The world is opening up, and our invites to attend events around the world are flooding back in.
With our team already in the US, we took the opportunity to drop in on the annual Okta fest – Oktane22.
When we travel to report on events, we aim to act as the eyes and ears of our readers, it’s difficult for Asia-based IT and security professionals to travel to these US events, so we aim to give an Asia spin on these big global events based stateside.
The first thing you realise as you walk into the event is the scale, it’s a visible and physical reminder that Okta is a major player. It’s something most of us know but seeing the scale, the number of people and the number of exhibitors they command puts it into clear perspective.
It also doesn’t hurt bringing in Serena Williams as your keynote speaker, in keeping with the scale of the event, and I am sure she helped draw in what was a very large crowd for a 7 pm session.
Like almost everyone watching, I am in awe of her legacy and talent but was even more struck by how articulate she is and what incredible clarity of thought she brings to everything she discussed, and whilst no one expected her to be an expert on identity security, her insight on business and investing was interesting.
We managed to catch up with Ben Goodman, Okta’s SVP and GM for APJ who was out in San Francisco for the event and get his take on the most important takeaways from Okta that are relevant to cybersecurity professionals who are based in Asia.
From Ben’s perspective he sees three really important “takeaways” from Oktane22 for security professionals across Asia:
Ben explained “We’re announcing that Okta is the first identity provider that can deliver anti-phish identity solutions across your entire organisation — any user, any device, and every major operating system. That starts with Okta FastPass, which is now the most comprehensive anti-phishing authenticator for the enterprise. We’re also building on what FastPass does for your workforce by using managed devices and extending to third parties using any kind of device. With new enhanced security checks, Okta can understand the OS version, whether passcodes are enabled, and whether disks are encrypted to improve the security posture for third parties outside your own device management perimeter.”
The next really important area Ben highlight for Asian security professionals is in the area of standing privileges. “I’m also excited about solving the inherent risks posed by standing privileges, where privileged accounts or users have standing access to critical infrastructure and resources. Standing privileges create more security vulnerabilities because they extend access to users who may no longer require it, and their user credentials can then become targeted assets for threat actors. We’ve seen a ton of attacks that have their origins in these kinds of standing privileges, and the ability to solve it through a single unified solution is a pretty big departure from how the world has traditionally worked. Integrating Identity Governance and Administration (IGA) and Privileged Access Manager (PAM) capabilities with Identity and Access Management (IAM) ensures that IT has more power and control over access management without compromising on security or user experience.”
Perhaps Ben’s single bullet for the whole of Oktane22 is the ‘two clouds’ message. “One of the biggest transitions announced at Oktane22 is that Okta is now a two-cloud company. Okta’s identity technology spans both workforce and customer identity with two purpose-built clouds: The Customer Identity Cloud and the Workforce Identity Cloud.”
For clarity. The Customer Identity Cloud is the Auth0 technology that Okta acquired in 2021. It’s an easy-to-implement and customisable customer identity solution that helps organisations resolve the tension between security, privacy, and user experience for their customers. The Workforce Identity Cloud is a single control plane that gives IT and security teams the ability to manage identity across all enterprise resources and users.
Getting Ben’s steer on the critical messages was helpful but we also took the chance to dive into the Okta ecosystem.
The CSA team has 2022 as the year of collaboration between Cybersecurity companies. Compared to other areas in the IT space, security has always been more of a community. It’s rare you see storage companies collaborate, the same is not true amongst cybersecurity companies.
We believe that XDR has cemented the idea of collaboration because for XDR to be effective you need to share data. Any security company that wants to play in the XDR market needs to play with other security companies too.
In the case of Okta, the nature of identity-based security has meant they have always collaborated, not just with other security companies but with any application vendors who need an identity for authentication.
With this in mind, we dived into the exhibition hall to see just how much Okta “love” was going on.
For a company with such a maniacal focus, it is interesting that so many security and application companies see the value of supporting the Oktane22 expo area. With more than 50 vendors at a quick count.
Here’s some feedback we gathered about identity security in general and how companies engage with Okta from a collection of the vendors that chose to exhibit at the event.
Jules Martin – VP Eco System and Alliance at Mimecast
On Identity - “Identity is a critical element of any company’s security posture, and it’s becoming even more so, I have no doubt that that trend will continue.”
On Okta - “Mimecast and Okta work perfectly in that respect. Our companies collaborate and share information. Mimecast is excellent at spotting possible compromises, especially via email. Mimecast and Okta integrate allowing us to inform their identity management about potentially compromised users that we uncover.”
Jeremiah Mason, SVP, Product at authID Inc
On Identity - “Identity is vital to an organisation’s security posture. Establishing strong identity assurance is critical in defending an organisation’s infrastructure against sophisticated cyber attacks. And in a digital world where bad actors are relentless when it comes to bypassing authentication methods to access sensitive information, there is no room for identity assumptions. By eliminating passwords and leveraging biometric identity authentication, organisations can accurately and securely verify an identity, eliminating any assumption of ‘who’ is behind a device, and preventing cybercriminals from infiltrating accounts and seizing assets.”
