identity
Auto Added by WPeMatico
Auto Added by WPeMatico
Okta today announced it was expanding its platform into a couple of new areas. Up to this point, the company has been known for its identity access management product, giving companies the ability to sign onto multiple cloud products with a single sign on. Today, the company is moving into two new areas: privileged access and identity governance
Privileged access gives companies the ability to provide access on an as-needed basis to a limited number of people to key administrative services inside a company. This could be your database or your servers or any part of your technology stack that is highly sensitive and where you want to tightly control who can access these systems.
Okta CEO Todd McKinnon says that Okta has always been good at locking down the general user population access to cloud services like Salesforce, Office 365 and Gmail. What these cloud services have in common is you access them via a web interface.
Administrators access the speciality accounts using different protocols. “It’s something like secure shell, or you’re using a terminal on your computer to connect to a server in the cloud, or it’s a database connection where you’re actually logging in with a SQL connection, or you’re connecting to a container, which is the Kubernetes protocol to actually manage the container,” McKinnon explained.
Privileged access offers a couple of key features including the ability to limit access to a given time window and to record a video of the session so there is an audit trail of exactly what happened while someone was accessing the system. McKinnon says that these features provide additional layers of protection for these sensitive accounts.
He says that it will be fairly trivial to carve out these accounts because Okta already has divided users into groups and can give these special privileges to only those people in the administrative access group. The challenge was figuring out how to get access to these other kinds of protocols.
The governance piece provides a way for security operations teams to run detailed reports and look for issues related to identity. “Governance provides exception reporting so you can give that to your auditors, and more importantly you can give that to your security team to make sure that you figure out what’s going on and why there is this deviation from your stated policy,” he said.
All of this when combined with the $6.5 billion acquisition of Auth0 last month is part of a larger plan by the company to be what McKinnon calls the identity cloud. He sees a market with several strategic clouds and he believes identity is going to be one of them.
“Because identity is so strategic for everything, it’s unlocking your customer, access, it’s unlocking your employee access, it’s keeping everything secure. And so this expansion, whether it’s customer identity with zero trust or whether it’s doing more on the workforce identity with not just access, but privileged access and identity governance. It’s about identity evolving in this primary cloud,” he said.
While both of these new products were announced today at the company’s virtual Oktane customer conference, they won’t be generally available until the first quarter of next year.
Powered by WPeMatico
So much can change in a day.
This morning, news that a trial COVID-19 vaccine candidate had an effective rate of more than 90% shook the financial world. The Pfizer vaccine is reportedly so effective, the company “will have manufactured enough doses to immunize 15 to 20 million people” by the end of the year, according to the New York Times, appears to have given investors the green light to pile back into companies harmed by the pandemic.
The Exchange explores startups, markets and money. Read it every morning on Extra Crunch, or get The Exchange newsletter every Saturday.
The shift of money from shares that proved popular during the summer is massive and abrupt. Zoom and Peloton are down sharply this morning, while Uber and Lyft are soaring. Indeed, the Dow Jones Industrial Average and S&P 500 indices are up around 4.8% and 3.3% respectively, while SaaS and cloud share are off 3.5%.
Investors are taking money out of companies that were expected to do well thanks to the pandemic and moving that capital into firms that were weakened by the pandemic.
Our question for this morning: what do these changes mean for the economic forces that have broadly favored venture-backed startups? What happens to high-flying startups if the pandemic trade flips? What’s next for insurtech, edtech, fintech and SaaS? Let’s discuss.
Short-term market movements do not always predict the future accurately, so we should not treat today’s trading as gospel.
That said, it’s not hard to draw some basic conclusions from the trading activity. Here’s what I think we can deduce from today’s stock market activity:
Powered by WPeMatico
It seems that no-code is the tech watchword of the year. It refers to the ability to create something that normally would require a developer to code, and replace it with dragging and dropping components instead, putting the task in reach of much less technical business users. Today Okta announced new no-code workflows that provide a way to use identity as a trigger to launch a customer-centric workflow.
Okta co-founder and CEO Todd McKinnon says that the company has created a series of connectors to make it easier to connect identity to a workflow that includes sales and marketing tooling. This comes on the heels of the identity lifecycle workflows the company introduced at the Oktane customer conference in April.
“For this release we are introducing customer identity workflows which are focused on the connectors for all the customer-specific systems, things like Salesforce and Marketo and all the customer-centric [applications] that you’d want to do with your customer identities. And you can imagine over time that we’re going to expose this to more and more areas that will cover every kind of scenario a company would want to use,” McKinnon told TechCrunch.
