Enterprise IT Watch Blog

Feb 2 2011   3:59PM GMT

Ex-Salesforce.com exec simplifies cloud security with Okta

Melanie Yarbrough Profile: MelanieYarbrough

Despite the progress SaaS has made in the enterprise, security concerns remain a hindrance to the growth of the market. Enter former Salesforce.com executive, Tod McKinnon, now CEO of Okta, with a lofty goal: To accelerate enterprise adoption of cloud and web-based apps.

All the ROI in the world doesn’t mean a thing if your mission-critical apps are a floating security risk. As McKinnon told Newsfactor.com, “Okta is the only enterprise-class, on-demand service purpose built to help customers secure and manage their entire cloud-services network and the people who need access to it, with no professional services required.”

One of the main cloud security concerns is the lack of control over one’s own data. The inability to physically ensure cloud security or the lack of a complete grasp on the necessities may be holding many back. Okta allows a company to ensure secure cloud access from the part of the end user. The identity and access management services are on-demand.


  • Single sign-on for cloud and web applications including support for Security Assertion Markup Language (SAML) 1.1 or 2.0 and others: Okta provides a common service based on the applications an enterprise is deploying, rather than across the enterprise as a whole. By eliminating a company’s need to integrate single sign-on across the board, Okta allows specific deployment of its services, reducing cost and workload for its customers.
  • Centralized user provisioning and deprovisioning across cloud apps for IT teams: De-provisioning users who have left a company or a department keeps costs down for applications whose providers charge on a per-user basis. Okta’s automation of this process reduces cost of manpower to de-provision manually, a timely and tedious but necessary process.
  • Reporting and analytics across usage and activity for all enterprise cloud and web apps: This feature allows the enterprise to keep track of the return on its applications and the services tied to those apps. IT departments can provide use cases and analytics to determine which apps are utilizing the service to its full capacity and worth.
  • Deep integration with Microsoft Active Directory to allow federation with on-premise directories to cloud apps.

Sweating the Small Stuff

Common threats that can cause major disruption – such as cross-site scripting, request forging, and SQL injections – are automatically prevented in Okta’s architecture. Other security aspects of note:

  • Each session secured over SSL.
  • Customer data and instances secured at application and database level.
  • Okta’s data center is SAS 70 Type II compliant.
  • Okta employs a third-party security consultant to run whitebox penetration tests.

With a new In-Stat report predicting that “SaaS (software-as-a-service) spending will increase 112% between 2010 and 2014,” it only makes sense that security for the applications being deployed in the cloud will become more of a concern and opportunity for growth in the market. How has your company dealt with cloud security until now?

Melanie Yarbrough is the assistant community editor at ITKnowledgeExchange.com. Follow her on Twitter or send her an email at Melanie@ITKnowledgeExchange.com.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Cloud security standards commissioned from the NIST by America’s CIO - Enterprise IT Watch Blog
    [...] separate authentication systems. The NIST’s report recommends identity federation, or else single sign-on or cross-domain single [...]
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: