Skip to content


Cloud Security Different, Says Okta

Okta has announced their series B financing today. It includes a recap of security in the cloud that reveals how they pitched it for money, and why it's different:

The concepts of security, single sign on, user management and auditing are not new. They’ve existed since the first user logged into the first mainframe. Why is the problem different or the potential solutions better in the cloud?

  • There are more services and applications available to users within an enterprise than ever before.
  • The cost to build, deliver and sell the services is dramatically lower leading to more services available in the market. Literally, thousands of new SaaS start ups have spawned in the last 10 years.
  • Companies aren’t limited by their ability to build infrastructure to deploy and maintain as many applications as they want.
  • In addition to more services, there are more users. Each generation of technology, from mainframe to mini computers to client server to cloud has seen a 10X increase in the number of users. And each of these users is accessing the services in a variety of ways. Gone are the days of one desktop per employee. There are desktops, laptops, virtual desktops, tables and smart phones…
  • Finally, companies need to support a mobile workforce. They can no longer rely on securing the physical network perimeter with a firewall and selectively permitting VPN access. They need to have the same kind of rich authentication, authorization, auditing and logging for all their critical services.

Call me anal, or haiku-obsessed, but it looks like that lists boils down into the following:

  • More services are available
  • It costs less to build services
  • Infrastructure costs are lower
  • There are more users
  • Users are mobile

Wait, let me try that again.

  • More services now
  • Can't stop the mobile access
  • Deployed for less dough

Coming up with definitions and finding differences is fun. Who doesn't love isomorphism? When is a muscle-car a muscle-car? I mean if a Toyota Camry races a Pontiac GTO and wins, do we still get to call the GTO a muscle-car or does the Camry get the title? More to the point, if we accept the Okta explanation, clouds do not seem far ahead of traditional IT departments. What really stops on-premise IT from providing more services at less cost to more users who are mobile?

But there's more to a muscle-car than just measuring horsepower (the 268 horsepower Camry LE is still a second slower than a goat BTW. Efficiency is another story). Okta could have highlighted the new cloud use-cases and security issues from cloud behavior.

Many more roles/identities with far more relationships and yet less permanence are cloud specific. Tracking identities and meta-directory data when it's not clear who exactly should be the one to track identities, now that's a different problem than on premise where accounts are doled out more carefully by a clear authority.

They also could have highlighted the tall and wide shadows of data created and then "destroyed" when accounts and services are spun up and down on short cycles because "owners" come and go. You thought keeping track of hires and terminations was hard before, try managing it for systems you can't see or touch and only get a utilization report from. That's another difference.

Maybe it's all coming in their next installment and I'm just jumping the gun. For now, congrats go to them for round B. Perhaps it's best to end by saying they are in a great market space — cloud providers clearly need identity management solutions like a GTO needs seat belts, air bags and a catalytic converter to control behavior-induced risk.

Posted in Energy, Poetry, Security.


0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word