McKinnon says that last year the company introduced Platform Services, which pulled apart the various pieces of the platform and exposed them as individual services, which bigger-company customers could tap into as needed. He says that this is an extension of that idea, but instead of having to get engineering talent to write complex code to tie the Okta service into say Salesforce, you can simply drag the Salesforce connector to your workflow.
As McKinnon describes this using early adopter MLB as an example, say someone downloads the MLB app, creates a log-in and signs in. At that point, if MLB marketing personnel wanted to connect to any applications outside of Okta, it would normally require leveraging some programming help to make it happen.
But with the new workflow tools, a marketing person can set up a workflow that checks the log-in for fraud, then sends the person’s information automatically into Salesforce to create a customer record, and also triggers a welcome email in Marketo — and all of this could be done automatically triggered by the customer sign up.
Image Credits: Okta
This functionality was made possible by the $52.5 million acquisition of Azuqua last year. As COO and co-founder Frederic Kerrest wrote in a blog post at the time of the acquisition (and we quoted in the article):
With Okta and Azuqua, IT teams will be able to use pre-built connectors and logic to create streamlined identity processes and increase operational speed. And, product teams will be able to embed this technology in their own applications alongside Okta’s core authentication and user management technology to build…integrated customer experiences.
And that’s precisely the kind of approach the company is delivering this week. For now, it’s available as an early adopter program, but as Okta works out the kinks, you can expect them to build on this and add other enterprise workflow connectors to the mix as it expands this vision, giving the company a way to move beyond pure identity management and connect to other parts of the organization.
Powered by WPeMatico
Okta, the popular identity and access management service, today used its annual (and now virtual) user conference to launch Lifecycle Management Workflows, a new tool that helps IT teams build and manage IFTTT-like automated processes with the help of an easy to use graphical interface.
The new service is an extension of Okta’s existing automation tools. But the key here is that IT teams and developers can now easily build complex identity-centric workflows across a wide range of applications. With this, these teams can easily automate an onboarding process, where setting up a new Okta account also immediately kicks off processes on third-party services like Box, Salesforce, ServiceNow and Slack to set up accounts there. The same goes for offboarding workflows and username creation. A lot of companies still do this manually, which is not just a hassle but also error-prone.
“Adopting more technology is incredibly beneficial for enterprises today, but complexity is a significant side effect of a changing technology ecosystem and workforce. There is no better example of the potential challenges it can create than with lifecycle management,” said Diya Jolly, chief product officer at Okta. “Okta’s vision of enabling any organization to use any technology goes deeper than just access; it’s about improving how organizations use technology. Okta Lifecycle Management Workflows improves the efficiency and security of enterprises through its simple user experience and broad applicability, keeping organizations secure and efficient without requiring the complexity of writing code.”
Okta, of course, had lifecycle management features before, but now it is also putting its acquisition of Azuqua to work and using that company’s graphical interface and technology for making it easier to create these automation processes. And while the focus right now is on processes like provisioning and de-provisioning accounts, the long-term plan is to expand Workflows with support for more identity processes.
As Okta also stresses, administrators can also manage very granular access across the supported third-party tools like assigning territories in Salesforce or access to specific group channels in Slack, for example. For temporary employees, admins can also set up automatic de-provisioning workflows that revoke access to some tools but maybe leave access to payroll services open for a while longer. There are also built-in tools for automatically managing conflicts when two people have the same name.
“Millions of people rely on Slack every day to make their working lives simpler, more pleasant and more productive,” said Tamar Yehoshua, chief product officer at Slack, one of the early adopters of this service. “Okta Lifecycle Management Workflows has significantly increased efficiency for us by automating the provisioning and de-provisioning of users from applications in our environment, without us ever having to write a line of code.”
This new feature is part of Okta’s new Platform Services, which the company also debuted today and which currently consists of core technologies like the Okta Identity Engine, Directories Integrations, Insights, Workflow and Devices. The core idea behind Platform Services is to give Okta users the flexibility to manage their unique identity use cases but also to give Okta itself a platform on which to innovate. One other new product that sits on top of the platform is Okta Fastpass, for example, which allows for passwordless authentication on any device.
Powered by WPeMatico
End users tend to get a bad rap in the security business because they are often the weakest security link. They fall for phishing schemes, use weak passwords and often unknowingly are the conduit for malicious actors getting into your company’s systems. Okta wants to change that by giving end users information about suspicious activity involving their login, while letting them share information with the company’s security apparatus when it makes sense.
