Okta Hits Major Security, Availability, Innovation and Scalability Milestones, Completes Rigorous SOC 2 Audit

San Francisco, CA, April 25, 2011 — Today, Okta, the leading on-demand identity and access management service, announced the completion of a stringent SOC 2 audit and the achievement of an impressive list of scalability, availability and innovation achievements. In addition, Okta released detailed information about its secure, zero-downtime architecture that has enabled these achievements and empowered enterprise IT organizations to address the identity management challenges of their hybrid IT environments.

Completion of Rigorous SOC 2 Audit

To deliver a highly-available, secure service that meets the needs of the most demanding enterprise customers, SaaS vendors must practice and prove that they adhere to the most strenuous industry guidelines. SOC 2 (replacing SAS 70) is the officially recognized auditing standard for service organizations to demonstrate they have adequate controls and processes in place — with a SOC 2 audit highlighting that an independent accounting and auditing firm has reviewed and examined an organization's control objectives and activities, and tested these controls to ensure that they are operating effectively.

Service organizations are free to implement controls for any one of the five trust principles associated with SOC 2, and Okta chose to implement controls and undergo auditing against those controls for its identity management service for all five principles. These include security, availability, processing integrity, confidentiality, as well as privacy — arguably as arduous a task as all four other principles combined.

With the completion of their SOC 2 Type II audit against all of the five associated trust principles, Okta will join a forward-thinking set of SaaS vendors that has demonstrated a similar level of operational maturity — totaling less than one percent of the overall SaaS vendor population.

“CIOs understand the business and technical benefits of using a service like Okta to address the identity challenges they face in a world of cloud applications, mobile devices, and increasing collaboration with customers and partners. They are also very clear that such a core infrastructure service must be secure, scalable and reliable,” said Todd McKinnon, CEO of Okta. “At Okta, we have invested heavily from day one across software, operational processes, people and third-party security experts to ensure our service delivers on all of these fronts. Our completion of the most stringent variety of a SOC 2 audit is just the most recent validation of that strategy.”

Rapid Innovation, Global Scale, and 99.99 Percent Availability

While implementing these operational controls, Okta has also been rapidly onboarding enterprises, serving an increasingly global user base, integrating additional applications and introducing new features to the service while always ensuring world-class levels of availability.

With more than 100 enterprises running on the service today, Okta has hit a number of innovation, scalability and availability achievements. These include:

  • Managing more than 300,000 business identities;
  • Powering a global user population that accesses the service from more than 40 countries;
  • Processing more than five million transactions/month;
  • Delivering more than 50 weekly feature releases over the last twelve months;
  • Growing the Okta Application Network to include more than 1,500 pre-integrated applications; and
  • Maintaining 99.99% availability over the last twelve months.

Technical Details About Okta’s Secure, Zero Downtime Architecture

In line with its commitment to being transparent with customers, Okta also recently published a detailed report explaining the cloud-native, zero-downtime architecture that has enabled the company to maintain a rapid pace of innovation and deliver on the enterprise-class qualities that customers demand. These key components include:

100-Percent Multi-Tenant, Stateless: All Okta customers share the same underlying environment that is stateless at multiple tiers above the database.

Functionally Optimized Databases: Okta uses the right database for the right job. Whether it’s for storing configuration, tracking sessions, logging usage, managing processes or aggregating reports, each database is optimized.

Replication and Back-Up: Okta’s service operates across multiple redundant components within a datacenter and across two physical data centers. As a result, whenever infrastructure fails, Okta can continue to run through the failure and its customers aren’t impacted.

Zero Planned Downtime & The Ability to Expect the Unexpected: The Okta service employs a read-only mode at all layers of the stack, meaning Okta can maintain service availability while also delivering continuous innovation. Okta also employs robust instrumentation and monitoring for all components of the system, which also enables the service to stay up even with unplanned disasters strike.

For a more detailed discussion of the Okta architecture, please visit: http://www.okta.com/blog/?p=1733