Okta today announced it was expanding its platform into several new areas. Up to this point, the company has been known for its identity access management product, allowing companies to sign onto multiple cloud products with a single sign-on. Today, the company is moving into two new areas: privileged access and identity governance.
Privileged access allows companies to provide access on an as-needed basis to a limited number of people to vital administrative services inside a company. This could be your database or your servers, or any part of your technology stack that is highly sensitive and where you want to control who can access these systems tightly.
Okta CEO Todd McKinnon says that Okta has always been good at locking down the general user population’s access to cloud services like Salesforce, Office 365, and Gmail. What these cloud services have in common is you access them via a web interface. Administrators access the specialty accounts using different protocols. “It’s something like a secure shell, or you’re using a terminal on your computer to connect to a server in the cloud, or it’s a database connection where you’re logging in with a SQL connection, or you’re connecting to a container which is the Kubernetes protocol to manage the container,” McKinnon explained.
Privileged access offers some critical features, including limiting access to a given time window and recording a session video. Hence, there is an audit trail of exactly what happened while someone accessed the system. McKinnon says these features provide additional layers of protection for these sensitive accounts.
He says it will be pretty trivial to carve out these accounts because Okta has already divided users into groups and can only give these special privileges to those in the administrative access group. The challenge was figuring out how to access these other kinds of protocols.
The governance piece provides a way for security operations teams to run detailed reports and look for identity-related issues. “Governance provides exception reporting so you can give that to your auditors, and more importantly, you can give that to your security team to make sure that you figure out what’s going on and why there is this deviation from your stated policy,” he said. Combined with the $6.5 billion acquisition of Auth0 last month, all of this is part of a larger plan by the company to be what McKinnon calls the identity cloud. He sees a market with several strategic clouds and believes identity will be one of them.
“Because identity is so strategic for everything, it’s unlocking your customer access; it’s unlocking your employee access, keeping everything secure. And so this expansion, whether it’s customer identity with zero trust or doing more on the workforce identity with not just access, but privileged access and identity governance. It’s about identity evolving in this primary cloud,” he said. While both new products were announced today at the company’s virtual Oktane customer conference, they won’t be generally available until the first quarter of next year.