kras99 - stock.adobe.com
Okta makes AI identity play with Axiom acquisition
Okta says Axiom Security’s technology will reinforce its own offerings in privileged access management, especially when it comes to the growing number of non-human identities
Identity technology supplier Okta is to acquire Axiom Security, a supplier of privileged access management (PAM) for cloud, database, software-as-a-service (SaaS) and other critical resources, to reinforce its own offerings in this area.
The acquisition will see Axiom’s core technology integrated into Okta Privileged Access, which the buyer says will expand access controls across more sensitive resources so that its customers can, in turn, strengthen their own security fabric.
Okta claimed privileged access controls will form a key defensive layer to mitigate risks related to artificial intelligence (AI) as more of its customers bring AI projects into their workflows.
The supplier believes that many organisations are not giving sufficient regard to these risks. Its recent AI at work survey – which quizzed almost 300 C-suite executives in nine countries, including the UK – found that only 10% of respondents had a “well-developed” strategy for managing so-called non-human identities, or NHIs.
“In today’s dynamic cloud environment, manually managing these permissions can quickly become chaotic, leading to significant security risks, compliance gaps and operational inefficiencies,” observed Okta’s chief technology officer (CTO) and head of engineering, Abhi Sawant.
“With the introduction of a common NHI – AI agents – into the enterprise, businesses are struggling to ensure there is still visibility, security and governance for these unique privileged account types.
“Outdated or traditional PAM platforms that aren’t built with the flexibility and neutrality needed to manage permissions for the non-human workforce will lead to greater security risks,” he added.
According to Sawant, this is just one among many reasons that enterprises should consider deploying identity security fabrics – that is to say, architectures that can appropriately manage newfangled NHIs, as well as more traditional flesh-and-blood ones.
New functionality
In the coming months, Okta plans to introduce multiple Axiom-derived functionalities into its Privileged Access service.
These will include unified controls to offer a single-point-of-admin for privileged access across all privileged resources, whether on-premise or cloud-based, and just-in-time access, a potentially critical capability that eliminates standing privileges and replaces them with time-limited access, reducing operational overhead and risks by automating permissions for elevated access in environments such as Amazon EKS, GitHub, PostgreSQL or Snowflake, to name but a few.
At the same time, Okta hopes to spin up AI-based application connector builder capabilities, exploiting AI to provide more security coverage across environments, while also using Axiom to extend secure access capabilities to databases and Kubernetes.
Securing agents a hot topic
Another product of Israel’s booming security development ecosystem, Axiom was co-founded four years ago by Itay Mesika and Ilan Dardik, who, like many cyber entrepreneurs, met during their military service. The firm has attracted around $10m in funding in the past couple of years, including a $7m seed round in 2022.
Still operating very much in its scaleup phase, Axiom counts multiple software companies among its customers, including corporate travel management platform Navan, and some cyber security names, including cloud security specialists Orca Security and Varonis.
The financial terms of the acquisition were not disclosed, but according to Israeli media reports, the deal may value Axiom somewhere around $75m (£56m).
The deal comes hot on the heels of Palo Alto Networks’ far larger bid for CyberArk, which similarly focused on incorporating more identity and PAM expertise into the buyer’s security platform with the intent of better protecting autonomous AI agents.
Read more about privileged access management (PAM)
- Cloud PAM helps organisations manage access to privileged accounts to keep cloud data and applications secured. Is it right for you?
- CyberArk CIO Omer Grossman talks up the company’s security-first ethos, the importance of an assumed breach mentality and how the company is addressing threats from the growing use of AI.
- Identity has replaced network boundaries as today’s security perimeter. Organisations must focus on protecting digital identities to safeguard their assets.
