Customer Challenge
When thinking about a security decision maker (CISOs, VP of Security, etc) what goals are they trying to accomplish with a security solution?
Remove user friction while also mitigating risk and protecting privacy
Do 1 and 2 at global scale, and with scarce resources (scarcity across people/talent as well as funds)
Besides a specific product, what is Okta's number one competitor?
"Doing nothing" or competing priorities
When speaking to a prospect about the challenges of different user types and lack of controls, you might bring up UD, how would you pitch this?
Okta Universal Directory enables easy integration across a range of directories/systems of record, the ability to store users directly in the cloud at much lower cost, as well as the ability to federate partner identities.
Security buyers like the CISO, CSO, S/VP of InfoSec, etc. are responsible for...
CISO, CSO, SVP of InfoSec type titles act as the economic buyer for a business. They care about:
-Protecting the business against cyber threats
-Positively influencing other parts of the business to make security-conscious decisions
-Enabling business growth and operation, safely
For Fedex, what initially spurred the search for an identity solution?
FedEx modernized its IT infrastructure using the latest development tools, but its complex identity and access management infrastructure presented continued friction for software developers and end users, as well as obstacles for M&A integrations.
What is a type of risk that security leaders are being asked to protect against in a rapidly evolving threat landscape?
Phishing & brute force attacks
Supply chain hacks
Ransomware-as-a-service
What are the three main challenges business' face with Microsoft?
Microsoft
Hidden costs / high TCO
Slow time to value
Outages + downtime
If a prospect discloses that they do not currently have a good way to identify and respond to potential identity threats, specifically in an automated fashion, you might bring up Okta's MFA solution. How would you pitch this?
Okta Adaptive Multi-Factor Authentication can detect behavioral changes and allow organizations to set policies to prompt for high assurance factor(s) prior to allowing access
Name two of the five primary job responsibilities for Security Architects.
These individuals are focused on the design/build as it pertains to security. They care about:
-Analyzing the technology environment, including potential areas of risk and setting requirements
-Setting the defensive framework and architecture
-Creating a solution prototype
-Participating in technology selection
-Controlling solution development and supporting project management
How is Fedex currently using Okta?
How they’re using Okta:
The FedEx Zero Trust security model focuses on verifying users and devices. Okta Adaptive Multi-Factor Authentication adds flexible and contextual verification requirements for users. To increase endpoint security, the team is exploring device monitoring with Okta Platform Services.
Using Okta Universal Directory, FedEx aggregates identities from multiple user repositories, simplifying new acquisitions. The team manages access across the company with a single policy engine and the resulting data helps them identify suspicious behavior and make proactive policy decisions.
Okta’s many partner integrations strengthen the Zero Trust strategy and its partnership with F5 helps FedEx bridge Zero Trust to on-prem applications. FedEx is positioned to decommission its legacy IAM solutions, integrating SaaS, cloud native, and on-prem apps into a single cloud.
-340k FedEx team members worldwide,
-250+ SaaS, cloud-native, and legacy on-prem apps integrated,
-Adaptive policies for device state,
-Consolidate policies for any user type in Okta
When we talk about "enabling a business to use new technology" what are we typically referring to?
Typically we are referring to a growing and evolving business adding new cloud applications to their technology stack.
+ Businesses need “Work anywhere” productivity
A common approach from businesses is to prioritize security initiatives outside of identity. Why should they prioritize identity?
There are countless breach statistics we could cite here: the leading cause of data breaches involve credentials (e.g. 61% of all breaches involved credentials, Verizon Data Breach Investigation Report 2021). Starting with identity mitigates a major risk vector for an organization, and can help leaders show progress toward a stronger, more modern security posture.
Industry experts like Forrester recommend starting with identity as a part of a broader Zero Trust security strategy (share Forrester Report March 2021: A Practical Guide to a Zero Trust Implementation). Okta is also integrated with other leading vendors across the security stack, from EDR/MDM (devices), to ZTNA and other networking vendors, to SIEM/SOAR tools and more, allowing you to set a strong foundation that will be interoperable with your preferred tools across the stack.
