Okta CEO Todd McKinnon, during the company’s Q3 earnings call, addressed recent security concerns following a series of cyberattacks, including a significant breach of their customer support system. McKinnon emphasized that securing Okta and its customers is the organization’s top priority and acknowledged the need for improved security measures.
McKinnon highlighted the company’s resilience in the face of the late-September cyberattack, stating Okta’s commitment to protect its current and future customers. Despite the challenges, Okta reported customer retention in the mid-90% range and a 10% year-over-year growth in its customer base, reaching 18,800 customers by the end of October.
The earnings call focused significantly on Okta’s security posture, with McKinnon admitting that while the company has been specific and mature in product infrastructure security, its overall IT and company operations security needs further development. He acknowledged that Okta must enhance its defense strategies against increasingly sophisticated cyber threats.
Okta initiated “Program Bedrock,” a 90-day security-focused initiative encompassing four key areas:
- Encouraging employee contributions to security enhancements.
- Consulting with top security experts for architectural advice.
- Cultivating a company-wide culture prioritizing security.
- Balancing product development with customer security assurance.
This program is intended to provide clarity and focus on security as the foremost priority. Okta’s leadership believes this intensive effort will significantly reduce security risks.
The recent attack on Okta’s support system and other incidents have led to a strategic shift within the company, putting security at the forefront of its operational focus. As part of this shift, Okta has temporarily paused all new product developments through winter 2024 to concentrate fully on enhancing security measures.
McKinnon stressed that while the task of securing Okta’s ecosystem is ongoing, no project or product development area is currently more important. The company is comprehensively reviewing its applications, hardware, and vendor relationships to identify and address any gaps in security measures.