Okta pushes for open digital identity standard

Todd McKinnon, CEO of Okta

LAS VEGAS—Kicking off its annual Oktane event here, Okta outlined its vision for the future of identity in the security space Wednesday. It made the case that identity is fundamental to security, is under attack, and needs to be rethought.

In his keynote presentation, CEO Todd McKinnon said that over 80 percent of all breaches involve compromised identity, either in the initial breach or in how a bad actor makes lateral moves inside the network.

“Identity is what makes you. It’s a reflection of you personally and professionally, the entry point to the digital work,” McKinnon told attendees. “It can make every interaction with technology faster, smarter, and more secure. It can be a powerful force for good, but it’s under attack.”

McKinnon argued that the industry has to “fundamentally re-evaluate” how it thinks about identity and announced it is learning the charge by introducing a new standard. It works with the OpenID Foundation, partners, and competitors to define and bring to market the Interoperability Profile for Secure Identity in the Enterprise, or IPSIE. In short, IPSIE would act as a “common language” for applications, devices, and systems to address identity issues, including the ability to broadcast suspicious activity and reject connections that any IPSIE-compliant part of the infrastructure determines are out of line.

He said the goal is to “codify” how identity is handled in every device, application, workload, or system that a user touches so that any application can be written to handle identity automatically.

“It has to be fast, complete, and offer end-to-end visibility,” McKinnon said. “It has to be fewer calories — it has to be cheaper and easier. In security, complexity kills.”

He touted Okta’s role in advancing standards since the company’s early days, as it has been involved in such pushes as SAML, OpenID Connect, and WS-Fed.

While the standard is still in development, McKinnon said customers could get a bit of a “preview” in the form of 125 new integrations between Okta and major SaaS and business apps, including Microsoft Office 365, Google and Slack. He said that by using those integrations, applications will “behave the same as if everything is IPSIE-compliant.”

McKinnon called for help from customers and partners to understand the standard, “believe in it and dig in,” and offer feedback as the working group develops the final standard. He called on app builders to adhere to IPSIE principles, and for IT buyers, he asked them to “make sure your vendors are IPSIE-compliant or on that path.”

“We have to make it easy for every company, no matter how big or small,” McKinnon said.

Supporting that effort, McKinnon outlined a new Secure Identity Assessment service to help customers understand where they’re at and provide a path to identity management best practices across the enterprise. These services will be delivered by Okta and by partners alike. However, partners may take the Okta methodology and expand upon it, such as offering a broader security posture assessment that includes identity. The goal, the company said, is to ensure customers have “a holistic view” of their identity security posture.

“We believe we need to do this because if every company is a secure identity company, the first step is understanding how you’re doing,” said Harish Peri, senior vice president of product marketing at Okta.

McKinnon brought the message home with the company’s broad goal: eliminate identity-based attacks. 

“What an amazing accomplishment that would be, what a better future,” he said. “It would free everyone to safely use any technology.”

Robert Dutt

Robert Dutt is the founder and head blogger at ChannelBuzz.ca. He has been covering the Canadian solution provider channel community for a variety of publications and Web sites since 1997.