Okta actually developed a couple of new products under the umbrella SecurityInsights. The end user product is called UserInsights. The other new product, called HealthInsights, is designed for administrators and makes suggestions on how to improve the overall identity posture of a company.
UserInsights lets users know when there is suspicious activity associated with their accounts, such as a login from an unrecognized device. If it appears to involve a stolen password, he or she would click the Report button to report the incident to the company’s security apparatus where it would trigger an automated workflow to start an investigation. The person should also obviously change that compromised password.
HealthInsights operates in a similar fashion, except for administrators at the system level. It checks the configuration parameters and makes sure the administrator has set up Okta according to industry best practices. When there is a gap between the company’s settings and a best practice, the system alerts the administrator and allows them to fix the problem. This could involve implementing a stricter password policy, creating a block list for known rogue IP addresses or forcing users to use a second factor for certain sensitive operations.
Health Insights Report. Image: Okta
Okta is first and foremost an identity company. Organizations, large and small, can tap into Okta to have a single sign-on interface where you can access all of your cloud applications in one place. “If you’re a CIO and you have a bunch of SaaS applications, you have a [bunch of] identity systems to deal with. With Okta, you narrow it down to one system,” CEO Todd McKinnon told TechCrunch.
That means, if your system does get spoofed, you can detect anomalous behavior much more easily because you’re dealing with one logon instead of many. The company developed these new products to take advantage of that, and provide these groups of employees with the information they need to help protect the company’s systems.
The SecurityInsights tools are available starting today.
Powered by WPeMatico
At the Identiverse conference in Boston today, Ping Identity announced that it has acquired Elastic Beam, a pre-Series A startup that uses artificial intelligence to monitor APIs and help understand when they have been compromised.
Ping also announced a new product, PingIntelligence for APIs, based on the Elastic Beam technology. They did not disclose the sale price.
The product itself is a pretty nifty piece of technology. It automatically detects all the API IP addresses and URLs running inside a customer. It then uses artificial intelligence to search for anomalous behavior and report back when it finds it (or it can automatically shut down access depending on how it’s configured).
“APIs are defined either in the API gateway because that facilitates creation or implemented on an application server like node.js. We created a platform that could bring a level of protection to both,” company founder Bernard Harguindeguy told TechCrunch.
It may seem like an odd match for Ping, which after all, is an enterprise identity company, but there are reasonable connections here. Perhaps the biggest is that CEO Andre Durand wants to see his company making increasing use of AI and machine learning for identity security in general. It’s also worth noting that his company has had an API security product in its portfolio for over five years, so it’s not a huge stretch to buy Elastic Beam.
With this purchase, Ping has not only acquired some advanced technology, it has also acqui-hired a team of AI and machine learning experts that could help inject the entire Ping product line with AI and machine learning smarts. “Nobody should be surprised who has been watching that Ping will drive machine learning AI and general intelligence into our identity platform,” Durand said.
Harguindeguy certainly sees the potential here. “I think we can over time bring a high level of monitoring and intelligence to Ping to understand whether an identity may have been used by someone else or being misused somehow,” he said.
Elastic Beam interface. Photo: Elastic Beam website
Harguindeguy will join Ping Identity as Senior Vice President of Intelligence along with his entire team. Neither company would divulge the exact number of employees, but Durand did acknowledge it fell somewhere between the 11 and 50 mentioned in the company Crunchbase profile. The original team consisted of around 10 according to Harguindeguy and they have been hiring for some time, so fair to say more than 11, but less than 50.
Harguindeguy says they were pursued by more than one company (although he wouldn’t say who those other companies were), but he felt that Ping provided a good cultural match for his company and could take them where they wanted to go faster than they could on their own, even with Series A money.
“We realized this is going to be really big. How do we go after the market really strongly really fast? We saw that we could fuse this really fast with Ping and have strong go to market with them,” he said.
Durand acknowledged that Ping, which was itself acquired by Vista Equity Partners for $600 million two years ago, couldn’t have made such an acquisition without the backing of a larger firm like this. “There was there was no chance we could have done either UnboundID (which the company acquired in August 2016) or Elastic Beam on our own. This was purely an artifact of being part of the Vista family portfolio,” he said.
PingIntelligence for APIs, the product based on Elastic Beam’s technology, is currently in private preview. It should be generally available some time later this year.
