Predictions on Identity’s role in 2024 from Okta Ventures portfolio leaders

Secure browsers. Frontline worker digital security. Identity security posture management. Verifiable credentials. Software secure by design.

At Okta Ventures, our interactions with visionary founders and teams give us a front-row seat to these new innovations. 

We asked eight founders for their perspectives on what is coming in 2024, and we got insights from around the world that we're sharing below. Enjoy! 

Predictions for 2024

Zheng Wei Quah, CEO, Accredify

8EgaHxeOTFJhznrwDYcAAIrBxZ6jwsumfsfuJSsbkJbYdN Cq3TuHFx MIo4wxcwgJ uoKT4ZPSZ6AibSNKWnBbFIzMmjOd4 A6SrV7CaLElczDb Pi7OE lvDg8AxpyITFCiy4NblgGQ Dz2 QRjWw

I look forward to seeing how enterprise digital Identity can help break the dilemma of choosing between security and accessibility. From our experience, Identity solutions have been effective in improving business security through products such as single sign-on (SSO) and multi-factor authentication (MFA). By coupling these with verifiable credentials, the industry can extend the proof of "who you are" to the proof of "what you have." If achieved, we can expect a world of hyper-automation where security and accessibility are no longer a balancing act.


Oliver Friedrichs, CEO, Pangea Security

LbrbPbCUdR7QLXPB4tSmyBV2o9vQO4w72gD6aeFMbJM8IkfokH7YGuPPAPgXnOx9tLXvF FAYBTomatz43XnPp3JR2GYANGX yU8VNH8vVsdnXCkw2B wcTUoDWoEfW8sRxipuCPtZl zzjAelyEHJE

With CISA’s Secure by Design guidance and the SEC charges against Solarwinds and Solarwinds’ CISO, the need for organizations to develop a secure software development lifecycle (SDLC) has never been more important. Car manufacturers, aerospace companies, and other crucial technologies face strict regulations, yet shipping poorly written software has no implications today. This will inevitably change as companies are increasingly being asked to attest to their secure SDLC practices. It will be imperative that organizations implement three main tenets of this secure SDLC: application hardening, security features, and secure by default. 

Application hardening ensures that applications are designed securely from the start, including architectural considerations and threat modeling. Security features ensure that applications provide a secure user experience, with robust authentication, authorization (RBAC, ABAC, ReBAC), a secure audit trail, a secret and cryptographic key store, secure file object storage, detection of PII that could be leaked, and more.

Secure by default ensures that important features like MFA are enabled by default and additional features like SSO are included at no charge. These needs will force security teams to shift even further left, collaborating with engineering to incorporate security into the very beginning of the SDLC.

Mohit Garg, CEO Oloid

ti980Yl A OiRnWIQgxHrxpCGoIT xcf F2d8NnQTLXrqdbNBJFGisKHdxLkZ20Sdh59FaIL2TuseeLpG9QcOWAZqkzFPU 0tPikMJ8 wqLCIk9eLzbnjX55H4a0qxK7pWH7UwCu3YRJ6Uk2g7Tuw 4

In 2024, advancements in frontline worker authentication will prioritize improved user experience and streamlined processes without compromising security. Tailored authentication solutions will emerge to address the unique needs of deskless workers — such as the adoption of passwordless methods to enhance app utilization and protect against phishing, account takeover (ATO), and man-in-the-middle (MITM) attacks. Automated, pre-verified credentials registration will simplify onboarding for high-turnover positions, while authentication methods will increasingly leverage natural factors like biometrics for secure access. Contextual authentication, incorporating factors such as location and time, will bolster security protocols. The convergence of physical and cybersecurity will intensify, particularly for deskless workers in labor-intensive sectors, with increased integration of physical Identity factors like RFID cards and NFC aligning with shared device models. Adaptive authentication, dynamically adjusting security levels based on perceived risk, will transition from an advanced feature to a mainstream, flexible framework. Presence detection capabilities will rise, especially in shared device environments, automatically signing out users when the device is no longer in use. Deviceless MFA options will gain traction, enabling compliance in environments where smartphones or hardware keys are not a viable option."

Moty Jacob, CEO Surf Security

YcbTr7upFsusn4Xk4rVv29yHXQdHEGfQVHdqEyoSQVUwnQIDQdIuZ72GgjjST5mAEr82Sy Cr1kCeZtOxrQG2nTVz3WHk3Uk 6EVhLeNfbALSsAO6qrY4MPxTGibS1hLc FimrOV5WwtBLPyD8qoSWQ

As we stride into 2024, we envision a transformative shift in the cybersecurity Identity landscape. Identity-driven browsers are bringing common sense to architecture, allowing users direct access to on-premises and SaaS applications with enhanced security controls. Empowering organizations to dictate browser functionalities, such as copy, cut-paste, data masking, and redaction, heralds a new era where information flow is under enterprise control and governance, reshaping the future of secure Identity management. This aligns with Gartner's projection that, by 2025, enterprise browsers or extensions will be featured in 25% of web security competitive situations, up from less than 5% today.


