okta
Auto Added by WPeMatico
Auto Added by WPeMatico
End users tend to get a bad rap in the security business because they are often the weakest security link. They fall for phishing schemes, use weak passwords and often unknowingly are the conduit for malicious actors getting into your company’s systems. Okta wants to change that by giving end users information about suspicious activity involving their login, while letting them share information with the company’s security apparatus when it makes sense.
Okta actually developed a couple of new products under the umbrella SecurityInsights. The end user product is called UserInsights. The other new product, called HealthInsights, is designed for administrators and makes suggestions on how to improve the overall identity posture of a company.
UserInsights lets users know when there is suspicious activity associated with their accounts, such as a login from an unrecognized device. If it appears to involve a stolen password, he or she would click the Report button to report the incident to the company’s security apparatus where it would trigger an automated workflow to start an investigation. The person should also obviously change that compromised password.
HealthInsights operates in a similar fashion, except for administrators at the system level. It checks the configuration parameters and makes sure the administrator has set up Okta according to industry best practices. When there is a gap between the company’s settings and a best practice, the system alerts the administrator and allows them to fix the problem. This could involve implementing a stricter password policy, creating a block list for known rogue IP addresses or forcing users to use a second factor for certain sensitive operations.
Health Insights Report. Image: Okta
Okta is first and foremost an identity company. Organizations, large and small, can tap into Okta to have a single sign-on interface where you can access all of your cloud applications in one place. “If you’re a CIO and you have a bunch of SaaS applications, you have a [bunch of] identity systems to deal with. With Okta, you narrow it down to one system,” CEO Todd McKinnon told TechCrunch.
That means, if your system does get spoofed, you can detect anomalous behavior much more easily because you’re dealing with one logon instead of many. The company developed these new products to take advantage of that, and provide these groups of employees with the information they need to help protect the company’s systems.
The SecurityInsights tools are available starting today.
Powered by WPeMatico
Every founder knows you gotta find market fit. Almost no one gets it right on the first try, which means iterating quickly and decisively is the difference between greatness and the void.
On the Extra Crunch stage at TechCrunch Disrupt SF, we have a jam-packed panel filled with leading product builders to discuss just how founders should think about launching and iterating their products.
First, we have Ravi Mehta, chief product officer at dating app Tinder . Before Tinder, he was a product director at Facebook and a vice president of product at TripAdvisor, in addition to a host of other product-related roles. Mehta brings years of consumer products experience to the panel, and will talk about the specific needs of social and network-based products.
Second, we have Manik Gupta, chief product officer at transportation and delivery company Uber . Before becoming product chief, he led Uber’s Marketplace and Maps products, and spent years at Google as a leading PM for Google Maps. He brings a deep background on building popular consumer apps, and also instrumenting those apps with location and consumer data.
Third, we have Diya Jolly, chief product officer of identity management platform Okta . Before Okta, she led product for Google’s home products like Nest as well as YouTube’s monetization efforts, and also held product roles at Microsoft and Motorola. She brings a hybrid background in enterprise and consumer product design, and will be able to speak about the varying challenges different types of users bring to bear on a product.
Finally, we have Robby Stein, a director of product management at Instagram where he leads the consumer team in charge of Stories, Feed, Messaging, Camera, and Profile. Before Facebook/Instagram, he held a senior product role at Yahoo, which acquired his startup Stamped, and was also a PM at Google. He brings a cross-over product perspective between startups and larger tech companies that will enrich our conversation.
We’re amped for this conversation, and we can’t wait to see you there! Buy tickets to Disrupt SF here at an early-bird rate!
Did you know Extra Crunch annual members get 20% off all TechCrunch event tickets? Head over here to get your annual pass, and then email extracrunch@techcrunch.com to get your 20% discount. Please note that it can take up to 24 hours to issue the discount code.
