprise platform’s core capabilities.]

Morning Keynote: The Value of Identity (COO Frederic Kerrest)

Consumer identities getting built. “Identity Tax Report” is a new report coming from Okta soon on their studies on CONSUMER side of identity. 52% of consumers don’t think search history is tracked. 93% of consumers don’t want their identity sold. 1/6 of US doesn’t register to vote due to difficulty in process.

Could build digital cloud services that are built around identity. Can make platforms to track all land/house transactions (basically describing what Docusign is doing with their Agreement Cloud).

National identity is scattered should be unified. SSN has become defacto ID. However basing ID on 9 digit SSN is highly insecure & has lead to ~9M US Americans having identity stolen per year. National digital ID going to come. Nation-states have been exploiting these weaknesses in citizen tracking. Russia has been digitally attacking democracies Ukraine, Germany, USofA during voting periods.

Digital identity can help secure our country. Online voting could be built around this identity. Okta is working heavily with political parties at fed/state/local level to help secure them.

MOVE TO CLOUD

Still early innings…

• IT spent >3.9T/yr. Enterprise software 507B
• SaaS is 116B, 25%, 3% of overall
• Global movement
• Brazil making huge investments.
• India cloud set to triple
• China cloud
• est 60% of fed depts using cloud in 3yrs

Tyson Foods CTO spoke on moving 85yr old company to modern infrastructure. [starts at 15:25 in vid]

Talking to another CTO who was boasting about having a new data center. He said “sorry to hear that” - data centers are too much cost to maintain and need to be able to scale on demand (otherwise you have to over-plan and have that extra capacity idle for majority of time). Companies need agility.

This pandemic requires agility. Supply & distribution chains are being disrupted. LOTS of analytics going on right now to be able to adapt. GenZ used to eat out, greatly impacted by this pandemic - now have to use groceries more. Tyson predicting what foods are helping solve that, and shifting their entire supply chain & distribution. Analyzing it all, to help predict how pandemic is spreading to get ahead of disruptions. Starting to go direct-to-grocery now to circumvent distribution networks impacted. Logistics are complex, for example truck drivers can’t eat as they drive the nation since truck stops aren’t serving.

New app made that they distributed on iPad network to help workers w/ life management (local regs, safety, education/GED, financial education, family help). Helps with communication during this crisis.

Analytics is becoming CRUCIAL right now. Being such an old company, things were driven for so long on analog processes. They are trying to isolate a lot of these paper processes in the entire process & digitize them, especially on the supply chain & distribution sides. Can then apply ML/AI over it to help improve speeds and keep prices down. Analytics is becoming CRUCIAL right now.

Gives them an advantage to navigate today’s issues as well as against competition. Business choices are also impacted by pandemic - software & process roll-outs were timed for now, but they have been delayed as they don’t want additional disruptions right now. This gives them more time to look at all the analytics and make choices for short-term & longer-term.

SOFTWARE IS EATING THE WORLD

Companies are still moving towards being SaaS tool driven.

VP of HP GreenLake Central (Hybrid Cloud) speaks. Every company is a technology company. Businesses cannot operate without tech. HP has a new cloud platform, GreenLake, that came out Dec’19 in preview, and now have 1000 customers on it. Bridges cloud scale & managed services with on-prem security. HP moving all services to this new platform by 2022 (3yr timeline). Should GA soon.

GreenLake uses Okta for customer identity mgmt. HP wanted help solving the Identity program and wanted it to be cloud-forward. Leverages Okta to handle that, so their engineers can focus on HP’s core focus. Time-to-live was super fast - Aug/Sept was initial release, then Okta got put in place for onboarding customers by Nov.

Identity is a critical aspect for customer’s user experience. Hybrid cloud is very complex. Okta is now deeply embedded via APIs/SDKs. Will continue to leverage the new API/modular design coming from Okta Platform Services.

[So let’s be clear, HP’s entire cloud-native future services platform is based on Okta for Customer Identity & auth. Same as Adobe did for Adobe Creative Cloud.]

TRADITIONAL PERIMETER IS GONE (Zero Trust)

Reduce risk by verifying users at all time. You must assure RIGHT people have RIGHT level of access to the RIGHT resources in the RIGHT context, and that the context is continually accessed. This is ZERO TRUST paradigm (see my Flavors of Security posts if you aren’t up on this).

