ETR Insights presents an interview with an Executive Director of Information Security and Risk Management, who offers their perspective on Okta’s recent security breach and the influence of a timely response on public perception. They discuss the implications of rising product costs and ROI concerns around the vendor, while ETR offers a sneak peek at the preliminary April 2024 Technology Spending Intentions Survey (TSIS) data for the company.
Okta Breach. Discussing Okta's security breaches, our guest highlights the significance of the issue, especially for non-cybersecurity professionals. “If you're in the executive suite of a company and you sit on the IT governance board, you realize that, ‘Oh, God, my credentials are being exposed. That actually would drive a lot of the issues and a lot of the negative perceptions related to Okta.” They also raised concerns about Okta's timeliness in addressing the breach – tied to sensitive HTTP web files uploaded by customers – and were particularly surprised considering new SEC rules on cybersecurity disclosure. “I read that Okta was notified earlier by another company, BeyondTrust, but they didn't do anything. I think that gives the perception that they are slow to respond to major incidents.”
Rising product costs and ROI concerns have emerged as factors in product replacement; ETR data indicates that product security is a growing concern, with 26% of respondents citing security as a reason for replacement. With many competitors, this may pressure Okta. “It depends on how they handle future contract negotiations. A lot of people will look at this and basically say, ‘I'm going to use this to my advantage when I'm renewing the license.’” Our guest is dissatisfied with how certain features, particularly those around security monitoring, are now being offered as add-ons at an additional charge. “[Following an earlier breach], Okta created a service that would use AI to detect abnormal patterns within the system log and inform us, then they turned around and added it on as a service and sold it back. It's disappointing.”
Despite the broad negativity expressed in general news outlets and Media, Okta might still be the best game in town according to this IT executive; however, ITDMs continue to express increasing frustration with the costs of the tools and service. Our guest adds, “Okta is still the best-of-breed. My disappointment with Okta personally is that while they are the best-in-breed and have a lot of features, recently, especially with those features related to security monitoring, they make them an add-on service – and they charge us for that.”
ETR Data: Okta's Net Score in the April 2024 Technology Spending Intentions Survey (TSIS) has reached all-time lows of 32% following three consecutive declines driven by increasing negative spend intentions being captured. Isolating to C-Suite respondents (N=110 as of press time), the data gets materially worse with a Net Score of 18% driven by a massive 13% Replacement rate, which is 2x higher than the previous survey. Despite the teflon appearance of being best of breed, the ITDM community is voting against that notion with their future dollars.
The data shown above is still preliminary. The APR24 TSIS will officially close on April 4th, at which time we will prepare a full report for Okta and hundreds of other leading enterprise technology vendors. Clients can access the reports on our Research platform. If you are not yet a client or community member and would like to evaluate our market research services for yourself, you can request a free trial here.
Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to provide actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai
The
plotting of vendors across the Observatory Scope is supported wholly by ETR’s
exclusive market intelligence and spending intentions data sets (see Figure 1
above). Most vectors in this period were evenly distributed and populated, with
three data-plotted vectors consisting of five vendors and only the Tracking
vendor having one. Based on the results of this Market Array period, the
Leading vector consisted of CrowdStrike Falcon Cloud
Security, Zscaler Posture Control, Microsoft Defender for Cloud, Palo Alto
Prisma Cloud, and Tenable Cloud Security (listed by highest Momentum
positioning first).
The entirety of the Advancing vector
showed very impressive positioning, with almost every vendor borderline crossing
into the Leading category, with all coming up just shy due to slightly lower
Presence levels than its aforementioned peers in this marketplace. These
vendors included Wiz, Rapid7 InsightsCloudSec,
SentinelOne PingSafe, CheckPoint CloudGuard, and Dynatrace / Runecast (again
listed by the highest Momentum positioning first). It should be noted that Wiz
had the highest Momentum of the entire survey, and the CNAPP tools for Rapid7,
SentinelOne, and CheckPoint captured Momentum levels that were in line with the
majority of the Leading vector peers.
Cisco was the lone vendor occupying
the Tracking vector in this Market Array survey with their Cloud Security /
Panoptica tool. Cisco captured enough Momentum to enter the right half of this scope
but fell slightly short in Momentum to break into the Leading vector this time.
In this ETR Observatory, numerous vendors, including Trend
Micro Vision One, Orca, Lacework, Sophos Cloud Optix, and Aqua Security
(listed in Momentum order), are in the Pursuing vector based on relational
plotting of the Momentum and Presence data versus the other CNAPP vendors.
From this group, Trend Micro captured the
highest Momentum and Presence. Orca had the second-highest Momentum and Sophos
exhibited the second-highest Presence from this grouping. In general, the
appearance of Orca, Lacework, and Aqua Security as private names that ETR
tracks in our Emerging Technology Survey (ETS) is an impressive feat, given
that the companies garnered enough spending and evaluation citations in this
survey against a field populated with such large and more mature competitors