Mode Cast

Identity, Security, and the Core of the Internet:
A Conversation With OKTA

"We do target a certain customer type, which is any customer who has distributed branches; whether that's worldwide or nationwide."

— David Van Schravendijk, Product Marketing Manager at Cisco Meraki

Featuring:

Mark Settle,
CIO at Okta

Description:

Mark Settle is CIO at OKTA, a firm that helps companies handle both workforce and customer identity. In this episode, Mode's Jo McDougald speaks with Mark about the importance of identity and security, particularly in healthcare and financial services, and the role the internet's infrastructure plays in those issues.

Listen on SoundCloud [Or read the transcript below]

Transcript:

JoAnne McDougald:
Hello everyone, and welcome to another episode of Mode Radio. I am here tonight talking to Mark Settle, the CIO of OKTA. And you're going to tell me a little bit about what you do there and a little bit about your history. We happily have entered a fun evening with Mode. We're coming to you live from Hotel Nia in the heart of Silicon Valley and Menlo Park. It's fun. It's quirky, kind of like me. And we're going to talk to Mark.

Mark Settle:
So, I'm always happy to talk about OKTA. OKTA is a huge success story. We are a cloud-based identity and access management solution. The company's ten years old. We're celebrating our ten year anniversary.

Jo:
Happy anniversary.

Mark:
Just in the last couple weeks. We've grown to over 6,000 customers, and we manage the identities of over 100 million individuals across our different services and are routinely used not only to authenticate employees to the applications and data they need to do their jobs, but also to a company's customers, suppliers, or go-to-market partners as well.

Jo:
One-hundred percent. It's not just your internal network and ecosystem, but also all of those partners, customers, and then end users.

Mark:
Exactly.

Jo:
Yeah. So it's important for – I'm sure you could list a couple of industries that you really want to get out the word to that you offer these solutions for.

Mark:
It's interesting. We don't really have a vertical sales strategy. It's not like we have teams dedicated to specific industries. In the last 6 to 12 months, we have seen a significant rise in interest out of the healthcare sector. If you think about hospitals, they have some of the most complex identity environments you can image. I mean, you've got patients, interns, candy stripers, nurses, and doctors coming and going – vendors selling things, you know what I mean? It's just a wild kind of an environment. So healthcare has been a big area, as well as financial services, interestingly. So we're seeing banks and a number of insurance companies starting to adopt the service, as well.

Jo:
Yeah, I could see that quite readily. Unfortunately I saw a video probably three or four years ago. I think it was on the stage at RSA. And it has since been taken down – like, disappeared from the Internet. Can't be found. The webs have wiped it clean. But it was a bad actor actually killing a patient on-stage. This was all virtual, obviously, but what happened was somebody just logged into a hospital network and was able just to guess – like, had walked the halls. We could guess that this was the machine that was delivering morphine, and if you cared, you would try to find the person's room and then turn up the drip. Or if you didn't care, you could just attack all of them. And I think this Bluetooth thing was like, oh yeah, let's just add that to these machines. Then people were like, maybe that wasn't such a good idea to add that to –

Mark:
Yep. It's interesting. If you go back not that long ago, the whole goal was to get people into a corporate network that IT could control. So once you authenticated under the corporate network, you could be monitored, and things could be withheld or granted, et cetera. But there's just been an explosion of devices that people use, and I'm not talking about smartphones or kiosks. Just like you said, no, it's bedside point-of-care device, or a point-of-sale device, or something like that. And identity is becoming the magic key that allows you to do different things at different points in time, because most IT groups have given up this idea that we can actually control a network – the devices on the network and who gets to come and go. It really comes down to that moment of engagement, when you're in a particular situation and are going to use your identity credentials to enable access to certain kinds of capabilities.

Jo:
Yeah, and we're here at a Mode event. Obviously all of these things happen across the network, and the network becomes so critical. And what Mode does – shameless commerce section of this podcast – Mode offers a way to have core control, basically an MPLS at a much reduced cost. So it's all of the things you love about MPLS – getting that private network, getting it end-to-end encryption, and being able to really ensure that the data that is flowing across that reaches its destination without any bad actors having an opportunity to do it, without any jitter, and using math and science. That's why it's Mode – to actually have mapped the best path in any moment across the Interwebs that allow you have this type of service.

Mark:
So again, it's a case where it's a super critical capability, and as more and more applications are being offered by cloud providers – I mean, the workdays and service now’s and others of the word – the old days of on-prem software and software supported by IT groups is passing rapidly, and most of the new applications are all cloud-based. So just to your point, the ability to navigate the Internet safely to get access to those resources is super critical.

Jo:
And that's part of the conversation. So what things are you – I don't want to take too much more of your time. This has been great. But what sorts of things are you looking forward to in the next few years? What technologies are inspiring you at least to do more research? What is drawing your attention and your eye these days?

Mark:
Wow, that's a great question. One of the thought leadership areas that I think a lot of sales are investing time in right now is this idea of zero trust. Unfortunately, good IT people love a good catchphrase, like cloud computing or big data, and zero trust has come to mean lots of different things to different people.

Jo:
Yeah, so I think you should define it. To my mind, zero trust means as an organization, I'm going to trust no one. Then you would have to prove to me that you are who you say you are.

Mark:
Exactly right. That's exactly right. And you have to prove that in different kind of engagement scenarios, if you will. So days of passwords and security questions are fading rapidly away. They're too easily duplicated, hijacked, or whatever.

Jo:
Right, and everybody has shared their dog's name, their mother's maiden name, and everything else that we used to use on their Facebook page or somewhere else. So bad actors have the ability to collect and harvest that data and use that against us.

Mark:
It's shocking. Yeah, it is shocking. So zero trust is a huge deal. I think about some of the other things that are floating around out there that have to do – it's not so much the technology. There's blockchain tools that are emerging, and of course machine learning is really finding its way into a lot of different kinds of solutions that companies use. That's probably the biggest trend to keep an eye on over the next couple of years.

Jo:
I agree – machine learning. I'm so happy that you didn't say AI, because I feel that's not really real yet.

Mark:
It's an umbrella term.

Jo:
It is, it is. So Mark Settle, it has been my pleasure to talk with you. We're Mode Radio. We're here coming to you live from Menlo Park, California. Thank you so much for joining us today.

Mark:
Thank you.

^