Okta Acquisition of Auth0 Signals DevSecOps Shift Left

A pending $6.5 billion acquisition of Auth0 by Okta, announced this week, indicates the potential for a building wave of mergers and acquisitions driven by the rise of DevSecOps.

As developers assume more responsibility for security, the influence they exert over technology decisions – once left solely up to cybersecurity teams – is increasing. Auth0 is designed to provide developers with authentication and authorization services that can be easily embedded within an application.

Okta, in contrast, makes available similar services that, at their core, are aimed more at cybersecurity teams trying to enforce policies via a single sign-on platform. Okta makes available application programming interfaces (APIs) that developers can invoke, but the integration within an application is not as rich or deep as Auth0, said Mitch Ashley, CEO and managing analyst for Accelerated Strategies Group (ASG).

“Auth0 is built more into the overall user experience of the application,” Ashley said.

Overall, the identity market is valued at approximately $55 billion. Interest in identity management has risen sharply in the wake of the COVID-19 pandemic. With more employees working from home, it quickly became apparent that organizations could not simply trust that anyone accessing applications behind a firewall was a legitimate user. Now, a more modern approach to security is required, especially since it’s clear employees will continue working remotely, even after COVID-19 vaccines are widely distributed.

The challenge organizations face is myriad legacy systems, that are still being accessed via passwords, that organizations need to secure alongside emerging cloud-native applications. That creates a need for a more federated approach to managing identity across multiple platforms; that need is expected to drive additional mergers and acquisitions.

Besides Okta, there are a number of vendors jockeying for position as the identity access management (IAM) market continues to evolve. Everyone from behemoths like Microsoft and Cisco to smaller players, such as Strata, JumpCloud and Silverfort, are scrambling to gain a foothold in the market. In many instances, the line between where one vendor’s IAM platform ends and another begins is blurred as the number of integrations between disparate IAM platforms grows.

In the longer term, it’s also not clear to what degree internal IT teams will be managing identity versus relying on an external service to, for example, manage multifactor authentication.

Regardless of the path forward, the overall state of cybersecurity should improve. Often, the only thing that stands between a cybercriminal and their ability to access an application is a password. Given the volume of phishing attacks launched daily, many of those passwords have already been compromised. A survey of 425 IT professionals published by HYPR, a joint venture created by Comcast, Samsung and Mastercard to eliminate the need for passwords, finds 90% of respondents experienced phishing attacks against their organization in 2020. Despite all these attacks, however, nearly half of the survey respondents (48%) said they still lack a passwordless solution.

The biggest challenge, therefore, may not be the relentless attacks launched by cybercriminals, but, rather, simple organizational inertia; that makes moving beyond reliance on passwords as the primary means for authenticating end users such a challenge.

Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 745 posts and counting.See all posts by mike-vizard