A Modern Cloud Service for Secure Digital Experiences
Software is Eating the World
Cloud. Mobile. Digital. It’s hard to turn a corner today without hearing something about these technology trends. In an IDC report from November, 2015, 67% of CEOs said they were betting on digital transformation. It’s at the top of the CEO agenda for good reason. It is hard to find an industry or sector in the economy today that is not being disrupted by software.
Software has gone from being an internal operational and employee productivity tool, to being at the core of how companies operate their business and serve their customers. If CEOs today do not act with the speed and decisiveness necessary, they risk a more “digital” company entering their markets and taking the bulk of the profits. Strategy consulting firm Innosight concludes that 75% of the S&P 500 could be replaced due to “creative disruption” in the next 15 years. Companies that do not embrace digital will be left with being commodity producers of goods and services at best, or at worst, will simply go away.
Innovative CIOs are Leading the Way
With the new strategic imperative of digital transformation, comes the search for the right organizational alignment to drive its success. Digital transformation impacts all stakeholders in the company—employees, customers and partners. Someone must lead to build a common enterprise-wide digital platform and drive alignment between IT and the business. Organizations have taken a variety of approaches over the last several years, breaking digital out from under the CIO, bringing on a Chief Digital Officer or Chief Technology Officer, or putting customer-facing technology under the CMO. There is no one “right” approach, however Okta does see a clear trend. Innovative CIOs across industries are taking the lead in coordinating digital transformation across the enterprise. There may still be a CTO building a customer-facing digital experience and a CMO coordinating all the digital marketing touchpoints of a consumer. To be successful in complete digital transformation of the enterprise, coordination is required across all of these initiatives, and the CIO is often the person to drive this company-wide alignment.
Digital transformation projects can have significant information security considerations. Okta typically sees an important role played by CISOs in designing secure digital experiences and in the selection of key vendors for a new architecture.
Innovative CIOs and CISOs are moving quickly. Pivoting their organizations to support digital innovation. Redesigning platforms to be more agile, more secure and most importantly, help achieve the desired end-user experience and business outcomes.
Digital Experiences Span the Enterprise
Not only is digital disrupting every industry, it is disrupting every function within an enterprise.
1.1 Employee Digital Experiences
Here, digital transformation takes the shape of a rapid change in how internal IT is managed. Companies are going from purchasing software, then deploying, managing and operating a service in-house to adopting cloud software that greatly reduces this operational overhead. Cloud is enabling IT to focus more on adding value and to be much more agile.
Along with cloud, mobile technology is transforming employee productivity. Employees can be productive on their terms, unleashing their creativity. Cloud and mobile software, with quick upgrade cycles and with all customers running on the latest release is also simply better for end-users. Legacy software with its twin 3-year upgrade cycles and 3-year deployment cycles led enterprises to never really be up to date, and it prevented software companies from innovating and being user-centric.
The security architecture changes as major applications are migrated to the cloud. HCM systems such as Workday contain PII and productivity applications like Office 365 contain sensitive company data. The approach needs to shift from securing the network perimeter, to securing access to these applications and protecting data.
A modern, cloud-based IT architecture, with one modern identity platform enables enterprises to be far more efficient with managing the identity lifecycle for all their applications, provide contextual access management to cloud applications and company data, enable the businesses to use the best applications and easily manage access to employee-facing in-house applications.
Graphic 1: Digital Experiences & Digital Services
1.2 B2B Digital Experiences
Partner portals have come a long way over the last decade. Rather than having to build out a software stack from a single on-prem software vendor, enterprises can now use best of breed applications, services and platforms. It is increasingly easy to get data to flow across different systems and not be stuck with independent silos of data. Again, with best of breed cloud software or custom-built applications running in a public or private cloud, partners get a better experience.
Okta sees this impact across the spectrum of partner portals, from B2B collaboration to post-sales support portals for customers. On-prem software, and legacy architectures are just too brittle and too slow to evolve to handle the new initiatives enterprises are taking in this space. A modern identity management system built as a single platform capable of connecting all stakeholders in an enterprise is at the foundation of modern portals. It enables enterprises to connect to partners, and for partners to connect back to core IT applications and collaborate with employees.
