Here's My 5 Key Takeaways From #Oktane19 In San Francisco This Year

What a week and what an experience in San Francisco for their yearly #Oktane conference which was jam packed with events over 3 days. A special thanks to @Deloitte for sending me over with the wider identity team from Melbourne and Sydney and @Okta. Here's my take on #Oktane19 and key points

· 8 min read
Here's My 5 Key Takeaways From #Oktane19 In San Francisco This Year
This is my follow up post to my last weeks post where I travelled to #Oktane19 down on the West Coast of the US in San Francisco where I explored what's next for Okta in the coming year.

What a week and what an experience in San Francisco for their yearly #Oktane conference which was jam packed with events over 3 days. A special thanks to @Deloitte for sending me over with the wider identity team from Melbourne and Sydney and @Okta.

Here's my take on #Oktane19 and key points I took away from the conference and the key trends to our cyber industry.

Union Square hotel on sunny in San Francisco day before Oktane19
Sunday Morning @ Union Square San Francisco

I was lucky enough to part of the team @Deloitte that was awarded two awards on the first night, winning both the Okta APAC Partner of the Year award and GSI (Global Systems Integrator) Partner of the Year which is a massive achievement for the whole team.

Union square in San Francisco at dusk before Oktane19
San Francisco On Sunday Evening, This Was The Only Sunny Day

This year @Okta's, CEO Todd McKinnon announced a tonne of updates through the company opening keynote which were distilled into 5 key takeaways for the coming year. With over 4,000 people in the audience, the core theme behind this years Oktane conference is that Trust is the new frontier in technology and without it, technology won't reach its full potential.

"Trust is the new frontier, Identity is key to security and key to the user experience. It’s the connection between people and technology. Trust is about how people feel and identity is key to trust. It’s all connected and the foundation is user trust" in opening from Todd McKinnon the CEO of Okta

Here is the Opening Keynote from Todd McKinnon


5 Key Takeaways

Todd McKinnon introducing Oktas Webhooks at Oktane19
Todd McKinnon Introducing Okta Inline Web Hooks

1) Inline Webhooks

Okta Web Hooks is a new capability which will extend the ability of developers to further integrate their third-party solutions with the Okta Identity Cloud platform with the functionality being designed to cater for distributed micro service architecture currently in use across the industry. Some examples of such were E-Commerce platforms, Marketing automation platforms and CRM (Customer Relationship Management).

Todd McKinnon introducing Okta's identity platform introducing custom code options for inline webhooks
Todd McKinnon Exploring Custom Code Integration Options

Naturally all this is a outbound call from Okta to a piece of custom code which is triggered at specific points on the Okta identity process flows but it provides a degree of flexibility that was not originally provided by Okta allowing for even more integration points and use-cases to be catered for.

There are obviously some great use cases that already exist that could be tacked on to existing identity services for organisations, such as looking at legitimacy of emails signing up to e-Commerce or Enterprise platform before creating the user to identify potential fraudulent activity or by providing specific alerting and notification of identity related events to the business.

Okta Web Hooks diagram performing a inline hook to an external service
Inline Web Hook With Okta And External Service
  1. During the execution of an Okta process flow, at the extension point between points A and B, Okta sends a request to the external service.
  2. The external service performs some processing.
  3. The external service sends a response back to Okta.
  4. Okta receives the response, acts on any commands it includes, and resumes the process flow that originally triggered the inline hook.
I would be interested to see if this idea of In-Line Hooks originally came from Joel's blog post or commit 2 years ago and pitched as an internal development project
Todd McKinnon introducing Okta's strategy of connecting everything
Todd Mckinnon Connecting Everything

No doubt there will be some great technical use cases to follow as the platform looks to expand its integrations network from 60,000 to more than 600,000 Integrations as a core strategic move.

Todd McKinnon introducing Okta strategy to integrate over 600,000 applications into its Web application repository
Todd McKinnon Announcing Okta Is Looking Towards Over 600,000 Integrations From The Current 60,000

2) Advanced Server Access

The Zero Trust framework as people like to call it, sounds a lot more interesting that it actually probably is. The core idea around Zero Trust is that access to corporate resources should be restricted until the user has proven their identity and access permissions. Okta is trying to make this a reality with their recent acquisition of ScaleFT

Okta at the core of managing business and customer access and identity
Okta Wants To Be That Core Platform That Controls Authentication & Authorisation To Everything

The premise of the solution lies around the fact that today, organisations are struggling to keep track of who has the keys to access servers running mission-critical workloads and storing valuable data, and are woefully limited when it comes to provisioning and de-provisioning powerful administrative accounts. This problem is now compounded by organisations moving towards and heavily relying on multi-cloud infrastructure such as AWS (Amazon Web Services), GCP (Google Cloud Platform) and Microsoft Azure which leads the business with limited visibility across their infrastructure and really no centrally controlled way of securing their hybrid environment which is traditionally very costly and time consuming.