Powered by WPeMatico
Who are you? That’s both an existential question, and also a very practical administrative concern. Today, identity is often exchanged through the use of government ID cards and official paperwork, but what happens when someone loses that paperwork or it is destroyed? Or, as is often the case in many countries around the world, a citizen never received the paperwork to begin with?
Element wants to completely change the way banks, hospitals, and other service providers work with their customers by providing a platform for decentralized biometric identity. The company’s software runs on any mobile device, and using the device’s camera, it can identify a user’s face, palm, and fingerprints to create a verified match. Users have options on which modality they want to use.
Biometric identification is a tough machine learning application, so it shouldn’t be surprising that Element, which was formed in 2012, was co-founded by Adam Perold, a Stanford-educated product designer, and Yann LeCun, a famed machine learning researcher. LeCun was the progenitor of convolution neural nets, which today form one of the foundational theories for deep learning AI. He is now chief science advisor for the company, having taken a role as Director of AI Research at Facebook in New York while continuing his professorship at NYU.
Element is announcing a $12 million Series A round, led by PTB Ventures and GDP Ventures, with David Fields of PTB and On Lee of GDP joining the company’s board of directors. Earlier investors of the company included Pandu Sjahrir, Scott Belsky, Box Group, and Recruit Strategic Partners.
While technologies like Apple’s Touch ID and Face ID systems have popularized biometric identity, neither of these were around when Element got started. The early years of the company were devoted to solving critical technical challenges. Wireless connectivity can be limited in many developing countries, which meant that identities had to be local to the device in order to be useful. That also meant that the platform couldn’t be a cloud infrastructure solution, since identity information had to be processed on the device.
Furthermore, given the quality of hardware available, data had to be extremely compressed to be useful, and the machine learning algorithms couldn’t use too much compute power since a low-powered Android device wouldn’t be able to execute an identity match quickly enough to provide a good user experience.
That’s where LeCun’s deep expertise in neural nets, and particularly in areas like optical character recognition, came in handy. The Element team managed to reduce the amount of data required to store the identity of a single person down to about two kilobytes, according to the company.
The next challenge the company faced in building out its platform was security. Identity data, particularly biometrics, is a major security challenge, but it was exacerbated by the fact that devices would often be shared between users. A single device at a bank, for instance, might service thousands of users, all of which need independent, secured data. The company said that these security challenges have been designed into the core of the system.
Ultimately, the company’s platform lives as an SDK behind the mobile apps of its partners. It provides not only the identity layer itself, but also a secure data infrastructure that allows records such as bank accounts and medical files to be connected to the underlying identity.
Element is targeting the developing world, and Perold tole me he spends more than half of his time traveling to Southeast Asia and Africa building partnerships and doing research on how the company’s technology can improve critical social services. Among the company’s signed partnerships is Telekom Indonesia, which as the service provider for 180 million subscribers, is one of the key connections between people and their identity in that fast-growing economy.
Another partnership formed by the company is with the Global Good Fund, a joint venture between Bill Gates and Intellectual Ventures. That project works to create better biometric identities for newborns and infants, which is critical for health outcomes. The company is working with icddr,b and the Angkor Hospital for Children in Cambodia to build out the program.
In addition to the lead investors, the company received strategic venture capital investments from Bank BCA (via Central Capital Ventura), Bank BRI, Telkom Indonesia (via MDI Ventures), and Maloekoe Ventures.
Correction: The Global Good Fund is a joint venture with Bill Gates, not the Gates Foundation.
Powered by WPeMatico
OKCupid’s users are angry – very, very angry. Just ahead of the new year, the company made a radical change to its policies, and now requires people to use real names instead of an OKCupid username, as before. The change eliminates one of the biggest differentiators between the dating app and rivals like Tinder and Bumble, which have users log in via Facebook in order to use their… Read More
Powered by WPeMatico
Malicious hackers and security breaches that have exposed personal information of millions of people have pushed the issue of online security into the spotlight, not just for individuals but for organizations that do business with them. Now a company called Onfido, which has built a way to help websites verify people’s identities using a photo-based identity document, a selfie and… Read More
Powered by WPeMatico
SAP, the German enterprise software giant, today announced an acquisition to strengthen its hybris e-commerce division. It has acquired Gigya, a firm that helps online properties manage customer identities and profiles. Terms of the deal have not been disclosed officially, but our sources tell us it is for $350 million. This was the same figure that was reported yesterday when the news leaked… Read More
Powered by WPeMatico