Powered by WPeMatico
Big companies today may want to look and feel like startups, but when it comes to the way they approach buying new enterprise solutions, especially from new entrants, they still often act like traditional enterprise behemoths. But from the standpoint of a true startup, closing deals with just a few big customers is critical to success. At our much-anticipated inaugural TechCrunch Sessions: Enterprise event in San Francisco on September 5, Okta’s Monty Gray, SAP’s DJ Paoni, VMware’s Sanjay Poonen and Sapphire Venture’s Shruti Tournatory will discuss ways for startups to adapt their strategies to gain more enterprise customers (p.s. early-bird tickets end in 48 hours — book yours here).
This session is sponsored by SAP, the lead sponsor for the event.
Monty Gray is Okta’s senior vice president and head of Corporate Development. In this role, he is responsible for driving the company’s growth initiatives, including mergers and acquisitions. That role gives him a unique vantage point of the enterprise startup ecosystem, all from the perspective of an organization that went through the process of learning how to sell to enterprises itself. Prior to joining Okta, Gray served as the senior vice president of Corporate Development at SAP.
Sanjay Poonen joined VMware in August 2013, and is responsible for worldwide sales, services, alliances, marketing and communications. Prior to SAP, Poonen held executive roles at Symantec, VERITAS and Informatica, and he began his career as a software engineer at Microsoft, followed by Apple.
SAP’s DJ Paoni has been working in the enterprise technology industry for over two decades. As president of SAP North America, Paoni is responsible for the strategy, day-to-day operations and overall customer success in the United States and Canada.
These three industry executives will be joined onstage by Sapphire Venture’s Shruti Tournatory, who will provide the venture capitalist’s perspective. She joined Sapphire Ventures in 2014 and leads the firm’s CXO platform, a network of Fortune CIOs, CTOs and digital executives. She got her start in the industry as an analyst for IDC, before joining SAP and leading product for its business travel solution.
Grab your early-bird tickets today before we sell out. Early-bird sales end after this Friday, so book yours now and save $100 on tickets before prices increase. If you’re an early-stage enterprise startup you can grab a startup demo table for just $2K here. Each table comes with four tickets and a great location for you to showcase your company to investors and new customers.
Powered by WPeMatico
Since it was founded in 2009, Okta has been focused on protecting identity — first for individuals in the cloud, and later at the device level. Today at its Oktane customer conference, the company announced a new level of identity protection at the server level.
The new tool, called Advanced Server Access, provides identity management for Windows and Linux Servers, whether they are in a data center or the cloud. The product supports major cloud infrastructure vendors like Amazon Web Services, Microsoft Azure and Google Cloud Platform, and gives IT the ability to protect access to servers, reduce the likelihood of identity theft and bring a level of automation to the server credential process.
As company founder and CEO Todd McKinnon points out, as every organization becomes a technology company building out their own applications, protecting servers becomes increasingly critical. “Identity is getting more and more important because there is more technology and zero trust in the network. You need to manage identity not just for users or devices. We are now applying our identity [experience] to the most critical resources for these emerging tech companies, their servers,” he said.
McKinnon explained that developers typically communicate with Linux servers via the SSH protocol. It required logging in of course, even before today’s announcement, but what Okta is doing is simplifying that in the same way it simplified logging into cloud applications for individuals.
People’s roles change over time, but instead of changing those roles at the identity layer to allow access to the server, in a typical shop the development or operations team creates an admin account with a superset of permissions and simply shares that. “That means the admin account has all the permissions, and also means they are sharing these credentials,” he said. If those credentials get stolen, the thief potentially has access to the entire universe of servers inside a company.
Okta’s idea is to bring a level of automation to the server identity management process, so that users maintain their own individual credentials and permissions in a more automated fashion, even as roles change across the entire server infrastructure a company manages. “It’s continuous, automatic, real-time checking of the state of the machine, and the state of the user and the permissions that makes it far more secure,” he said.
The tool is continuously monitoring this information to make sure nothing has changed such as another machine has taken over, avoiding man-in-the-middle attacks. It’s also making sure that there is no virus or malware, and that the person who is using the machine is who they say they are and has access at the level they are using it.
