As he watched Salesforce.com’s cloud services really take off around a decade ago, Okta CEO Todd McKinnon recalls that he and his colleagues soon realized that literally every aspect of enterprise technology was going to be overturned by the promise of cloud computing. McKinnon, who oversaw software development at Marc Benioff’s company until 2009, then noticed that this explosion in cloud services was catching many CIOs off guard.
“They didn’t know what they had,” McKinnon said in a recent interview. “There was no rhyme or reason to what they had, and there was no security.”
McKinnon, who will be one of our featured speakers at Structure Security this September, has turned that realization into one of the hottest companies in security and cloud computing at the moment and a likely IPO candidate right around the time of the conference. Okta, which has around 800 employees, helps companies develop ways to better secure their cloud applications with identity management technology, and CIOs are responding.
“We enable companies to roll out services and applications faster,” said McKinnon, who co-founded the company in 2009 along with current COO Frederic Kerrest, another Salesforce alum.
Once a CIO has even figured out which cloud services his or her employees are using — which was sometimes no small feat in the era of rogue IT — the next step is to make sure those employees are following proper security practices while logging into and using those applications. Single sign-on and identity management technology has been around for a while, but products like Microsoft’s Active Directory were built for a different era of computing.
“It was like, ‘my 20 years of (security and identity management) stuff doesn’t work,’” McKinnon said, quoting the CIOs he talked to in the early days of Okta as they struggled with balancing the need to provide their employees with state-of-the-art cloud services while ensuring that company data was being used properly inside those services. And it’s not just employees: a lot of companies have close partnerships with other companies that require data sharing in cloud apps, and even if you’ve locked down your own data, there’s no guarantee that the company on the other side of your partnership is as diligent.
That’s part of the problem that has allowed Okta to thrive: the original internet protocols designed in that era of computing didn’t have secure identity services built directly into the protocol, McKinnon said. SSL helped amend this situation, but that only addressed server-side identity, not user identity.
So we’re stuck with usernames and passwords as the primary authentication process in just about every web service we use, and managing those passwords is pretty difficult for people who aren’t software engineers or information security professionals. That has a lot of ramifications in our personal computing lives, and CIOs and CISOs are looking for ways to securely use the cloud services that have allowed companies to get off the ground with a fraction of the investment once required to scale a technology company.
Several large, complex technology organizations have adopted Okta’s products and services, including MGM Resorts, Western Union, and Dish Network. The company has raised around $230 million in funding at a valuation that grants it unicorn status, and is widely expected to be planning for an IPO at some point in 2016. (McKinnon won’t talk about these plans right now, of course, but maybe we can wrangle more out of him at Structure Security.)
McKinnon and Okta would like to build a better protocol for managing identity on the internet, but that is going to take a while. Smartphones can do a lot of interesting things to verify and manage identity data, and machine learning is allowing companies like Okta to try different strategies to manage the back end of identity verification and quickly spot problems or opportunities. A consumer identity management or password manager isn’t on the product roadmap right now, he said, but Okta is focused on connections.
“At work, we’re making a lot of progress, people have less passwords at work because of us,” McKinnon said. He believes, however that he opportunity is bigger than just your work dashboards; it’s likely there are lots of great ideas for products and services that haven’t taken off because of cumbersome identity verification technology.
Join Okta CEO Todd McKinnon at Structure Security this September 27th and 28th at the Golden Gate Club in San Francisco. More details about the event are available here, and you can register for tickets here.