1.3 B2C Digital Experiences
When you think of digital, B2C is probably what first comes to mind. These experiences are the web and mobile apps all of us as consumers see every day, that have become an indispensable part of modern life. In an instant we can pay bills, transfer money to friends, purchase plane tickets (and choose our seats), submit a maintenance request, return something we purchased or get help on a new product. Doing these things from a web browser might even seem old today, but now it’s common to do all of this from a smartphone, in an app, that many times is even the preferred place to start than going to a clunky web browser.
These digital experiences are increasingly driven by a vast array of APIs that apps can use to tap into data that resides inside and outside the company. With a modern API interface, enterprises can open up a tremendous amount of innovation and use cases using their data. They enable their own in-house developers to innovate, and their partners to innovate. Likewise, in-house app developers can take advantage of APIs provided by partners, or by commercial platforms such as Google Maps, Twilio and Microsoft Office API. Building a B2C experience as a one-off project can be done in a silo, but to truly unleash innovation here, scale, and coordinate across the business, it again requires a modern identity cloud service that spans the enterprise.
1.4 Internet of Things
IoT cuts across all enterprise constituents, B2E, B2B and B2C. Legacy software generally assumed an end-user as the “actor” for all applications, aside from special purpose accounts such as service accounts. With modern APIs and apps, this framework is changing dramatically, where applications or devices are increasingly acting on behalf of users. IoT is the common way this trend is talked about today. In reality, the transformation happening here is much broader than just the typical examples given, such as internet-connected refrigerators.
Enterprises are developing new mobile apps for employees that instantly surface just the right data at the right time for a salesperson to close a deal or for a service technician to see the complete background of a customer. Smart infrastructure is transforming how businesses manage all their assets, from light bulbs to elevators to robots on the manufacturing floor. IT must manage access to sensitive company data by all these applications and devices that are constantly running in the background without any direct user action. The best way to do this is to integrate IoT access management with a broader identity system that can manage access to a set of applications and data across all use cases.
The Digital Iceberg
As CIOs and CSOs move to support the new digital journey, the natural tendency is to use legacy IT platforms. IAM is no exception. With so much to do, it is only natural to ask, “Why can’t we just use our existing IAM solutions to support these new initiatives?” Many IT leaders have come to learn that legacy IAM will not work. This approach has too many pitfalls and potholes. Project delays, unanticipated cost, security vulnerabilities and poor end-user experience.
Graphic 2: Challenge: The Digital Experience Iceberg
The breadth of things IT needs to solve for is vast:
“Islands of Identity”—Different applications and services make up the digital experience. Many different sets of users, with many identity systems and user stores.
Device Heterogeneity—Company managed devices & BYOD. Different form factors and platforms.
App & Protocol Explosion—The pace of new standards is increasing, not decreasing. (E.g., OpenID Connect, Oauth and FIDO)
Custom Integrations—On-prem IAM systems provide connectors to different systems, but they are often complex to deploy and obsolete by the time they are deployed. On-prem provisioning connectors in particular are usually just frameworks for writing completely custom code. Developing, deploying and maintaining on-prem integrations can take years and drive up TCO significantly.
Security in the Cloud—Modern initiatives leverage best of breed software and platforms that are outside the firewall, and often are serving constituents beyond the firewall. The entire approach to securing access needs to change with this transformation.
End-to-End Visibility—Enterprises need to understand access, accounts, entitlements and policy through many different lenses. Security teams, auditors, development teams, sales and marketing departments and business partners all have a vested interest and need different views.
High Availability—For employee use cases, you need to ensure HA. Load on systems though is often predictable. Customer and partner scenarios add significant unpredictability to the equation. Achieving a delightful and frictionless end user experience across all use cases with no planned or unplanned downtime is the new norm.
In addition to project delays and maintenance costs, building a secure foundation for digital experiences using on-prem software can lead to brittle architectures, scale limits and in the end a sub-par experience for endusers. The world is now simply moving too fast. It can take years to fully deploy on-prem IAM software for complex architectures involving cloud and mobile. The technology changes more quickly than that today, meaning what you build will already be out of date when you go live.
Okta: A Modern Cloud Service for Secure Digital Experiences
New initiatives using next-generation technology require a re-thinking of the foundation. This new foundation needs to optimize for addressing all modern use cases on one platform (B2E, B2B, B2C and IoT). It needs to enable the line of business and IT to choose the best applications and technologies to build out digital experiences with the greatest ROI. Agility is a must. Delays lead to projects never getting off the ground because market opportunities and technology move too quickly. With a breadth of IAM capabilities across all scenarios, the IAM system can be the glue that enables the business to transform and deliver end-to-end experiences for users.