Matt Chiodi, CSO Cerby

3f4MWNpfnT9FaVGWCalTsI5vQ810FtiJgWcBUcvLJcq8WD2CVMkYH iE3IgpJCXH3zNq2rgAUSIicIRZJqtNXMsShfYnb yj6fbV 7 50zMz0BHopA4VrnJTzzhfvacbnQFzq4Jxoy9CK5JIVq93yos

In 2024, AI-driven cyberattacks will grow more sophisticated, leading to a rise in zero-day exploits. This trend underscores a critical challenge: securing nonstandard applications that often lack support for essential security standards like Security Assertion Markup Language (SAML) for authentication and System for Cross-domain Identity Management (SCIM) for automated onboarding and offboarding of access. 

According to research from the Ponemon Institute, fifty-two percent of organizations have experienced cybersecurity incidents caused by nonstandard applications. A lack of support for standards means they are likely to become prime targets for AI-enabled attackers.

Businesses must respond by integrating these nonstandard applications into their Identity security strategies. This will involve deploying advanced Identity-protection mechanisms that go beyond basic security measures and ensure nonstandard applications are integrated into Identity platforms like Okta. Implementing MFA, AI-powered anomaly detection, and real-time monitoring will be crucial in safeguarding against these emerging threats.


Maor Bin, CEO Adaptive Shield

v4 IPP7M2wIMtvRuLKiMT pOBvn1AaqBp6XACZEDJWuvTH01dbDu BRn39BaaBU2IKZBFAmmCQsCD mYNvTYgO0IznX72mvoOSRvsWbRPx4tiozf0SuyTUJo0cKHn9eo2kv8Pm3FBFGYry4k2ocvnl4

In the SaaS world, threat comes in an Identity-centric form. Many existing Identity threat detection and response (ITDR) solutions concentrate on protecting endpoints and Active Directory, often overlooking the complexities of the SaaS environment. With the transition from on-premises Active Directory to SaaS, a gap in Identity security posture management is emerging. Dealing with SaaS-related threats requires deep knowledge and proven expertise to achieve accurate detection of sophisticated and subtle Identity-driven threats.

Simon Taylor, CEO HYCU

0jVbBm 7b7AxNi7IA259JPevkUzmxjjq5zsDCYk0m jgQ7pTAe srIIU3T75FaRGSw O0oDACVpUg7AQjA1uVPuDZezArXk3xZiQGIs7anPTsBuwnDva RaWR4RVJFdIfKAr879IGbFEteVzu MHhm8

It’s no surprise that the AI frenzy that started in 2023 will continue into 2024. From an IT perspective, this will impact five critical areas: 

1. Explosion in the amount of new data created and the need to manage it 
2. Increased need to create a clear security and governance strategy around data to protect both companies and people 
3. Protect critical infrastructure from bad actors who will use AI to try and crack open the crown jewels like security and Identity 
4. Acceleration of AI and the rate of delivery of new SaaS services that can cause IT to struggle for control 
5. Technologies like HYCU that will leverage AI to create a scalable way to address the need to protect and recover data as more and more companies use SaaS applications and services


David Goldschlag, CEO Aembit

K2AlZOxdNdBd0km3cVaixjmeRo53WWfTQp t9Fp1xCJu Z6llF0T4XhLxzYeSCGcKPwYEc3n7AzBvqKi4YgCBot Ea CfSg mM dwJCUfVkbpwQknXmp80np ip2XKC4PK7KqPDfCRZKOuYk7oxoXs4

In 2023, we started to hear from enterprise customers that secrets managers and vaults are an “anti-pattern.” DevOps and security want to manage access policies between workloads instead of managing secrets. For 2024, we expect that many customers will start to adopt workload IAM without even trying secrets managers.

We are also seeing that enterprises are thinking about workload Identity in a richer way, beyond just a core Identity, to also include posture and context. For example, an access decision could consider conditional access criteria, like the posture of the workload.


Karine Mellata, CEO, Intrinsic

AyqAyTlHTjXVyQMPdpaXBI kolAY7UcwQdHUZamjTstJ94PKRA9EhLfE7wvUWPX7XYaBpsWOO4g430RXmhSFDWZjoNoGO6iUDSpy QBnj9ekiwNTVNEOn0DgyGES18NVneepIcRqcJMotlfhbynIuPA

Generative AI has created a new opportunity for abuse to scale and proliferate fraudulent identities, as well as abusive content and abusive platform behavior. The attacks will be far more sophisticated and harder to detect with current outdated detection systems. This could make Identity security more focused on verified human behavior over a period of time, as opposed to only gating sign-up flows (like selfie checks).


Marshall Pribadi, CEO, Privy ID

kUjiDUWJPX2kgmAtLljFdUEO9NlRkDLBk8EP1qb4I6hm1GnMR6 fLlJIrcaW l xMdbD2vJ4Y3qQFswERb8SL0eH0H74IQxNqyvd1 qydDFKl7DBoPOF4YXEeB8d96Z9bzita6pAqkAyM6Gw5Bmx SY

User-centric reusable digital Identity will be widely accepted in Indonesia, Australia, and New Zealand. Cost-sharing in customer due diligence will be the new norm. Enhancing user convenience while tackling higher costs will be critical.