• Business

    Okta layers agents onto its identity security fabric

    AnyFans Posted on

    Okta layers agents onto its identity security fabric

    Instead of joining in on the artificial intelligence spree, Okta Inc.’s approach to agentic AI has been focused on governance and the thoughtful implementation of an identity security fabric.
    At Okta’s Oktane 2025 event, the identity-management company announced the upcoming launch of Verifiable Digital Credentials, an open standard that enables users to issue and verify tamper-proof, reusable identity data. Healthcare and government have been the quickest sectors to adopt this kind of technology, according to Vivek Raman (pictured), vice president and general manager of Okta Personal, a free password manager, at Okta.
    “I’ll give you an example,” he said in an interview with theCUBE. “If I want to go to the liquor store and buy a bottle of wine, which I’ll probably do after this interview, today I hand over my driver’s license, which has my full name, my home address, my photo [and] all that stuff, where all they really need to know is am I over 21 or not? Selective disclosure with verifiable credentials lets you, the user, be in control of what data you share.”
    Raman spoke with theCUBE’s Rebecca Knight and Jackie McGuire at Okta’s Oktane 2025 event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the use cases for VDCs and the impact of agentic AI on enterprise security. (* Disclosure below.)
    Here’s theCUBE’s complete video interview with Vivek Raman:
    Plus, here are three key insights you may have missed from Okta’s Oktane 2025 event:
    Insight #1: Agentic AI requires stiffer security.
    There is a new generation of employees entering the workforce — AI agents. As companies adopt autonomous workflows, security is becoming a pervasive issue. Okta is focused on securing both human and nonhuman identities through solutions such as Okta’s new platform for AI agents that integrates agents into an identity security fabric.
    “When you think about the three different key features of zero trust, the fact that you need a secure identity, you want to be able to implement least privilege, you want to be able to continuously monitor what they’re doing, all three of those elements apply equally to all of those identity types,” said David Bradbury, chief security officer of Okta. “But specifically when you think about agentic AI, it is absolutely critical to get those things right if you are ever going to manage and govern those things.”
    This idea of “zero-trust” is essential for integrating agents, which have access to many different parts of an organization. If the agentic layer is compromised, the consequences could be serious. Bradbury noted that people have been “cutting corners” on security in the rush to implement new AI technology, and he emphasized that security is more important than ever.
    “Token proliferation is going to be a really big challenge because we’re all going to have dozens of these agents and each agent wants to connect to everything,” he said. “It’s going to pop up and ask you to approve Google Drive access, Slack access, Zoom access, so many different applications it wants to be able to talk to.”
    Okta has partnered with Accenture PLC to deliver its identity-management services to clients. AI agents pose new problems to enterprise security, according to Damon McDougald, global cyber protection lead at Accenture. Over the last year, he has seen a 16% increase in Common Vulnerabilities and Exposures as AI technologies spread across the enterprise world.
    “When you think about AI coming into that mix and folks historically securing their businesses of human identities, the big question is how do you secure the non-human identities?” asked Alex Valenzuela, vice president of the Americas partners and alliances at Okta, in an interview alongside McDougald. “How do you govern them? How do you provide them access to the right applications at the right time? That’s a big question today.”
    Here’s theCUBE’s complete video interview with David Bradbury:
    And here’s theCUBE’s interview with Damon McDougald and Alex Valezuela:
    Insight #2: Having an identity security fabric is essential.
    Okta’s goal is to focus on the governance of AI agents over needless experimentation. Okta for AI Agents includes Universal Directory for agent registration and ownership attribution, Security Posture Management for identifying exposed credentials and at-risk agents, and Okta Privileged Access, which enforces least-privilege access.
    “I am very aware of doing AI at Okta as a security company,” said Jenna Cline, senior vice president of business technology at Okta. “But any enterprise IT team is going through the same thing. How do we make it real? When we started, we took a slower approach. We launched an AI governance committee right away to ask questions, understand … what we didn’t know.”
    Prior to scaling up its AI tools, Okta formed an AI governance committee and united its data and technology teams under one umbrella. The close collaboration enabled the company to build better data pipelines for its AI models and accelerate its AI adoption smoothly.
    Okta takes a design-first approach to creating an identity security fabric that is unified and centered on the user experience, according to Kristen Swanson, SVP of design and research at Okta. The company has used AI to automate governance campaigns and detect risk immediately.
    “When you’re using identity security, you don’t want to think about, ‘Does this tool talk to this tool?’ You just want it to work. That’s really what the [identity security fabric] is all about,” she told theCUBE.
    Here’s theCUBE’s complete video interview with Jenna Cline:
    And here is theCUBE’s interview with Kristen Swanson:
    Insight #3: Data management and AI agents are inseparable.
    AI models need good data to stay on track. Okta’s strategy has been a design-first identity security fabric and the careful implementation of agentic AI. One of its partners, Box Inc., manages unstructured data securely and uses it to power AI applications.
    “Everything we’ve done for a long time all revolves around unstructured data,” said Ben Kus, chief technology officer of Box. “In this world, thinking about not structured data and databases, but unstructured data, things like in files and content, images, audio, video documents. Our job is to secure it, to collaborate with it and then now to be able to provide AI on top of your unstructured data.”
    Automating data and identity management is all a part of Okta’s vision for a strong identity security fabric. It recently created an open standard, Cross App Access, that extends OAuth to secure agent-driven and app-to-app interactions. VDC will follow that up in 2027, further building toward Raman’s idea of a world where people can (virtually) carry around different identities.
    “We think that in the future … you’re going to have a bunch of different VDCs that you hold and that kind of will make up your personal identity,” Raman said. “It’ll be my government-issued ID, my driver’s license, my passport, my proof of employment, maybe some professional certifications and things like that. I’ll choose what context and who I want to share it with.”
    Here’s theCUBE’s complete video interview with Ben Kus:
    To watch more of theCUBE’s coverage of Okta’s Oktane 2025, here’s our complete event video playlist:
    (* Disclosure: TheCUBE is a paid media partner for Okta’s Oktane event. Neither Okta Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
    Photo: SiliconANGLE