Okta’s Competitive Win Rates and Renewal Rates Weren’t Impacted by the Lapsus$ Hack
Okta’s competitive win rates and renewal rates weren’t measurably impacted by the Lapsus$ cyberattack that came to light in March, according to CEO Todd McKinnon.
See Also: A Guide to Passwordless Anywhere
McKinnon says he looked individually through hundreds of customers and prospect opportunities in Salesforce to see if any of the potential sales were delayed or cancelled due to the breach, which was only revealed when Lapsus$ posted screenshots to its Telegram channel of Okta customer data. But the deep dive into customer data didn’t yield any tangible impacts, according to McKinnon (see: Okta’s Data Breach Debacle After Lapsus$ Attack: Postmortem).
“We’ve looked, and we can’t see any quantifiable impact,” McKinnon tells investors during an earnings conference call Thursday. “I was really surprised as to the lack of anything [in Salesforce] about Lapsus$ impacting the business.”
Okta Chief Financial Officer Brett Tighe says the San Francisco-based identity and access management giant is at all-time highs for gross retention in its current fiscal year, which began Feb. 1. In addition, the linearity of Okta’s business in the fiscal quarter ended April 30 was identical to previous fiscal years. Lapsus$ revealed the attack on March 22, two months after Okta became aware of the compromise.
“There was no degradation from the incident,” Tighe tells investors Thursday. “Believe us, we’ve looked. And obviously, we’re going to continue to look.”
Okta said in late March that data for as many as 366 of its customers might have been “acted upon” following the Lapsus$ cyberattack. But a month later, the company determined that just two Okta customers had their tenants accessed and applications like Slack and Jira viewed by Lapsus$ during the January cyberattack.
Having the Difficult Conversations
Once news of the attack became public, Okta’s management team talked to more than 1,000 customers and McKinnon says he personally spoke with more than 400 clients to describe what happen, listen to customer concerns, and answer questions. Going forward, he says Okta will require robust security measures from third-party service providers and implement better processes for communications.
“The level of conversations and the people we engaged with in these customers and prospective customers was incredibly senior,” McKinnon says. “And the conversations, after some initial communication and feedback, became very strategic.”
Okta has traditionally excelled at having high-level conversations with IT and security stakeholders in customer organizations, McKinnon says. But following the breach, McKinnon says Okta ended up having management and board-level conversations with customers on topics the company hasn’t traditionally talked about as much like risk and compliance.
“I think we did a good job of instilling confidence because customers do want to partner, and they want a long-term partners, and I think we were able to show them that we were that partner,” McKinnon says.
Okta on Wednesday hosted in its offices the global chief information officer and the entire executive team from one of the major branches of the U.S. armed forces for the entire day to discuss what the future of identity is going to look like, according to Chief Operating Officer Frederic Kerrest. Identity has become a priority for C-level executives as the volume of software continues to proliferate.
“A lot of these large organizations are literally saying, ‘I’m looking for a foundational partner around identity to build out my infrastructure,'” Kerrest tells investors Thursday. “These are just the kinds of conversations that frankly – regardless of what happened in Q1 with the security event – we were not having six or 12 months ago.”
Identity Governance, Privileged Access on the Horizon
McKinnon says Okta is getting closer to launching its first-ever identity governance product that will bring the company into direct competition with the likes of SailPoint. The company saw great success with its early access program and plans to initially launch Okta Identity Governance in North America. This proved to McKinnon that customers want to buy and find value in Okta’s new governance product.
“What the customers want is one integrated platform that will provide access management across all of their services and products and also do governance and reporting,” McKinnon says. “So that’s the platform we’re building.”
Okta’s decision to add a few more features to its server access management product has delayed the launch of the company’s inaugural privileged access management product by a couple of quarters, he says. The company announced in spring 2021 that it would debut identity governance and privileged access products in early 2022, with the later bringing Okta into competition with CyberArk and BeyondTrust.
“We’re excited about both areas,” McKinnon says. “The whole converged platform story is really coming together, and we’re excited about that.”
McKinnon claims that aren’t currently a lot of good solutions in either IGA or PAM, with many customers only adopting IGA in pockets or finding that it doesn’t cover all the resources and workloads they want to cover. Similarly, McKinnon said the incumbent PAM offerings work in a legacy on-premises environment but struggle to address the cloud-based technology needs of modern organizations.
“What it’s going to take to get those customers to be buyers [of Okta] is to build a great product,” McKinnon says. “We’re focused on the next generation, the new projects, the new initiatives, and we’re going to need a better product for that.”
Rising Sales and Losses
|Okta||Quarter Ended April 30 2022||Quarter Ended April 30 2021||Change|
|Professional Services Revenue||$17M||$10.9M||55.3%|
|Loss Per Share||$1.56||$0.83||-88%|
|Non-GAAP Net Loss||$42.6M||$13M||-228.1%|
|Non-GAAP Loss Per Share||$0.27||$0.10||-170%|
Okta continues to enjoy some of the strongest growth rates of any publicly-traded security vendor. But that growth has come at a cost, with Okta’s losses climbing sharply as compared with this time last year. And like many other security vendors, it isn’t turning a GAAP profit yet.
Okta’s revenue of $415 million in the quarter ended April 30 crushed Seeking Alpha’s sales estimate of $388.8 million. And the company’s non-GAAP loss of $0.27 per share beat Seeking Alpha’s non-GAAP loss estimate of $0.34 per share.
The company’s stock is up $14.11 – 15.06% – to $107.79 per share in after-hours trading Thursday. That’s the highest Okta’s stock has traded since May 5.
For the quarter ending July 31, Okta expects non-GAAP net loss of $0.31 to $0.32 per share on revenue of between $428 million and $430 million, representing a year-over-year growth rate of 36%. Analysts had been expecting non-GAAP net loss of $0.34 per share on sales of $422.8 million.