Okta went public almost exactly two years ago, and it needs to keep finding ways to expand its core identity services. Bringing it to the server level as this new product moves the idea of identity management deeper into a technology stack, and McKinnon hinted the company isn’t done yet.
“You might not think of server access as an identity opportunity, but the way we do it will make it clear that it really is an opportunity, and the same can be said for the next several innovations we will have after this,” he said.
Powered by WPeMatico
During its earnings report yesterday afternoon, Okta announced it intends to acquire Azuqua, a Seattle, Wash. workflow automation startup, for $52.5 million.
In a blog post announcing the news, Okta co-founder and COO Frederic Kerrest saw the combining of the two companies as a way to move smoothly between applications in a complex workflow without having to constantly present your credentials.
“With Okta and Azuqua, IT teams will be able to use pre-built connectors and logic to create streamlined identity processes and increase operational speed. And, product teams will be able to embed this technology in their own applications alongside Okta’s core authentication and user management technology to build…integrated customer experiences,” Kerrest wrote.
In a modern enterprise, people and work are constantly shifting and moving between applications and services and combining automation software with identity and access management could offer a seamless way to move between them.
This represents Okta’s largest acquisition to-date and follows Stormpath almost exactly two years ago and ScaleFT last July. Taken together, you can see a company that is trying to become a more comprehensive identity platform.
Azuqua, which has raised $16 million since it launched in 2013, appears to have given investors a pretty decent return. When the deal closes, Okta intends to move the Azuqua team to its Bellevue offices, increasing its presence in the Northwest. Okta’s headquarters are in San Francisco. Azuqua customers include Airbnb, McDonald’s, VMware and HubSpot,
Okta was founded in 2009 and raised over $229 million before going public April, 2017.
Powered by WPeMatico
Okta, the Nasdaq-listed cloud identity management company, has recruited former Charles Schwab chief marketing officer Becky Saeger to its board of directors. The latest appointment comes one month after the company named Shellye Archambeau, former chief executive officer of MetricStream, to its board.
Saeger becomes Okta’s third female board member. Michelle Wilson, a former senior vice president and general counsel at Amazon, joined the company’s board in 2015. According to data collected by Women on Boards, women hold just over 17 percent of corporate board seats, up from 16.0 percent in 2017.
“A board is there for a few reasons,” Okta co-founder and CEO Todd McKinnon told TechCrunch. “One is to oversee a company’s management and strategy. A company like Okta is in a fast-growing industry and there is too much of a tendency for groupthink. You need someone around you to question the basis of what you’re thinking about.”
McKinnon has spoken openly about his commitment to diversity. In a letter to employees in early 2017, for example, he denounced President Donald Trump’s temporary ban on refugee admissions to the U.S. “Diversity of thought and experience are fundamental values at Okta, that includes religious beliefs, gender diversity, sexual orientation and political views,” he wrote. “No matter who you voted for, our opposition to this policy is not just about our business — it is also about our belief in the American freedoms and protections that have made our country so innovative and accepting of those most in need.”
Okta’s C-suite, though majority male, includes chief customer officer Krista Anderson-Copperman, executive vice president and chief of staff Angela Grady, and chief people officer Kristina Johnson.
Saeger, who McKinnon chose for her marketing and financial services acumen, also sits on the board of E*TRADE, an online broker.
“I am excited about the notion that as this company grows and evolves, the brand can become more visible and more meaningful,” Saeger told TechCrunch.
Headquartered in San Francisco, Okta debuted on the stock exchange in April 2017, closing up 38 percent on its first day of trading.
Powered by WPeMatico
Okta, the cloud identity management company, announced today it has purchased a startup called ScaleFT to bring the Zero Trust concept to the Okta platform. Terms of the deal were not disclosed.
While Zero Trust isn’t exactly new to a cloud identity management company like Okta, acquiring ScaleFT gives them a solid cloud-based Zero Trust foundation on which to continue to develop the concept internally.
