Okta to developers: get identity out of shadow IT

Cloud identity authentication specialist Okta has used its Oktane 2017 conference and exhibition to attempt to explain how software application developers should approach identity as a key element of user (and device) authentication control in the way modern applications are being built.

The firm is aiming to make its Okta Identity Cloud the ‘linchpin’ that brings together the tools and services needed to bring these controls forward into developers’ toolsets and application lifecycle controls.

Out of shadow

It is, if you will, a call to bring identity out of so-called ‘shadow IT’ and bring it forward into all development.

As a means of underlining the importance of secure access to data, devices, datsets and data channels Okta featured Megan Smith as a keynote speaker. Smith was the USA’s 3rd working chief technology officer under President Obama. Smith spoke volubly on the challenges she had seen working inside the administration and presented a view on how identity could/should form part of the way IT systems (in particular those that might be deployed in contemporary smart city environments) are now developed.

The assertion (and yes, it’s a big claim) from Okta is that properly controlled identity authentication functions can help with eight key technology zones (comments in bullets from CWDN):

  • Modernize enterprise IT (yeah, that thing everybody says)
  • Reduce IT friction (systems not interconnecting)
  • Be agile during M&A (i.e. the ability to keep working securely if one happens)
  • Build 100% cloud and mobile IT (a given, but it has to be said)
  • Secure workforce (what good identity authentication should lead to)
  • Work with partners (when identity controls have to sit inside other apps)
  • Enable mobile workforce (cheeky, we’ve already had mobile above)
  • Protect against data breaches (an all encompassing comment on what identity is there for)

As a tangential note here, it is interesting to look at who (in the media) picks up on Okta stories, that is – is it ‘cloud computing’ media or ‘security’ press. Interestingly, it is a mix of the two. Given that Okta never describes itself as a security company per se, this is perhaps logical.

A digital front door

If we look at the application of identity more widely, it can be applied to all objects that we own and interact with. What happens now, in the digital world, is that our ‘things’ have an identity stamp to denote that we own them and they are part of our authenticated identity sphere.

Look back at your physical front door key and you can see that this is an identity pass, in a sense, because it opens access, but it does not have the ability to know who its owner is — in the future, with digital front doors and digital keys, each devices will carry data to denote the identity of its owner.

By way of further clarification on this point, an Oktane 2017 speaker from Dignity Health (Dr Shez Partovi) referred to the ‘rotary circular dial’ phones of yesteryear.

“You really can’t optimise a rotary phone, you have to [digitally] transform it,” said Partovi.

We can see perhaps from this comment that the application of identity authentication for developers is something that will need to be a process of significant re-engineering. Okta will tell us that it’s platform makes things easy in the face of this complexity, but we know that’s the corporate mantra by now.

A common identity core

Looking forward then, what Okta of course hopes is that software application developers now start to engineer-in and architect-in enough of these technologies to build what could be called a ‘common identity core’ in the future.

The suggestion here from Okta is that now is the time for identity authentication to come out of wider systems design (and its existence in shadow IT) and become a formal dedicated control that all developers understand, use and implement.

Okta’s position as a dedicated identity player in the identity space has drawn comparatively little questioning at the moment, it will be pleasing to see how the rest of the industry reacts to its technology proposition and interacts with this technology.

With show partners including Fuze, Zylo, ServiceNow, Google, Box, Palo Alto Networks and F5 (and more) all signed up to drink the identity Kool-Aid, the industry appears (for now at least) to really be listening.


Okta Oktane: who knew ‘identity’ was so much fun?


Girls Who Code: speaker at Okta Oktane 2017

Girls Who Code: speaker at Okta Oktane 2017

“We have to close the gender gap so we don’t leave powerful technical solutions on the sidelines,” said Reshma Saujani on #womenintech at Oktane.