Request for builders: Six key focus areas in Identity 

In today's rapidly evolving digital ecosystem, startups face the monumental task of bringing innovative ideas to market in a secure and scalable way. As the President of Customer Identity at Okta, I've seen firsthand the challenges and opportunities of building a software-as-a-service (SaaS) business. It's a journey that requires a delicate balance of innovation, security, customer engagement, and growth management. Recognizing these needs, Okta has developed a comprehensive suite of SaaS Builder tools and guides designed to support startups at each critical phase of their development: build, secure, sell, and scale. Check out this link to learn more about our offerings for small businesses and here for more information on Auth0 for Startups

SaaS builders face a dynamic market that is constantly affected by new developments and opportunities in Identity.  In conjunction with Okta Ventures, we have outlined below a “Request for Builders,” covering six Identity ideas directly related to SaaS builders that we believe are exciting.

On Monday, May 6th, from 12:00–3:30 pm PDT, Okta Ventures will host a lunch and roundtable at Okta’s headquarters in San Francisco on the sidelines of the RSA Security Conference. This event will bring together top builders in an intimate setting to share perspectives and ideas about these areas and others. 

ErQQuav6XI2BfRd2OaoMOGYz28pCM7i3 FXz8zoxk1kYx9Fd1D6Rlq72BTr83acbfozjaKx MudZsPKZLcmdHHOO4ppMInB0TUbPzHhriu7aRRAOkrwAEtNpXfwRMJNChnecxR08J9DXh6sfQEvGIcA

Detecting and countering deepfakes

The emergence of generative AI tools has allowed anyone to create deepfakes, which increase the attack surface for Identity verification technologies. Threat actors have made entire marketplaces like OnlyFake, which enable people to purchase fake driver's licenses that can be used for account onboarding. A recent deepfake attack cost a bank in Hong Kong $25 million in damages. Widely available tools like Snapchat filters allow users to experiment with impersonation technologies. 

As the provenance of content comes into question, large content-driven companies are beginning to drive new initiatives to address this emerging area. Adobe has joined other companies in creating the Coalition for Content Provenance and Authenticity. OpenAI has recently begun implementing watermarks based on C2PA on content derived from their model DALL-E.

We’re interested in discussing this issue with startups involved in these areas. Some notable examples are EchoMark, Truepic, and Reality Defender

Building the wallet of the future

In 2023, California launched a Mobile Drivers License (MDL)  and app. Other states have followed suit, including Utah and Maryland. These new tools allow users to select which government-backed credentials to share. For instance, they can choose to share only their age with a clerk for retail experiences that require proof of age. Additionally, some states have begun offering their Driver's licenses to be available in Apple Wallet.

Governments aren’t alone in issuing digital credentials;  companies are issuing other credentials for digital wallets. Credly by Pearson is one example. Okta issues certification credentials through the Credly platform to certified administrators and developers. These professionals share those verified credentials on LinkedIn and other platforms to showcase their expertise. Wallet platforms have also emerged from the crypto community, including Magic Labs and other NFT display tools. Builders looking to explore this space should keep an eye on new World Wide Web Consortium standards and track emerging startups like Accredify, Spruce Identity (Okta Ventures portfolio companies), CertifyOS, and Merit. We’re particularly excited to see implications for verifiable credentials as a means for Authorization in enterprise functions. 

Empowering users with their data

If Web 1.0 was about monetizing the internet with ecommerce and ads and Web 2.0 was about social media, Web 3.0 is focused on encryption for trustless, distributed, faster, and more efficient ownership transfers. In particular, we’re excited about new approaches for users to own and monetize their data around their consumption. Startups like Caden are exploring ways to monetize consented consumer data, and Brave Rewards gives its users cryptocurrency in exchange for browsing data. Worldcoin pays users in cryptocurrency to verify their humanity and issue their credentials. In the not-distant future, getting paid for sharing your Netflix viewing data, web browsing, and shopping history should be possible. Builders are increasingly interested in personal data sovereignty and safety.

App modernization and building security by design

Today, SaaS builders and developers face numerous challenges: too much legacy software that results in significant tech debt, customers who require “enterprise readiness,” SOC2 compliance, and data residency requirements. While great companies like Pangea Security have been built to address some of these challenges, no one-stop-shop solution unifies all of a builder's needs.

Securely using large language models

The rise of large language models (LLMs) has given forth an array of security concerns for enterprises seeking to allow their employees to access these new and exciting tools. In the past year, vendors like Surf Security have showcased inline protection tools, such as secure browsers that can prevent sensitive data from being injected into models. Additionally, bot detection tools can prevent scaled prompt injections, and role-based access control features can be implemented to limit users to powerful models leveraging proprietary enterprise data or personal identifiable information. While startup and VC activity in this space has exploded, we predict a second wave in 2024. This new wave will bring multifaceted solutions and unique approaches from existing vendors and new startups.

Authentication in VR/AR

This year's launch of Apple’s Vision Pro was another VR/AR adoption milestone. Anyone trying on the headset for the first time is surprised to see that the device uses a new biometric technique called Optic ID to authenticate the user. Apple’s website states: “In the same way that Touch ID revolutionized authentication using a fingerprint and Face ID revolutionized authentication using facial recognition, Optic ID revolutionized authentication using iris recognition. Optic ID provides intuitive and secure authentication that uses the uniqueness of your iris, made possible by Apple Vision Pro’s high-performance eye-tracking system of LEDs and infrared cameras.” Indeed, we’re in a new era where interactions in a virtual environment will require new forms of authentication far outside the traditional bounds of mobile and desktop experiences. In 2022, Auth0 by Okta published a blog post on this topic and posited several frameworks for builders to approach these new authorization techniques. This is an exciting, wide-open space for innovation. 

We look forward to having discussions with builders focused on the above use cases and invite you to apply to join our roundtable.