Key insights from Okta's CSO survey: Challenges and opportunities for Okta Ventures portfolio

Okta Ventures invests in founders building across a range of IT, security, consumer, and enterprise domains. In our discussions with portfolio founders, shared customers, and industry experts, we’re in a privileged position to hear first-hand about new trends, challenges, regulations, and technology shifts as they unfold and affect security practitioners. We launched a survey to analyze more quantitatively the anecdotal discoveries we were seeing in this dynamic and shifting landscape. We then asked our portfolio founders and Okta internal experts — on the frontline of these issues every day — to provide commentary. 

For this exercise, we commissioned Foundry Research to survey 200 senior IT security decision-makers at U.S. enterprise organizations (with an average of 14,000 employees) to understand their top Identity security priorities, approaches to managing Identity security, and adoption of Identity security tools. Topics covered in this survey include SaaS-related Identity security challenges, working with security startups, secure-by-design initiatives, technology strategies for managing Identity security, user privacy and consent, backup and recovery, Identity security in non-traditional work environments, and government affairs, regulation, and compliance.

The following is a selection of highlights showcasing the most interesting results we found. We hope you learn something new about the ever-changing security landscape. 

Ransomware

In 2022 Okta Ventures invested in HYCU, a multi-cloud and hybrid IT data protection as a service company. We understood the pressing need for data protection in a world with increasing ransomware. Over the past two years debate has increased around whether to pay ransomware payments. The survey showed that the CISO community is clearly advocating for banning ransomware payments. 

In May 2024, Okta signed the CISA’s Secure by Design pledge. Okta’s CSO, David Bradbury, recently showcased Okta’s progress against this pledge. Okta Ventures has been following these trending developments and in 2022 invested in Pangea Security, which provides a host of cybersecurity APIs that seek to empower engineers with security components to help them build securely from day one.
 

Okta Ventures frequently connects with large enterprises implementing Okta. One persistent piece of feedback we hear is the desire for Okta to provide coverage across frontline worker use cases — many of which include shared device access. Oloid, an Okta Ventures portfolio company, works alongside Okta customers, including Tyson, to address these issues. Shared devices remain a critical area of concern for CSOs. 

In 2024 Okta published the Businesses at Work Report, which showed that the average number of apps being deployed per company grew 4% YoY to 93. This explosion of tools impacts security organizations that need to solve, like Bel Lepe CEO of Cerby, an Okta Ventures portfolio company, calls the “last mile problem.” Many of these tools lack APIs and standards support, resulting in inconsistent security practices. Cerby supports this work with Okta-shared customers like Colgate. 

The past year has seen an explosion of interest in security circles in non-human identities, which Aembit, one of our portfolio companies,  tackles for large enterprises like Snowflake. In our survey, we asked security practitioners how manual their approach is and we were surprised by the results. There is clearly a need for automation to drive more efficiencies and security across workload access.

Daniel Barber, CEO of DataGrail, a data privacy management solution, is on the front lines of helping organizations address their privacy requirements and comply with the myriad regulations popping up in the industry. Our survey results indicated that securing data storage remains a persistent challenge for security professionals — one DataGrail knows well. Okta itself uses DataGrail’s technology to ensure data subject requests are processed efficiently across Okta’s online assets. 

Okta Ventures’ survey uncovered new insights and reinforced anecdotes we’ve been hearing in the field. As we move headlong into 2025, we will continue to bridge the needs of the security community with our portfolio companies to bring shared value to our customers.

Demand for startup solutions to pressing security challenges has never been stronger and we’re always happy to support builders and founders looking to create new solutions in the market. So, don’t hesitate to reach out at [email protected] or connect directly with our portfolio companies.