The whole concept of this product is to provide Okta-driven identity security when accessing public and private cloud resources. This replaces static keys traditionally used to access these resources with Okta’s centralised identity security and administration, including a dynamic credentialing mechanism that allows contextual authentication of every login under one roof.

Identity has been a hot topic for a number of years with the advent of cloud technologies and with many business moving to a hybrid infrastructure approach to doing business. I think the time is now to shift this thinking towards PAM or (Privileged Access Management) which Okta is clearly starting to do too.

3) Risk-Based Authentication

Okta's Risk-based authentication adds machine learning to the authentication processes, building an understanding of user behaviour to detect anomalies that may suggest an attempted exploit, and an overall holistic understanding of a users actions in order to invoke adaptive authentication to validate a user’s identity with additional verification steps or other actions that are required.

Todd McKinnon introducing Oktas Machine learning tool for authentication of logins
Todd McKinnon Announcing How The Machine Learning Algorithm Will Categorise A Login Event

Essentially the system works by building a profile on you and your authentication habits by analysing where you are authenticating from, what device you are on and whether you are on or off the network. Okta will then calculate a risk score which will be based off the contextual elements and will decide whether to allow you access, prompt you for another authentication factor or deny your access request altogether - pretty basic stuff but super functional from a fraud and malicious threat actor perspective.

4) Okta Identity Engine

The Okta Identity Engine is a new set of customisable building blocks that enable developers to adapt pre-defined authentication, authorisation and registration flows to meet their specific needs, shaping a user’s identity experience depending on the context. This is a great move by Okta as customers look to have an even faster and more seamless UX and UI journey and experience to perform specific functions.

Okta identity engines 5 step process
Okta's Identity Engine In Detail

What that essentially means is that as identity architects, we can create more seamless experiences for both Customer and Workforce use cases and start to further bridge the gap between user design and experience and those security requirements organisations need.

Okta introducing it's ability to deliver new catalogue experiences for customers
Delivering new UI experiences

A great example provided by Okta is a scenario where a fan is buying a ticket to a game for the first time.

  • The fan goes to a ticketing website and decides to register in exchange for a first-time user discount. To register, the user is prompted to enter their name and email address.
  • Subsequently, an Event Hook pushes the user into the company’s email marketing system (e.g., Marketo or Salesforce). The user is now activated and can freely browse the website.
  • Sometime later, the user decides to make a purchase, at which time another set of flows can occur because a more sensitive experience is being accessed.
  • Starting with the click to purchase, the user is emailed a magic link to validate their email and register it as an authentication factor. Because the user has indicated higher engagement, the system can prompt for additional information, (known as progressive profiling), asking for geographic and other contextual information.
  • Once completed, the flow can authorise the user to use other company products, such as a payment app.

This provides: Passwordless User, whereby we can create a user on the fly based on contextual information such as Device, Geo-location and Email, in which case a user is not asked to setup a password in order to not inhibit their browsing experience on an organisations website until such time as they do a credible transaction that would require further security measures such as buying the ticket above. In this case we can just prompt the user to set a password prior to purchasing the ticket through Progressive Profiling reducing the abandonment potential of a customer buying a service or product on our website.

5) Okta Ventures

Okta ventures is Okta's Investment fund providing $50 million to startups that are focused technologies such as Artificial Intelligence and Blockchain to address challenges in Identity, Security, and Privacy.

One of their first businesses they chose to invest in was Trusted Key which is a fascinating enterprise wide solution that has been built to prevent identity fraud, improve security and enhance the consumer experience with password-less authentication and transaction authorisation.

Oktane19 Guest Speakers & Sponsors

Throughout the time we were there, there were a number of guest speakers we heard from, telling us their own stories and ideas for the future:

Sir Time Berners-Lee Inventor Of The World Wide Web giving Oktane19 keynote
Sir Time Berners-Lee Inventor Of The World Wide Web #1
Sir Tim Berners-Lee Inventor Of The World Wide Web opening statements at Oktane19 keynote
Sir Tim Berners-Lee Inventor Of The World Wide Web #2
Frank Abagnale presenting the keynote at Oktane19 about his Cyber Security and Fraud Prevention career and being the Original Catch Me If You Can.
Frank Abagnale - Cyber Security and Fraud Prevention Expert. The Original Catch Me If You Can. All The Movies And Stories Were Based On Frank Who's Been Working For The FBI For The Last 40 Years!

A large amount of partners showed up for the event and were situated around the massive conference floor for conversations - some super interesting ideas and innovation coming into the mix!

The Partner & Sponsor Floor is Open @Oktane19
The Partner & Sponsor Floor is Open @Oktane19

Here is the Closing Keynote from Oktane19

Conclusion

Overall an absolutely fantastic experience and a lot of insight gained on whats to come in the Identity & Cyber Security Space.

San Francisco Bridge with clear blue skies and ships
This Post Of Course Wouldn't Be Complete Without A Picture Of The Bridge