Okta surveyed 500 companies. In North America, last year only 16% of companies were planning Zero Trust. Today now 60% have or are planning to add plans in 12-18mo.

CISO from Baker Hughes (energy co) spoke on transforming itself into an energy TECH company. Expanding beyond oil/gas into all energy tech. Has moved into Zero Trust for maintaining their entire global workforce.

June of 2017 was a merger between 2 large companies each with 35k global empls. Had to build all new business operations, so was opportunity to pivot to Zero Trust. It’s been 3yr transition into new security paradigm. Controlling access to new critical software apps for tracking finance, assets, intellectual property, employees. Massive Office365 deployment. Global employees between office & in-field staff.

Nation-states hackers are working together. High level of security is critical.

Interesting stuff, and the most interesting of the Oktane20 presentations. Sorry, Todd!

Speaking of the CEO, I spotted him reading one of Flieberman’s tweet threads, so I got to thank him first hand for Oktane20 being run well as a virtual conf, and for being freely accessible. He gave me a like. https://twitter.com/mujimu/status/1248795383410688002 So fun how accessible the C-suite can be on the Twitters these days.

-muji
long OKTA

Thanks for the write up Muji. Lots of interesting ideas about the changing need for the analytics that OKTA can provide. The Tyson discussion is very interesting, and from a choas management perspective it makes sense.

“Identity is a critical aspect for customer’s user experience. Hybrid cloud is very complex. Okta is now deeply embedded via APIs/SDKs. Will continue to leverage the new API/modular design coming from Okta Platform Services.”

Hi muji, I wish I could’ve given you more than one like for your hard work and the incredible insights you share about the companies discussed on this board!

We’re perhaps in the early stages of one of the most significant changes in how the IAM ( identity and access management ) landscape is going to look like.

The two areas:

1. Enterprise/Workforce Identity and Access Management: MSFT is the main competitor here. But remember that MSFT’s focus is not identity management. So, the threat is small.

2. Customer Identity Management: As more traditional companies try to digitize and enhance their customer experiences they need to move fast. It basically comes down to “Build vs Buy”…And here’s where OKTA steps in…

Your Tyson Foods example illustrates really well how this digital transformation and data analytics are so critical for traditional companies to stay relevant. Another way to think about this is… Tyson Food’s goal is to “Keeping food on your table” and NOT figuring out how to build “Identity and Access Management”. Leave that to OKTA.

Every company would like to focus on their key mission, instead of hiring software developers ( a race that’s already endangered :)) to implement IAM.

Well the Tyson Foods analogy is true for so many other traditional companies out there who are trying to digitize and stay relevant. That’s the TAM for OKTA on the customer identity space.

Closing Thoughts: As you may have guessed from a few of my earlier posts that OKTA is one of my favorite SaaS companies along with ZM and a few others. I still feel OKTA is the best and the strongest ( in terms of moat). Unless the world adopts a true decentralized identity on the blockchain, I don’t see any other company on the horizon that can disrupt OKTA as of now. It has the highest allocation in my portfolio ( and helps me sleep well :)).

Digressing a little…Here’s a twit from OKTA CEO Todd McKinnon just incase if you haven’t seen it: It’s another testimony why FB cannot dislodge ZM from the enterprise space.

https://twitter.com/toddmckinnon/status/1253073619908870145

Cheers!

ron
long <OKTA, AYX, DDOG, NET, ZM, CRWD>

P.S. Please do setup MFA wherever you can and let me know if you feel strongly about another company that should replace my list of six .

Digressing a little…Here’s a twit from OKTA CEO Todd McKinnon just incase if you haven’t seen it: It’s another testimony why FB cannot dislodge ZM from the enterprise space.

https://twitter.com/toddmckinnon/status/1253073619908870145

Here’s what the CEO of Okta said about Zoom a couple of days ago in that little twit:

The okta team has benefited greatly from Zoom_US since we started using it and over the past two months as we moved to remote work. We trust eric s yuan and team to continue to make progress on this important technology ZoomOn

The “security, hacks, pile-on” short attack is already ancient history and the enterprise customers seem to have ignored it.

Thanks to Ronjonb for finding this.

Saul

I thought someone would post this and waited for more than a day before posting…

This article may be behind a paywall but you should be able to sign-in with an existing email to read it… do read it.

Most important; read the last paragraph where you see the surprise of how a Google employee meeting turned out!

-ron

https://www.nytimes.com/2020/04/24/technology/zoom-rivals-vi…