At Okta, we run compliance differently. Most organizations place compliance under either the legal or finance team, who don’t work with their security team to ensure those controls are implemented effectively. At Okta, we use security to drive compliance. Compliance is complex and regulations are a moving target, with GDPR and other privacy standards demanding significant changes from organizations. Okta continually increases its regulatory and compliance scope to meet the growing needs of our customers and help their IT teams focus on more strategic work. We flipped compliance on its head Traditionally, engineers implement each control framework individually—a method that doesn’t scale and isn’t secure. Frameworks can have competing requirements: financial regulations may have you remove accounts that aren’t being used, whereas FedRAMP asks that you to retain them. At Okta, we look at our environment and map it back to the controls, instead of applying controls to our environment.