As IAM demand builds, tight identity integration will secure enterprises’ cloud transition: Okta

Increasing integration of identity-management frameworks at the API level will push human error out of the security equation and produce a cloud-security foundation that is “many times more secure than a password could ever be”, the local head of fast-growing Okta has predicted on the back of surging customer adoption that he says points to the rapid maturation of Australian companies' cloud philosophy.

Despite recently announcing high-profile local customers like REA Group, Baker's Delight, Cricket Australia and others, Okta – which secured $US75 million in venture-capital funding in September – is “only scratching the surface” of the fast-growing identity and access management (IAM) market, APAC vice president Graham Pearson told CSO Australia.

“There is not one set vertical buying our technology,” he said. “That just says to me that Australian organisations are adopting the cloud and they can see that security is a fundamental piece of that. Employers want their employees to be able to do their jobs easily, efficiently, and securely – and that's definitely a message that's resonating here in Australia.”

Strong mobile usage had compounded Australia's early-adopter advantage in Okta's core market space, where a climate of ongoing security breaches had heightened executive appreciation of the need to wrap mobile adoption into a flexible and enterprise-wide management infrastructure.

“That's our vision,” Pearson said, highlighting the company's security credentials as a cloud-only provider of IAM services. “It's essentially to enable any company out there to use any technology they want to, however they want to do it, and make it secure. And organisations in the cloud take security and uptime more seriously than someone who is wearing a pager in an organisation.”

The ongoing stampede to the cloud is being empowered by growing recognition that identity is a common thread for organisations of all types and sizes – and this was reflected in the growing usage of APIs to build secure inter-application exchanges that would become increasingly important as IAM usage matured next year and beyond.

By using APIs to exchange credentials, applications could enjoy non-repudiable authentication and communication that would prove even more useful in securing remote access than existing user ID-and-password combinations.

“As new pieces of software come out they're all being built at the API layer,” Pearson said. “Once you get that, the handshake between Okta and an application is so encrypted that you can do without a password. The handshakes that Okta does in the background are so many times more secure than a password will ever be – and the technology will get to the point where it's all API driven.”

The desire to build broader authentication is driving Okta to work closely with implementation partners: Okta's Australian arm, for example, recently forged an alliance with NSW-based cloud specialist VMtech and Qubit Consulting as well as Queensland's Cloud Strategic Services and Victoria's Identity Solutions.

Read more: ​Re-used crypto keys expose millions of devices to attack

Okta's Australian arm – which opened a little over a year ago – is expected to grow strongly in coming months with new staff hired to support these partnerships and accommodate growing demand.

A key part of the customer engagement was to make sure that the IAM architecture was well-developed enough that the system saw strong adoption over time: REA Group, for example, wrapped a cloud-based corporate reinvention around Okta and was able to move 98 percent of its systems to the cloud as a result.

“A huge part of our business is customer success,” Pearson explained, noting that in the past many such purchases ended up as 'shelfware' when implementation became too hard or resources were too hard to find.

Taking IAM as a service using the cloud model forced Okta and other providers to work much harder to continue generating customer value, Pearson said – marking “a big backflip on how the world used to be. We have to have customers not only buy it, but use it – because if they're not using it they can turn it off next year.”

Read more: ​Visibility and control over SSL traffic in an era of HTTP/2.0

Join the CSO newsletter!

Error: Please check your email address.

Tags cloud-securitysecure enterprisescustomer satisfactionIAMOktaCSO Australia

More about APACCricket AustraliaCSOIdentity SolutionsOktaPearsonREA GroupVMtech

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place