Okta’s commitment to delay product and feature launches for 90 days in order to focus on its security is much-needed, following several major breaches over the past two years, according to Macquarie equity analyst Fred Havemeyer.
After Okta revealed this week that its most recent breach affected all of its support customers — a far broader impact than previously known — Okta co-founder and CEO Todd McKinnon said that the identity platform developer would be postponing upcoming product updates in order to prioritize security.
[Related: Okta Didn’t Acknowledge Breach For More Than Two Weeks, Customer Says]
Okta will follow a “hyper-focused security action plan” during the 90-day period, which the company is referring to as “Program Bedrock,” McKinnon said Wednesday during the company’s quarterly call with analysts.
The effort aims to ensure that the company’s products are “built in a way that ensures the security of our customers,” he said. “During this hyper-focused phase, no other project or even product development area is more important.”ADVERTISEMENT
As part of that commitment, “the launch dates for the new products and features that we highlighted at Oktane last month will be pushed out approximately 90 days,” McKinnon said, referring to the company’s annual Oktane conference. The one exception to the product launch delay is on Okta’s Privileged Access offering, which will be generally available as of this week, he noted.
‘Tough Spot’
At Macquarie, “we think Okta’s reputation is in a tough spot,” wrote Havemeyer, head of U.S. AI and software research at the firm, in a note to investors.
“Even after this candid earnings call, Okta will need to demonstrate that it is executing on concrete actions to improve its security practices,” Havemeyer wrote. “We think Okta delaying product releases for 90 days (except PAM) to focus on security over shipping is critical at this juncture.”
In response to an inquiry from CRN, Okta said in a statement that “we aim to be one of the world’s most secure companies in the world, and following this incident, bolstering our security environment is, by far, the highest priority for everyone at Okta.”
“The stakes are high, and we are looking hard at strengthening our security culture and operations to protect our customers,” the company said in the statement.
The recent breach at Okta impacted data from customers who had used the company’s support system. Okta had previously said that an attacker accessed files belonging to 134 customers — representing less than 1 percent of its customer base — between Sept. 28 and Oct. 17.
However, Okta disclosed Wednesday that further investigation found that the breach included the theft of all support customer names and emails.
“We have determined that the threat actor ran and downloaded a report that contained the names and email addresses of all Okta customer support system users,” Chief Security Officer David Bradbury said in an updated disclosure about the incident.
User credentials and other sensitive data were not included in the report downloaded by the attackers, Bradbury said.
Growing Concerns
Customers and investors have expressed increased concern about Okta’s security practices, given that this breach was just the latest in a series of incidents over the past two years.
The most notable prior incident occurred in early 2022 when Sitel, a third-party Okta support provider, was breached by the Lapsus$ hacker group.
The incident led to significant reputational damage to Okta, mainly due to the fact that the company didn’t disclose the breach until after Lapsus$ had posted about it.
With the latest breach analysts have pointed to the fact that a customer, cybersecurity firm BeyondTrust, raised concerns about the incident to Okta that were not acknowledged by the company for more than two weeks. Another Okta customer, Cloudflare, has said it first notified Okta about the breach, rather than the other way around.
Shaul Eyal, managing director for equity research at TD Cowen, wrote in a note to investors that Okta’s “financial performance is reflecting the impact of recent high-profile breaches involving the company’s solutions.”
“Close and win rates could slow on the back of the scale and magnitude of the most recent breach,” Eyal wrote.
Okta’s stock price was down 4.8 percent to $67.40 a share as of this writing Thursday afternoon.LEARN MORE: Cybersecurity | Data Breaches
Kyle Alspach is a Senior Editor at CRN focused on cybersecurity. His coverage spans news, analysis and deep dives on the cybersecurity industry, with a focus on fast-growing segments such as cloud security, application security and identity security. He can be reached at [email protected].
RELATED CONTENT
The 10 Hottest Cloud Security Startup Companies Of 2023SentinelOne, Pax8 Expand Partnership: 4 Things To Know‘Hyperautomation’ Startup Torq To Power MDR Provider Deepwatch In SecOps ShakeupPalo Alto Networks CEO: Demand For XSIAM Is AcceleratingSecuronix Aims To Ramp Up Partner Efforts Under New Channel Chief TO TOPADVERTISEMENT
TRENDING STORIES
- Threat Management Services Module
- Broadcom’s Confirmed VMware Cuts Surpass 2,000 As Mass., NY Disclose Layoffs | CRN
- Layoffs Engulf VMware After Broadcom Close, ‘Chaos’ For Partners In Sales Trenches | CRN
- The 10 Coolest Open-Source Software Tools Of 2023 | CRN
- Cloud Blockbuster: Insight Buys Google Cloud Superstar SADA | CRN