The Zero Trust security model is quickly gaining popularity. But many security leaders don’t know where to start putting it into practice at their organization. The great news is that you can build Zero Trust on top of the security tools you already have in place so you don’t have to start from scratch.
Forrester found that enterprises make rapid risk reductions by focusing on improving identity management and device security. These two core components of the Zero Trust eXtended (ZTX) ecosystem build confidence with executives that the organization can realize security benefits from its Zero Trust program quickly.
A common objection from prospects is not understanding the value of investing in identity, what points could you make to combat this objection?
The leading cause of data breaches involve credentials. Starting with identity mitigates a major risk vector for an organization, and can help leaders show progress toward a stronger, more modern security posture.
Industry experts like Forrester recommend starting with identity as a part of a broader Zero Trust security strategy.
"Influencers" in a workforce deal who care about strategy for a portion of the security program, might hold titles like... (name 2)
-Sr/Dir of Information Security
-Sr/Director of Infrastructure Security
-Security Operations
-Identity Security
-Sec Ops Engineer
What identity challenges spurred NTT Data to explore a solution like Okta?
Onboarding, role changes, and offboarding posed challenges with highly manual processes, and name conflicts were common in an organization of over 120,000 employees.
NTT DATA needed to control risk in a more effective manner, implementing security in a seamless way to improve user experience and collaboration.
When we talk about "removing user friction" as a priority for security personas, what are some examples we could be referring to?
Eliminating barriers like lengthy password reset processes and enabling first day access to necessary work applications.
What advantages does Okta provide over IAM and MFA vendors like Ping and Duo? (3)
Depth of pre-integration across both resources + security stack
Agility: cloud-first, unified platform approach
Security + compliance (FedRAMP Moderate ATO, HIPAA attestation, etc.)
What questions could you ask to uncover if your prospect does indeed have an identity problem? (Come up with 2)
What users are currently accessing your systems? Are their access controls consistently managed and protected?
What resources do your users access (including apps, infrastructure, APIs, networks, both cloud and on-prem)? Are those resources all connected to your identity system?
How do you handle deprovisioning today? Is that manual, partially automated, or fully automated?
How do you currently identify and respond to potential identity threats? Do you have an automated mechanism for this?
Name 2 of the 4 responsibilities for people with a title of Infosec/ Security Operations
Oversee strategy and execution for a portion of the security program, e.g. Infrastructure, Operations, Identity, Network
Builds/owns/leads team of security engineers working to mitigate risk
Defines roadmap for particular functional area as a part of broader org strategy
Will be an expert on the strategy, strengths and weaknesses of this particular part of their security program – from technology to people resources
How is NTT Data currently using Okta?
How they’re using Okta:
NTT DATA deployed Okta to its global employees, implementing Single Sign-On first to prioritize user experience.
NTT DATA also deployed Okta Workflows to manage the employee lifecycle and integrated it with Office 365 to take the complexity out of identity creation.
Okta Workflows is key to powering the company’s entire onboarding flow, and has enabled NTT DATA to optimize costs by automating processes and focusing human resources on other initiatives.
-120k+ employees across 50 countries
-reduce error-prone manual joiner/mover/leaver tasks
-future plans for passwordless, MFA for all apps in Okta
Name 3 (of the 5) types of resources our buyers are tasked with securing?
–Cloud apps
–On-prem apps
–Infrastructure
–Networks / VPN
–APIs
What are Okta's (3) key differentiators?
Security for hybrid IT environments to any resource type (apps and servers on-prem, or in the cloud)
User experience - ease of deployment for admins, seamless for end users → accelerates workforce adoption which is usually difficult for any mandated security solution
Breadth of integrations for all security use cases - MFA factors, device integrations, Risk-based auth/fraud solutions
How many pre-built integrations does Okta have with best of breed solutions?
7,000+
Balancing the best tools with limited resources to manage them. They will need to get the right resources in to mitigate risk and respond to threats, but do so in a way that’s scalable for the organization. Tools left unmanaged could lead to additional threats
Regarding the Fedex customer story, fill in the blanks (2).
___ critical apps integrated into Okta in ____ (timeframe), in the face of COVID-19 work-from-home demands.
Five critical apps integrated into Okta in 36 hours, in the face of COVID-19 work-from-home demands