Identity & Access Management , Security Operations
Okta Security Push Pays Dividends Following String of Issues
Credential Stuffing Plummets, More Malicious Requests Detected Amid Huge InvestmentOkta's 90-day push to improve its security architecture and operations following a crippling October 2023 data breach has delivered quick results, CEO Todd McKinnon said.
See Also: OnDemand | What’s Missing in Your Identity First Security Strategy?: Lessons from an ISMG Survey
The San Francisco-based identity behemoth has over the past quarter reduced credential stuffing attempts and malicious bot traffic for its largest customers by more than 90%, McKinnon told investors Wednesday. Okta has detected and prevented 2 billion malicious requests in the last 30 days alone, and all company staff now authenticate their identity with a phishing-resistant, passwordless method.
"Security is our top priority as a company," McKinnon said. "This covers everything from driving a company culture with a security-first mindset to our own security architecture as well as our products and services."
Okta doubled down on security in November after disclosing that the attacker behind the company's fall 2023 data breach had stolen details for all users of its primary customer support system, including a list of customer support system usernames and contact details. As part of this effort, McKinnon said, Okta has both hardened its ancillary and corporate systems and further secured its products and services (see: Okta Delays New Products, Projects 90 Days to Boost Security).
The company has also strengthened its customer policies to help ensure Okta's tools are deployed using the company's best security practices. McKinnon said this includes both a heightened focus on having Okta's technology come out of the box secure by default as well as having new product capabilities that will proactively secure all identities in infrastructure through bets in areas such as identity threat protection.
"We're very excited about the specific identity security capabilities in our products and then elevating the entire industry to help protect against identity attacks," McKinnon said. "We want to make sure that customers specifically learn from our experience with this issue."
Embracing Proactive Protection Against Identity Attacks
McKinnon said the dozens of customer conversations he has had following Okta's data breach often focused initially on the specifics of what happened but quickly evolved to customers looking for advice on how to proactively boost their security posture and better protect themselves against identity attacks. Okta's executive team and go-to-market organization spent a lot of time dealing with fallout from the incident.
"We're continuing to be even more vocal and more proactive about communicating about security and specifically around how we can do more to help against overall identity-based attacks," McKinnon said.
Okta Chief Financial Officer Brett Tighe said the security incident likely had some impact on financial results for the most recent quarter, though the company wasn't able to quantify it. Although the impact wasn't visible in close rates or how results compared to guidance, McKinnon said an escalating security issue represents a headwind when attempting to close a strategic and complex customer transaction.
"We all need to do a better job of stepping up and proactively defending our customers."
– Todd McKinnon, CEO, Okta
McKinnon said Okta has been able to enhance both internal and customer security without breaking the bank by prioritizing labor and technology spend there as well as finding efficiencies in other areas. The company laid off 7% of its workforce - or about 400 workers - at the start of February as McKinnon looks to optimize cost structure by increasing headcount in high-talent, low-cost regions such as India and Poland (see: Okta Lays Off 400 Employees in Second Round of Dismissals).
"We all need to do a better job of stepping up and proactively defending our customers and the entire industry against identity-based attacks," McKinnon said. "You'll see a lot of the focus shifting toward that proactive level of dialogue and discourse versus more of that reactive that we started from in October."
Okta Results, Outlook Crush Guidance
Okta | Quarter Ended Jan. 31 2024 | Quarter Ended Jan. 31 2023 | Change |
---|---|---|---|
Total Revenue | $605M | $510M | 18.6% |
Subscription Revenue | $591M | $495M | 19.4% |
Professional Services Revenue | $14M | $15M | -6.7% |
Net Loss | $44M | $153M | 71.2% |
Diluted Loss Per Share | $0.26 | $0.95 | 72.6% |
Non-GAAP Earnings | $113M | $52M | 117.3% |
Diluted Non-GAAP Earnings Per Share | $0.63 | $0.30 | 110% |
Okta's revenue of $605 million in the quarter ended Jan. 31 beat Seeking Alpha's sales estimate of $587.6 million. And the company's non-GAAP earnings of $0.63 per share crushed Seeking Alpha's estimate of $0.51 per share.
For the full year, Okta's revenue surged to $2.26 billion, up 21.8% from $1.86 billion a year earlier. The company's net loss improved to $355 million, or $2.17 per share, 56.4% better than the net loss of $815 million, or $5.16 per share, recorded the year prior.
The company's stock skyrocketed $21.20 - 24.28% - to $108.50 per share after the market closed Wednesday. That's the highest Okta's stock has traded since April 29, 2022.
For the quarter ending April 30, Okta expects non-GAAP net income of $0.54 to $0.55 per share on revenue of between $603 million and $605 million, representing a year-over-year growth rate of 16% to 17%. Analysts had been expecting non-GAAP net income of $0.41 per share on sales of $584 million, according to Seeking Alpha.