Customer Challenge
Competition
Objections/Talk Tracks
Personas
Customer Stories
100

When thinking about a security decision maker (CISOs, VP of Security, etc) what goals are they trying to accomplish with a security solution?

  1. Enable the business to quickly adopt new technology
  2. Remove user friction while also mitigating risk and protecting privacy

  3. Do 1 and 2 at global scale, and with scarce resources (scarcity across people/talent as well as funds)

100

Besides a specific product, what is Okta's number one competitor? 

"Doing nothing" or competing priorities 

100

When speaking to a prospect about the challenges of different user types and lack of controls, you might bring up UD, how would you pitch this? 

  • Okta Universal Directory enables easy integration across a range of directories/systems of record, the ability to store users directly in the cloud at much lower cost, as well as the ability to federate partner identities.

100

Security buyers like the CISO, CSO, S/VP of InfoSec, etc. are responsible for... 

CISO, CSO, SVP of InfoSec type titles act as the economic buyer for a business. They care about: 

-Protecting the business against cyber threats

-Positively influencing other parts of the business to make security-conscious decisions

-Enabling business growth and operation, safely

100

For Fedex, what initially spurred the search for an identity solution? 

FedEx modernized its IT infrastructure using the latest development tools, but its complex identity and access management infrastructure presented continued friction for software developers and end users, as well as obstacles for M&A integrations.

200

What is a type of risk that security leaders are being asked to protect against in a rapidly evolving threat landscape?

 Phishing & brute force attacks 

Supply chain hacks 

Ransomware-as-a-service

200

What are the three main challenges business' face with Microsoft? 

Microsoft

  • Hidden costs / high TCO

  • Slow time to value

  • Outages + downtime

200

If a prospect discloses that they do not currently have a good way to identify and respond to potential identity threats, specifically in an automated fashion, you might bring up Okta's MFA solution. How would you pitch this? 

Okta Adaptive Multi-Factor Authentication can detect behavioral changes and allow organizations to set policies to prompt for high assurance factor(s) prior to allowing access

200

Name two of the five primary job responsibilities for Security Architects. 

These individuals are focused on the design/build as it pertains to security. They care about: 

-Analyzing the technology environment, including potential areas of risk and setting requirements

-Setting the defensive framework and architecture

-Creating a solution prototype

-Participating in technology selection

-Controlling solution development and supporting project management

200

How is Fedex currently using Okta? 

How they’re using Okta: 

The FedEx Zero Trust security model focuses on verifying users and devices. Okta Adaptive Multi-Factor Authentication adds flexible and contextual verification requirements for users. To increase endpoint security, the team is exploring device monitoring with Okta Platform Services.

Using Okta Universal Directory, FedEx aggregates identities from multiple user repositories, simplifying new acquisitions. The team manages access across the company with a single policy engine and the resulting data helps them identify suspicious behavior and make proactive policy decisions.

Okta’s many partner integrations strengthen the Zero Trust strategy and its partnership with F5 helps FedEx bridge Zero Trust to on-prem applications. FedEx is positioned to decommission its legacy IAM solutions, integrating SaaS, cloud native, and on-prem apps into a single cloud.

-340k FedEx team members worldwide, 

-250+ SaaS, cloud-native, and legacy on-prem apps integrated, 

-Adaptive policies for device state, 

-Consolidate policies for any user type in Okta

300

When we talk about "enabling a business to use new technology" what are we typically referring to? 

Typically we are referring to a growing and evolving business adding new cloud applications to their technology stack. 

 + Businesses need “Work anywhere” productivity 


300

A common approach from businesses is to prioritize security initiatives outside of identity. Why should they prioritize identity? 


  • There are countless breach statistics we could cite here: the leading cause of data breaches involve credentials (e.g. 61% of all breaches involved credentials, Verizon Data Breach Investigation Report 2021). Starting with identity mitigates a major risk vector for an organization, and can help leaders show progress toward a stronger, more modern security posture.

Industry experts like Forrester recommend starting with identity as a part of a broader Zero Trust security strategy (share Forrester Report March 2021: A Practical Guide to a Zero Trust Implementation). Okta is also integrated with other leading vendors across the security stack, from EDR/MDM (devices), to ZTNA and other networking vendors, to SIEM/SOAR tools and more, allowing you to set a strong foundation that will be interoperable with your preferred tools across the stack.