On Okta – “authID is an integration partner with Okta. Verified Human Factor Authentication (HFA) plus Okta delivers FIDO2 password-less authentication combined with biometric certainty to authenticate the human, not just the device, eliminating the risks and hassles associated with passwords. Verified enhances Okta IAM to secure desktop and mobile workforce devices with cryptographic FIDO2 passkeys, seamlessly enrolling users with a simple selfie captured in any browser. Verified plus Okta eliminates passwords, credential compromise, and related business disruption risks. In pairing frictionless identity assurance with device authentication assurance, Verified offers strong identity assurance, portable identity, and secure account recovery.”
Josh Jagdfeld - Senior Director, Alliances and Developer Relations at Jamf
On Identity – “Identity is one of the most important variables in considering an overall security strategy. Without fully understanding who the person is, the endpoint they’re using, and their current network state, it’s impossible to have a complete picture of their potential vulnerabilities. Leveraging identity allows Jamf to ensure that only trusted users, on known devices have access to appropriate corporate apps and resources on an ongoing basis as part of our Trusted Access model.”
On Okta – “Apple is leading the revolution of device management and user+device identity with Okta and Jamf joining forces to deliver those innovations to our shared customers. Okta and Jamf work closely to tie the cloud identity experience into a number of user-simple but enterprise-secure IT workflows: Onboarding, device provisioning, endpoint and app lifecycle management, strong authentication into corporate apps and resources, and zero-trust network access policy enforcement. With integrations across our management and security portfolio of products, Jamf and Okta are well-positioned to provide a best-in-class experience for both admins and end-users.”
Derek Hanson, VP of Standards and Alliances at Yubico.
On Identity – “Cyber attacks and the resulting ransomware attacks and data breaches are on the rise. According to the recent Verizon Data Breach Report, the attacks that are the most successful use phishing as the foundation of the attack. These attacks boil down to the art of tricking people into revealing personal information and their credentials – including usernames, passwords, and/or authentication codes.”
“The central goal of enterprise identity strategy is to enable the right users on the correct devices to gain access to sensitive assets. The modern approach to counter this requires an IAM solution paired with strong phishing-resistant authentication. IAM Solutions that provide single sign-on solutions and strong phishing-resistant Multi-Factor Authentication (MFA) solutions are two sides of the same coin.”
“Single-Sign-On (SSO) without MFA means that when any user account is breached for a single application, that breach can easily be spread to all applications the user has access to. Strong phishing-resistant MFA without SSO means users are constantly interrupted for authentication. SSO and phishing-resistant MFA are two identity practices that are the core building blocks of preventing an entire class of cybersecurity attacks for an enterprise.”
On Okta – “Okta and Yubico have a long-term innovative and successful partnership. In 2018, Yubico and Okta launched our first joint solution for customers to enable the best-in-class one-time password solution. Since that launch, our partnership has evolved into focusing on solutions for customer demands on preventing phishing.”
“Today using WebAuthn, YubiKeys and Okta deliver the strongest level of authentication assurance and defence against phishing and man-in-the-middle attacks. A user can use their YubiKey as the primary, step-up, or backup authentication method in conjunction with Okta Adaptive MFA, ensuring secure user access at all times.”
Okta and Yubico make strong authentication easy to adopt and manage by:
Enabling customers to securely and easily authenticate any enterprise application with Okta’s services and YubiKeys to prevent credential compromises.
Provide high-assurance authentication methods for organisations of any size or complexity that need to meet authentication.
Providing an always-on and always-available strong authentication solution with YubiKeys that are crush and water-resistant, and require no batteries.
Andy Horwitz, VP Business Development Netskope
On Identity – “In today's digital world, where users are accessing data from anywhere, on any device, and at any time, strong digital identity management has never been more important. Having confidence that the identities accessing an organisation's data are legitimate and authorised is the cornerstone of ensuring trust in our digital ecosystem.”
On Okta – “Okta is a strategic technology partner for Netskope. Thousands of companies leverage our integrations every day. Together, we provide organisations with simple and secure access to tens of thousands of applications in the cloud, whether sanctioned or unsanctioned. Effectively, with Okta, companies can manage single sign-on convenience to all the cloud applications that the company have approved for use, and Netskope couples with that to make sure that whatever usage is happening in those cloud applications is done securely, protecting both users and company data with a single set of policies for data loss prevention and threat protection. Every application needs authorisation and access. Our partnership with Okta allows us to offer a more complete security solution, designed for a cloud-first world, where the protection goes around the individual, the application, the device and the data wherever they go.”