SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Interview: Okta on identity management & single source cloud control
Thu, 2nd Nov 2017
FYI, this story is more than a year old

Graham Pearson is rejuvenating the identity management market in Australia. He is the regional Vice President of APAC for Okta — an enterprise-level identity management service headquartered in America.

“We started Australian operations at my kitchen table. We now lease 750 square-metres overlooking the Sydney Harbour Bridge. That was done through organic growth — a solid work ethic and a great product. From my perspective, the main hurdle was re-education. Identity and access management had essentially developed a ‘dirty name' in Australia.

Over the last decade, people had spent millions of dollars on the implementation of faulty products. But, that was also the reason that our arrival — and ability to actually provide a master tool capable of securing user access, provisioning and de-provisioning employees and serving as that secure identity layer in other organisations' applications — allowed us to grow at such a rapid pace.

Graham began the Okta-Australian spearhead in 2014 — joining the company with nearly two decades of IT experience, most recently with Oracle. Robin Block from MitchelLake sat down with Graham to talk about how Okta has changed the Australian identity management market, how he is handling explosive growth and the future of the company.

What does Okta do, and why is it so important?

Graham: The iPhone is only 10 years old — now you can't live without one. That change has led to the adoption of working practices that have transformed the threat landscape. The fact that you now have the ability to do your job sitting in a café means your access of applications in the cloud has to be secure. The right person needs to access the right information at the right time according to the policies set up by the organisation.

What you don't want is to have an individual username and password for every app and every employee. But, using the same password for every application — even when possible — is stupidly dangerous. Also, what happens when someone leaves the company? They still have their login credentials. That is where Okta comes in — we give you one username and password to multiple apps in a secure format that can be controlled by a master dashboard.

When someone logs on using Okta, they are presented with their own dashboard that facilitates logging into all of the apps they have permission to access. The HR department then simply has to control that employee's access to Okta — everything else is built into our program. Critically, we then provide second-factor identification in the form of push notifications to your mobile if you login outside of the office. A lot of recent breaches could have been avoided if companies had introduced a small thing like second-factor authentication.

What do you see in the future for Okta?

Graham: The great thing about what we are doing is that there is no one vertical. We have customers that are not-for-profit, government and companies ranging in size from 25 employees all the way up to a health insurance provider with 22,000 daily users on Okta. Any company moving into the cloud can benefit from our product.

We have been successful in ANZ, but by no means are we finished. The thousands of companies that are not yet in the cloud, but moving towards implementation, are all potential customers. Australia is still at least 2 years behind the US, and the rest of APAC is 2 years behind us — that is all room for us to grow.

Hyperscaling is a great word for what we are doing. We have had exponential growth, year on year. One's ability to execute on that all comes back to customer success. The most important thing is ensuring customer success — customers talk to customers. The key to managing that kind of growth is picking the right people. People with the same work ethic, heading in the same direction are easy to manage. Making the wrong hiring choices is what often makes growth difficult.

Ideally, what legacy would you like to leave on the industry?

Graham: My ego wants to be remembered as the guy who built the next legacy software vendor in Australia. But, what I think is important is to coach, mentor and train the next generation of security professionals who can support the expansion of the industry. The broader problem in the industry is talent acquisition — there are not enough security specialists. I believe that I have put together a team of the best players in the industry — but there aren't that many of us.

To this end, we built a ten-stage programme to train graduates and others looking to enter the industry. We give them the skills needed to sell identity management. This programme is completely tailored to what we do, and a crucial component of what the industry needs to grow.

It sounds corny, but I will be happy with my legacy if, when I am retired, the people I helped build careers in identity management and cybersecurity invite me over for coffee to discuss the trajectory of the industry. I think the positive nature of ‘the Okta story' is good for the market on the whole. It is also how we have attracted the talent needed to build the team that has delivered the success we have achieved to this point.