The Zero Trust security model is quickly gaining popularity. But many security leaders don’t know where to start putting it into practice at their organization. The great news is that you can build Zero Trust on top of the security tools you already have in place so you don’t have to start from scratch.

Forrester found that enterprises make rapid risk reductions by focusing on improving identity management and device security. These two core components of the Zero Trust eXtended (ZTX) ecosystem build confidence with executives that the organization can realize security benefits from its Zero Trust program quickly.


300

A common objection from prospects is not understanding the value of investing in identity, what points could you make to combat this objection? 

  • The leading cause of data breaches involve credentials. Starting with identity mitigates a major risk vector for an organization, and can help leaders show progress toward a stronger, more modern security posture.

  • Industry experts like Forrester recommend starting with identity as a part of a broader Zero Trust security strategy. 

300

"Influencers" in a workforce deal who care about strategy for a portion of the security program, might hold titles like... (name 2) 

-Sr/Dir of Information Security

-Sr/Director of Infrastructure Security 

-Security Operations 

-Identity Security 

-Sec Ops Engineer

300

What identity challenges spurred NTT Data to explore a solution like Okta? 

Onboarding, role changes, and offboarding posed challenges with highly manual processes, and name conflicts were common in an organization of over 120,000 employees. 

NTT DATA needed to control risk in a more effective manner, implementing security in a seamless way to improve user experience and collaboration.

400

When we talk about "removing user friction" as a priority for security personas, what are some examples we could be referring to? 

Eliminating barriers like lengthy password reset processes and enabling first day access to necessary work applications. 

400

What advantages does Okta provide over IAM and MFA vendors like Ping and Duo? (3)


  • Depth of pre-integration across both resources + security stack

  • Agility: cloud-first, unified platform approach

  • Security + compliance (FedRAMP Moderate ATO, HIPAA attestation, etc.)

400

What questions could you ask to uncover if your prospect does indeed have an identity problem? (Come up with 2)


  • What users are currently accessing your systems? Are their access controls consistently managed and protected?

  • What resources do your users access (including apps, infrastructure, APIs, networks, both cloud and on-prem)? Are those resources all connected to your identity system?

  • How do you handle deprovisioning today? Is that manual, partially automated, or fully automated?

  • How do you currently identify and respond to potential identity threats? Do you have an automated mechanism for this?

400

Name 2 of the 4 responsibilities for people with a title of Infosec/ Security Operations

Oversee strategy and execution for a portion of the security program, e.g. Infrastructure, Operations, Identity, Network

Builds/owns/leads team of security engineers working to mitigate risk

Defines roadmap for particular functional area as a part of broader org strategy

Will be an expert on the strategy, strengths and weaknesses of this particular part of their security program – from technology to people resources

400

How is NTT Data currently using Okta? 

How they’re using Okta: 

NTT DATA deployed Okta to its global employees, implementing Single Sign-On first to prioritize user experience.

NTT DATA also deployed Okta Workflows to manage the employee lifecycle and integrated it with Office 365 to take the complexity out of identity creation.

Okta Workflows is key to powering the company’s entire onboarding flow, and has enabled NTT DATA to optimize costs by automating processes and focusing human resources on other initiatives.


-120k+ employees across 50 countries

-reduce error-prone manual joiner/mover/leaver tasks

-future plans for passwordless, MFA for all apps in Okta

500

Name 3 (of the 5) types of resources our buyers are tasked with securing? 

–Cloud apps

–On-prem apps

–Infrastructure

–Networks / VPN

–APIs

500

What are Okta's (3) key differentiators? 

  • Security for hybrid IT environments to any resource type (apps and servers on-prem, or in the cloud)

  • User experience - ease of deployment for admins, seamless for end users → accelerates workforce adoption which is usually difficult for any mandated security solution 

  • Breadth of integrations for all security use cases - MFA factors, device integrations, Risk-based auth/fraud solutions

500

How many pre-built integrations does Okta have with best of breed solutions? 

7,000+

500
According to the study guide, what keeps security architects up at night? What is their number 1 concern? 

Balancing the best tools with limited resources to manage them. They will need to get the right resources in to mitigate risk and respond to threats, but do so in a way that’s scalable for the organization. Tools left unmanaged could lead to additional threats

500

Regarding the Fedex customer story, fill in the blanks (2). 

___ critical apps integrated into Okta in ____ (timeframe), in the face of COVID-19 work-from-home demands. 


Five critical apps integrated into Okta in 36 hours, in the face of COVID-19 work-from-home demands

M
e
n
u