A complex identity solution
Nasdaq’s legacy identity solution requires error-prone manual processes to unify security controls across platforms. The result: Bad password habits, risky workarounds, and unhappy users.
Security and usability, combined
Nasdaq deploys Okta to offer employees one set of credentials across all their applications. With a single solution, the company addresses security, reliability, and usability issues.
Yes, we “Okta!”
Three months into deployment, IT starts requiring new internal applications to use Okta for identity access. When the question, “Do you Okta?” is answered with a “Yes,” IT knows it will be a seamless integration.
An expanded partnership
Nasdaq evaluates Okta’s Lifecycle Management and Multi-factor Authentication solutions, and considers a move toward managing customer identities in the cloud.
Back on the offense
With identity management under control, Nasdaq is free to lead on the financial technology front, ready for a full-scale financial services “tip” to the cloud.
As Okta evolves their model, we can see clearly that they’re talking about the next generation of identity—the next iteration of this technology.Bharat Patel, Vice President of Corporate Infrastructure, Nasdaq
A mandate to diversify
You probably know Nasdaq as a U.S. equities market which lists many of the world’s largest technology companies. You might not realize that it’s actually a tech company itself. Nasdaq invented the electronic exchange, and today it provides the technology that powers 85 other marketplaces in 50 countries around the world, and has over 18,000 companies worldwide using its corporate solutions.
The desk shifts to the cloud
“It was a steep climb,” says Bharat Patel, vice president of corporate infrastructure. Today, 80% of the Nasdaq workforce is connected via mobile to internal solutions. “It’s not just about accessing things like calendar and email,” says Patel. The desk is shifting from the office to the field as transactions happen more quickly. When it comes to contract approvals and engaging with customers, “we have to be responsive,” says Patel. “We cannot have lag time.”
Data security was critical. “Our next pressure point was, how do we expose data to our users while keeping it safe and secure on multiple platforms?” says Patel. Identity management plays a key role in solving that problem. Compromised employee identities can cause serious harm, says Patel. Secure identities, on the other hand, tie people to productivity applications that allow them to do their work efficiently and effectively.
Before Okta, the company’s identity solution was extremely complicated, according to Patel. For regulatory reasons, Nasdaq had strong security controls in place, but unifying those controls across platforms was a manual process. “Whenever you do something manually, you add a component of error,” says Patel. “From a risk perspective, it was complex. From a user perspective, that risk was even worse because people had to remember multiple passwords and credentials.” The complexity led to bad password habits, risky workarounds, unhappy users, and poor productivity.
“We knew we needed a good solution that could tie all of this together without compromising integrity and security,” says Patel. “We solve this, we solve so many surrounding issues.”
Identity that just works
In the search for a new identity solution, the Nasdaq team had three requirements. Security was an obvious priority. “Whatever happens, the credentials and identities could not be compromised,” says Patel. Second was reliability across multiple platforms. “It had to just work,” says Patel. Finally, the team wanted a solution so seamless that users wouldn’t even realize it was working in the background.
Okta came to the team’s attention because of how effortlessly it would allow Nasdaq to solve all three objectives: Security, reliability, and ease of use. Security encompasses ease of use and reliability, of course: When an identity solution no longer presents an obstacle to productivity, users no longer feel inclined to find workarounds.
In 2015, Nasdaq deployed Okta for its entire workforce of more than 5,000 employees and contractors, uniting existing applications on the Okta platform so that each user would have to remember just one password. After about a year, the company has integrated 15 apps, with different users getting access to different apps. “Applications in total are being integrated pretty rapidly now,” says Patel.
“Initially it was funny,” he says. “Users were waiting for some sort of OK button to come up, and we had to tell them, ‘No, you’re logged in. Go right ahead. There’s nothing to OK. The system knows who you are.’ It was impressive how the three objectives were coupled together in a way that it just didn’t look like there was a complex event happening.”
Security and usability, combined
Behind the scenes, the Nasdaq team invested time in due diligence before making the decision to deploy Okta. They were impressed by the thoughtful architecture that underlies Okta technology, says Patel—how Okta verifies internal credentials while enabling the integration of a broad range of external solutions.
“We don’t have to worry about a new provider with a new service,” says Patel. “Your module plugs in, we enable it with our credentials, we’re on our way. I think one of our applications we integrated within 15 minutes. My team came back to me saying, ‘We’re done. You can start using it,’ and I didn’t believe them.
About three months into the Okta deployment, Nasdaq IT instituted a policy requiring new applications to use Okta as their identity access source. The response has been positive. “Many products that come on the market, Okta is the first one they integrate with,” says Patel. “It’s fantastic for us. We don’t have to worry about that.”
“Okta as a company has become a new verb,” says Patel. “It’s an action now – not even a product. It’s like, ‘No, do you Okta?’”
Identity management for the foreseeable future
“From a service and reliability standpoint, we haven’t had any concerns whatsoever,” says Patel. “What’s really great is that as Okta evolves their model, we can see clearly that they’re talking about the next generation of identity—the next iteration of this technology. What we thought, three, four, or even five years ago with biometrics and capabilities, you’re already down that path.”
For now, the Nasdaq team is looking to expand its partnership, evaluating Okta’s Lifecycle Management and Multi-factor Authentication solutions, and thinking about what it would be like to use Okta to manage customer identities, as well as internal ones. “We’re going to look very closely at partnering with Okta to see how identity for our customers can also be managed outside of Nasdaq boundaries,” says Patel.
An industry ready to “tip” to the cloud
Today, Nasdaq leaders “are feeling both excited and nervous about being on the offense,” according to CIO Bradley Peterson. The company’s focus has always been to stay ahead of the curve on the technology front, so in 2015 Nasdaq began developing solutions with blockchain technology, to allow private companies to complete and record private securities transactions on a blockchain. Peterson sees blockchain as a way to remove the delays and inefficiencies that still exist within legacy, paper-and-spreadsheet-based transaction management.
As it relates to the cloud, Peterson is 100% behind Nasdaq’s interest in the technology. At Oktane16, he talked about transformation within the financial industry. “Financial services is woefully behind in cloud,” he says. Today, security is actually better in the cloud than behind most company firewalls.
When the industry begins to understand that fact, “it’s going to tip, and it’s going to tip fast,” Peterson says. “We want to be ready for that.”
With identity management under control, Nasdaq is well on its way.
Nasdaq (Nasdaq: NDAQ) is a leading provider of trading, clearing, exchange technology, listing, information and public company services across six continents. Through its diverse portfolio of solutions, Nasdaq enables clients to plan, optimize and execute their business vision with confidence, using proven technologies that provide transparency and insight for navigating today's global capital markets. As the creator of the world's first electronic stock market, its technology powers more than 85 marketplaces in 50 countries, and 1 in 10 of the world's securities transactions. Nasdaq is home to approximately 3,800 listed companies with a market value of $10.1 trillion and nearly 18,000 corporate clients. To learn more, visit: business.nasdaq.com.