“To help our customers increase security while also meeting the demands of the modern workforce, we’re acquiring ScaleFT to further our contextual access management vision — and ensure the right people get access to the right resources for the shortest amount of time,” Okta co-founder and COO Frederic Kerrest said in a statement.
Zero Trust is a security framework that acknowledges work no longer happens behind the friendly confines of a firewall. In the old days before mobile and cloud, you could be pretty certain that anyone on your corporate network had the authority to be there, but as we have moved into a mobile world, it’s no longer a simple matter to defend a perimeter when there is effectively no such thing. Zero Trust means what it says: you can’t trust anyone on your systems and have to provide an appropriate security posture.
The idea was pioneered by Google’s “BeyondCorp” principals and the founders of ScaleFT are adherents to this idea. According to Okta, “ScaleFT developed a cloud-native Zero Trust access management solution that makes it easier to secure access to company resources without the need for a traditional VPN.”
Okta wants to incorporate the ScaleFT team and, well, scale their solution for large enterprise customers interested in developing this concept, according to a company blog post by Kerrest.
“Together, we’ll work to bring Zero Trust to the enterprise by providing organizations with a framework to protect sensitive data, without compromising on experience. Okta and ScaleFT will deliver next-generation continuous authentication capabilities to secure server access — from cloud to ground,” Kerrest wrote in the blog post.
ScaleFT CEO and co-founder Jason Luce will manage the transition between the two companies, while CTO and co-founder Paul Querna will lead strategy and execution of Okta’s Zero Trust architecture. CSO Marc Rogers will take on the role of Okta’s Executive Director, Cybersecurity Strategy.
The acquisition allows the Okta to move beyond purely managing identity into broader cyber security, at least conceptually. Certainly Roger’s new role suggests the company could have other ideas to expand further into general cyber security beyond Zero Trust.
ScaleFT was founded in 2015 and has raised $2.8 million over two seed rounds, according to Crunchbase data.
Powered by WPeMatico
Consider that there are millions of Okta users out there using the service to sign into their company applications with a single set of credentials. Yet getting customers to work together using Okta authentication was an enormous task for developers. Okta wanted to simplify it, so they created a service they are calling it ‘Sign in with Okta.’
The new API allows developers to add a few lines code and give Okta customers the ability to sign into one another’s websites in a similar way that OAuth allows you to use your Google or Facebook credentials to sign onto consumer sites.
Frederic Kerrest, COO and co-founder at Okta, says the ‘Sign in with Okta’ uses an extension of OAuth called OpenID Connect, which his company has been supporting since 2016. He says the new service gives customers the ability to expand the use of their Okta credentials beyond their own set of internal applications to sign into customer and partner sites. This extends the Okta functionality and brand and helps to make it a kind of standard way of logging in (or that’s the hope).
When developers add this functionality, the user sees a “Sign in with Okta” button on the website or service they are accessing. They can then use their Okta login to get into these sites under whatever rules the site owner has defined.
Site with ‘Sign in with Okta’ button. Photo: Okta
While Okta has provided APIs for developers prior to today, they didn’t provide a package like this that simplifies the process. This forced developers to use the SAML standard to make it work. While there’s nothing wrong with this approach, it can be time-consuming and put a lot of burden on developers to write software and connectors, while updating and maintaining them, Kerrest explained. This removes all of that complexity from the process.
This means that when two businesses are on Okta, they can trust one another because they do business together, and instead of setting up the SAML connection, a process that could take days, they can do it an hour with the Okta API tool, according to Kerrest.
“[Sign in with Okta] is a much easier way for customers or partners to seamlessly integrate into our environment. They could do it before, but we are ‘widgetizing’ it now,” he said.
Powered by WPeMatico
Okta and fellow cloud company ServiceNow got together to build an app that helps ServiceNow customers using their security operations tools find security issues related to identity and take action immediately.
The company launched the Okta Identity Cloud for Security Operations app today. It’s available in the ServiceNow app store and has been designed for customers who are using both… Read More
Powered by WPeMatico