![]() Up until now, I couldn't tell what Okta wanted to do these products. But ever since it released, that product does not seem to be in the limelight at all, leaving Advanced Server Access to be the only focus. Does Okta want to be a vital picks-and-shovels component to Zero Trust partners, or enter this market itself? Access Gateway, in particular, happened to directly compete with partners like Zscaler ZPA and Cloudflare Access. I once noted how odd it seemed that Okta didn't embrace the term "Zero Trust" in its marketing of those 2 products, while ScaleFT clearly did. ![]() It acquired ScaleFT in Jul-18 for its Zero Trust capabilities across 2 products: Access Gateway (Zero Trust for app access) and Advanced Server Access (Zero Trust for infrastructure access). In comparison, Okta doesn't quite seem to know where it wants to go with Zero Trust. Over the past year, CrowdStrike has positioned itself as a cooperative partner to Zero Trust platforms, with an integration platform called Zero Trust Assessment (ZTA) announced in Oct-20, and then a further deepening of its partnership with Zero Trust partners like Zscaler and Cloudflare in Mar-21. However, I believe some of Okta's feature set is beginning to be sidestepped by its Zero Trust partners, such as how those platforms can create their own single sign-on interfaces, where a user first establishes identity (via IAM), and can then access the various services they have rights to under Zero Trust (potentially side stepping Okta's SSO). And Zero Trust is only becoming more and more important, as shown in the recent US Federal Executive Order, and the constant barrage of news covering breaches and attacks. ![]() This alone will keep it highly successful for a long time, as the platform provides a vital need for this new security paradigm. Via its Integration Network, enterprise customers can more easily manage access to every SaaS service they utilize through a single sign-on (SSO), can tie into Okta's platform further to not only track users and access rights (Universal Directory), but can also automate the provisioning of users and changing of access rights as the workforce adjusts (Lifecycle Mgmt).Īs mentioned in my recent Zero Trust writeups, it has major tailwinds from being a vital picks-and-shovels play to Zero Trust & SASE Network platforms. It has a unique vision into the usage patterns over enterprise SaaS, which it presents every January in a report called Business Work. Okta has always been a major gateway for users to access enterprise SaaS platforms. Also in Jun-21, I covered how the White House EO is giving a green light to Zero Trust - which Okta is well positioned for (at FedRAMP Moderate). More recently, in Jun-21, I covered Okta as a picks-and-shovels play in the Zero Trust ecosystem, detailing how they are further expanding their Threat Insight into a Risk Engine that other security partners can both tap into and enrich.Then, a few months later in Jul-20, they deepened a cross-cutting Zero Trust security partnership between CrowdStrike, Netskope (for SWG & Zero Trust) and Proofpoint (email & human security). They also added device risk as a signal in Threat Insight, via their expanded EPP/EDR partnerships. At the time, they seemed heavily focused on adapting their platform into becoming building blocks around identity workflows (with Platform Services, and no-code Workflows), which is great for improving the stickyness of the platform, but utimately isn't resulting in new revenue streams. In Apr-20, I uncovered a few insights from Oktane20.Okta has had varying degrees of success on those, which I believe has ultimately lead to its declining top line. At the time, I predicted Okta would move into IGA (governance), UEBA (behavioral analytics), PAM (Zero Trust access to servers), and IAP (Identity Access Proxy, a form of Zero Trust over web apps). Later in Oct-19, Okta was one of the top 4 companies I focused upon in my Flavors of Security series, and the next wave of hypergrowth within the cybersecurity industry. In Apr-19, Okta was my first tech deep dive, driving into what identity means in security.Yet at the same time, I see a lot to be excited about as Zero Trust is more adopted.Ī quick stroll through my prior coverage: ![]() Beyond (or, perhaps, behind) the faltering top line growth, I see a few platform and product concerns that I wanted to detail further. Over the past year, I have been reducing my position as the top-line growth has waned, finally exiting the position this past May. This company is so well positioned from its technology stance, but the financials tell a slightly different story - it has been slowly leaving its hypergrowth behind, and is now entering its next phase around profitability. I first bought into Okta in Oct-18, and have followed it extensively since.
0 Comments
Leave a Reply. |