Okta is the modern identity foundation for digital transformation that enterprises need to deliver secure digital experiences. Okta was born in the cloud, delivers enterprise-grade security and scalability and is built for change. Enterprises that use Okta go live quickly, are free to be opportunistic in the market and get the ROI desired from digital initiatives.
Okta provides a wide breadth of capability across IAM, Security and EMM all as one modern cloud service. With this unique capability, Okta is the best foundation for enabling enterprises to deliver end-to-end experiences with extreme agility. Enterprises have the choice of using Okta’s out of the box end-user experience or using the Okta API and toolkits to deliver a highly branded, completely custom end user experience.
Cutting across the breath of Okta’s products are four key points of unification in the system:
Digital Unification—At its foundation, Okta is a directory and meta-directory that enables enterprises to connect all sources of user profiles and data, transform attributes and manage groups.
Contextual Access Management—Across web and mobile and the breadth of applications integrated to Okta, enterprises can centrally manage policy. Okta makes instant policy decisions to deny or allow access based on a broad context of the user.
Lifecycle Automation—Okta masters lifecycle state off of directories, HR or CRM systems. Via rules centrally defined by an administrator, Okta takes action to provision users or kickoff workflow.
360 Visibility—Reporting features provide ultimate visibility across all actions in the system, from user authentications to provisioning events. Okta adds intelligence by detecting patterns like suspicious behavior and reporting on opportunities for more secure integration to an application (via SAML) to an administrator.
The Ultimate Test: Customer Success
Okta customers in every region globally have achieved tremendous success. Thousands of customers use Okta every day to do their most important work. Customers have reported to Okta a 50% decrease in costs for digital transformation projects and 8x faster deployment time.
A large energy conglomerate recently deployed Okta to integrate 70+ Active Directory domains and make it possible to build a unified Global Address List (GAL) so all users could see each other in Office 365. They had previously spent 2 years on this project, and had been unsuccessful with on-prem software. With Okta, they did it in 2 months. Customers generally point to domain consolidation projects costing roughly $20-50k and taking several months per directory. In theory, consolidating 70 directories could take many years to work through, or a dedicated staff of 5 to 10 people for 1 to 2 years. Either way, the costs would easily reach millions of dollars using on-prem technology and traditional approaches.
Adobe Systems deployed Okta within 9 months to automate configuration of federation for all enterprise customer access to Adobe Creative Cloud, totaling 10 million users. By embedding Okta in the Creative Cloud admin portal, Adobe has been able to rapidly on-board new enterprise customers for federation and grow their business. Adobe’s first use case was leveraging Okta for access by 13,500 employees to 300 enterprise applications, including Office 365. They successfully deployed Okta for federation for Office 365 within 1 month to all users. For more details on Adobe, visit okta.com: https://www.okta.com/customers/adobe-systems/
With over 40 million customers and over 1000 flights a day, JetBluecreates personal, helpful, and simple customer experiences. JetBlue relies on Okta to secure access to over 500 customer and employee apps in order to deliver secure, connected travel experiences. JetBlue leverages Okta’s Customer Identity Products to provide a single point of entry so that access to different applications is effortless across all digital channels. At the same time, Okta works as a secure and consistent gatekeeper, sitting between those applications and JetBlue users, and enforcing the company’s multi-layered access policies. By using Okta, JetBlue was able to improve IT efficiency, increase productivity, and reduce security risks. “Frictionless travel is key for this airline. Okta not only keeps customer and crewmember data safe, but it also simplifies the experience as they navigate the digital ecosystem.“ - Eash Sundaram, EVP Innovation, Chief Digital & Technology Officer, JetBlue Airways. For more details visit: https://www.okta.com/customers/jetblue/
These organizations were successful with their digital initiatives because they chose the IAM foundation necessary. Success with digital requires a foundation that supports the speed of innovation required, and IAM is the cornerstone of the modern digital architecture. Digital transformation is at the top of the corporate agenda. It’s critical to the future of every enterprise to determine how to transform and compete in a world where the digital experience is what will be the main source of differentiation and will drive efficiency and profits.