Okta and the LAPSUS$ Breach
Early TSIS Data and ETR Community Reaction to the Okta Hack
Identity and access management company Okta made headlines recently when hacker group LAPSUS$ posted screenshots on March 22, 2022, as evidence that they had breached the vendor via a third party. Okta’s public acknowledgment of the attack has been called slow and reluctant by many industry participants, with Okta executives admitting on March 25, 2022, to a full timeline of events that reveals the initial breach occurred in late January and has affected more than 350 of its customers.
We have been following the events closely at ETR, curious to see if customer opinion about Okta would be impacted, and subsequently, if spending intentions for the vendor may drop in upcoming cycles of the ETR Technology Spending Intentions Survey (TSIS). The April 2022 TSIS is currently in the field, and that gave us an opportunity to observe changes in the data for Okta as survey responses rolled in.
The early conclusion: IT decision makers completing their survey in the days after the breach announcement seem to be indicating more negative spending intentions than those completing the survey prior (see Figure 1).
Figure 1. Daily and cumulative Net Score for Okta in the April 2022 ETR Technology Spending Intentions Survey, highlighting Net Score changes before and after March 22, when news broke of Okta’s breach by hacker group LAPSUS$.
The blue line in Figure 1 represents the daily Net Score for Okta during the current TSIS survey period, while the red line represents the cumulative Net Score up until March 22, and the green line represents its Net Score after March 22. Up until March 22, Okta’s daily Net Score in the current TSIS survey period was never negative, meaning there were zero days in the 15 days of the survey being live where there were more negative spending intentions indicated for Okta than positive. From March 23 to 31, however, there were two negative Net Score days out of nine. Prior to March 23, only three survey respondents indicated an intention to Replace Okta, but by March 31 there were eight total Replace indications for the vendor. The cumulative Net Score from March 8 to March 22 was 56% for Okta, but the cumulative Net Score from March 23 to 31 was 44%. This means that the cumulative Net Score after March 22 had a greater proportion of negative and flat spending intentions than positive intentions compared to pre-March 22. Though anecdotal and a small sample, are these data the beginning of a longer-term trend of declining spend intention for Okta or just a blip for the company?
So far, the Okta breach does not appear to be nearly as widespread or severe as the SolarWinds breach in late 2020, which has been called “the largest and most sophisticated attack the world has ever seen” by Microsoft president Brad Smith. Following that breach, which affected as many as 18,000 customers, ETR saw spending intentions for SolarWinds plummet, with its Net Score dropping from 11.6% in October 2020 to an all-time low of -18.8% by April 2021 and replacement indications tripling in that 6-month time frame.
While the immediate impact on Okta's forward-looking spend intent appears to be muted, for now, the real test will come during renewal time. With Identity access being such an integral aspect of a security regime, switching vendors is not a light decision to make; however, one would anticipate some difficult conversations between the vendor and its clients going forward. To that end, the ETR INisghts team hosted a panel of 4 Okta customers this week to dig deeper into their reactions to the breach, how the situation had been handled, and their sentiment towards the vendor.
Please contact ETR at service@etr.ai to request the full Okta Breach report and the ETR Insights Panel summary. ETR subscribers and community members can view the Panel summary HERE.
If you are not currently a subscriber and would like to gain access to the ETR Data and Research platform, you can start your own FREE TRIAL today.
Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to bring you actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai