An Identity Revolution

Charles Race:  Good afternoon everybody, great to see you all here. It's great to be back in my home town. I was going to say my home town. You can probably tell from my accent I'm from San Francisco, and when I came out, they said, "What music do you want to come up to?" I said, "Well, just something to sort of bring my heritage out," and that's about as north of England that they could get with some Def Leppard there. It's also great to see and be back in a country that wears suits and shirts. Obviously where I go to work everyone's in short, Bermuda shorts and Hawaiian shirts, which is a culture shock to me, to some extent. Great to be here. 

We live in very exciting times, times where new opportunity presents itself to mankind on a daily basis, but times where time is of the essence, and only those who are agile and prepared can take advantage. When I was a kid, I guess only Gene Roddenberry would have guessed that we'd be walking around with a phone in our pocket that could access the entire world's information. I guess even those science fiction programs from the '60s and '70s fell vastly short of where technology is today, and I could talk all day about science faction where you go back and look at science fiction throughout the years and you say, "Actually, that's just common now, got it on our phone." With that, everything and everyone nowadays is connected to everything and everyone else. With that, there's a massive social shift, and there's been several of those. 

How many people have got kids less than 17 years old? Quite a lot of the audience. Okay. You're in for a bigger culture shock than me, I don't. Generation Z, which takes over from the Millennials, and there's many Millennials in the audience as well who were going, "Who the hell's Gene Roddenberry?" Right now. The view on life, I call it the technology singularity, it's not my phrase, I've picked up somebody else's phrase, but the idea being that a singularity, which is the point in the black hole that beyond which we have no idea or comprehension what it is. The technology singularity defines that point in time where probably our generation, and certainly my father and grandfather would be sitting here going, "I have no idea how the world operates today." 

So we're going through a time of huge social change, and with this really propelled by an unstoppable force. So unstoppable change, uncontrollable social shift, this sounds like a revolution, and before everybody sort of runs to the hills ... Iron Maiden, that would have been good to come out to, I'd pick Iron Maiden. Before everybody runs to the hills, obviously I'm talking about a social revolution, and it isn't something that mankind hasn't seen before.

The commercial revolution was a period of vast economic growth, spices and silks which were rare in Europe were discovered in Asia, and this started the desire for trade. International trade routes were set up, large individual wealth started to come into presence, and it was really the rise of financial services, insurance, shipping, loans, that all sort of started the formation of capitalism. 

Move forward to the 18th century, and the industrial revolution. Better use of steam power, more efficient use of water power, the rise of the factory system, textiles at this point in time were the commodity of choice. Now towns became cities, companies became conglomerates, and individual power and wealth challenged that of entire nations. 

Moving a little bit closer, the computer revolution. The story of computing is epic, sparked by man's desire to tinker and problem solve. The Second World War was really the start of the modern electronic computer with realtime calculations needed for military purposes. This then sparked the need for large computers and mainframes were born, increased storage databases, and from there we had many computers, super computers, robotics, PCs, mobiles, the cloud. Fast shift in technology over a period of time, but the computer revolution itself was nothing more than really an enabler to what came next.

So why the history lesson? Why should I tell you all this? Well, the fact is, the commonalities of those social revolutions are here today, and that is huge social change, whether it's ethical or moral. I was having this conversation earlier today about what is ethical and moral today as far as the use of technology and the use of data, particularly is going to be very different to those of you that have got Gen Z in your family. 

What's causing this disruption? There's a number of factors that are causing this disruption, we call them mega trends. I'd like to think that cloud computing is no longer a new thing. In fact, the people in the audience who are not my age are probably thinking, "Well, cloud computing has been around my whole life. What on earth are you talking about?" I remember when we first started talking about, "Applications should be on the ... We shouldn't be controlling those, we're a finance company, we're a pharmaceutical company. What on earth are we running data centers for? Why are we developing all these applications, and creating security, and doing blah, blah, blah? Because that's not what we do for a living." 

So cloud computing is a huge disruptive factor, of course. We then got mobile, the mobile workforce. What is it that's changing as far as how people access this information, how they do their jobs, how they run their lives? Huge shift, huge disruptive. The IoT, no idea why ... I'm really annoyed that IoT kind of stuck. I prefer the acronym to the full internet of things. When, again, internet of things started being bandied around a couple of years ago, and it was like the fridge that reorders your food when you run out of milk. Has anybody got one of those? I've never known anybody that's actually got an internet fridge. We talk about it a lot. 

Now, at some point you'll no doubt have a connected car, you've probably got a connected car already. In fact, this whole area is ... Which, the reason I've got big data on here as well, whilst not a mega trend in itself, the fact is that 60% of the audience are probably working for organizations who buy and sell and transact and deal in information, and big data is obviously how do we look at the vast amounts of information and actually make some coherent thought from it. How do you turn that data into information, information into knowledge, and then knowledge into wisdom? 

I was reading yesterday, it sort of sparked a thought for me around Amazon. So they've got this Amazon Alexa, or Echo I think it's called, and it's probably really annoying if you actually called Alexa, I don't suppose anybody's called Echo, but nowadays stranger things happen, but if you've got one of these things, you talk to it and you say, "Hey Alexa," or whatever you want to say, and then you say something, and then it'll actually play Jeopardy with you, or play some music, or do whatever you want it to do. Brilliant piece of kit, but it's always listening. It has to, otherwise it wouldn't know when you said Alexa. So if it's always listening, then it's always got that capability of recording. 

Amazon actually do record all the searches so they can start to refine what it is that people are actually looking for, and if you think of the vast amount of data that they actually record, or what they could record. There's a great TV show called Person of Interest, and I started watching that. It's exactly that thing, it's like every device is listening to you. Well, it probably is, and if we were to actually store all of that information, other than Amazon having 50 million hits of, "I'm going to put the bins out tonight," to Alexa who lives there. I don't know entirely how useful that information is, but quite scary as to how much information there is out there, but it's a big disruptive factor, and what we've got to think about is, who has got access to all of that information? To do that, you've got to think well, who's got access to the devices that provide that information? Who's got access to the applications which deliver it? Who's got access to all the websites?

The point about globalization and the fact that it's no longer about one country, it's about an entire continent, it's about sharing information across the whole world, is also an interesting point. Many of you, I mean, you're going to hear a little bit later today about GDPR, and a lot of regulations about right to be forgotten. I don't know how on earth you get Amazon to forget that you're going to put the bins out, or do whatever else it is that it's recording about you. Also, where data can be stored, and this is solved, my data can only be held in the UK. Well, there's a whole lot of data on satellites, so you've got to really understand, well what on earth does that mean then? Because there's not a lot of information ... If you can only access it for that portion of time it's going over your country, I'm not entirely sure how that works, but this has got to change, and it's a big cultural shift that we're all going through.

At the end of the day, what I believe is that we are hitting upon something which is an identity revolution. How can we as a collective group of human beings ensure that we are allowed to access according to the laws, and the ethics, and the morals which are in place at any point in time, only that information which we allow other people to access? And is our identity owned by us? Or is it owned by the company that we work for? That's another question, which I shan't be answering today, but if anybody wants to sort of have a conversation about blockchain and where that's taking the whole world of identity, that's an interesting area as well. I think over the next 10, 15 years, once all currencies have gone because Bitcoin's replaced them all, then I might have a better answer to that question in the first place.

As I look at it from where we stand today, one of the questions that we often try and ask or understand, and is a mission for our organization is we want every organization to access every technology and to be able to adopt every technology. I've put this as a question, why is it so difficult? I think the two areas that really we see as massively changing, first of all is the who, who can do it? And the workforce of an organization is no longer just the employees that are in there, it's your partners, it's your suppliers, it's your customers, whether you're B to B or B to C, it's still customers who need it to access applications and information which you store, that's how you're actually going to make money in an information economy. 

On the other side, we've got this explosion of technology applications, whether they're traditional on premise applications, new web applications, mobile apps, what's the information held on all of those devices? The 50 billion connected devices on the ... I don't know how ... Is Gartner in the room? Maybe you can explain to me how he came up with 50 billion, it's a lot. 50 billion things connected to each other, and all of those need to be able to understand who's allowed to attach and use them and work with them. 

I met a pharmaceutical company, a bit of an aside, met a pharmaceutical company recently, and they're doing medical devices. One of the devices they make is a little thing that goes into your tear duct, it actually makes you cry if you've got Dry Eye Syndrome, it's not for actors who can't act, I guess. It's controlled by a little app on your phone. They showed me this app and it was like a little slider how much you want to cry and when you want to cry, it was amazing. One of the problems they've got is well, we have to be able to ensure that whoever is controlling this actually is allowed to control it, and it's connected to the person's eye that you want it connected to, otherwise I guess you could just go round making people cry on purpose. If you take that to something a bit more serious like beta-blockers, or pacemakers, or something else which controls whether you're going to be alive or not, then it's quite a serious area. 

If you then think about connected vehicles or autonomous cars, and you want to be able to ensure that nobody can hack into that and start veering off the road and taking you to the wrong place, I guess. Probably that's the only excuse for why your car was parked outside the wrong house at night, "Somebody hacked into my autonomous vehicle." This sort of mishmash of complexity is really where the control of identity becomes a big issue, and as Okta, we've spent the last seven years developing the Okta Cloud, which is a series of applications. Obviously many of you are customers and have used some of those, and you're going to hear a lot more about the innovations that we're doing in those areas today. Within this area, we also analyze what are people actually trying to do today that's important to them? And why is it that people should be looking at Okta as a value proposition to help with their identity management issues. One of those is really about the more traditional, how do we just become more efficient at doing our jobs? The one that really hits home with me is mergers and acquisitions. 

In the US last year, I use the US because it's the only data point I have in this particular case, is there were 8,000 mergers and acquisitions, 8,000, this phenomenal amount, companies that merged. There's a study that was done over the last sort of 20 years of what value people have actually got from companies they've acquired, and it's 1.7X. So one plus one equals 1.7, that's not a very good return on anybody's investment. Part of that is being able to capitalize on the synergies you expected to get is actually quite hard. 

The other thing, as many of you already know because you've probably picked up the pieces, is people forget to do their due diligence on IT when they're going through this process to look at the balance sheet. They look at the number of customers, "Yeah, we'd like all those customers. We'd like those people, that sounds good. We'll do that. Oh, nothing fits together. Crap, how do we actually merge our businesses?" It's really hard to do. We also have the problem then that because we're trying to sort all this mess out that our ability to stop shadow IT from coming along and actually implementing new applications because a perception of friction within IT becomes a bigger issue.

The second area outside of making what we do today more efficient is avoiding going to prison. Well, if you're an officer of your company, then yeah, certainly avoiding going to prison. If you're a shareholder in your company, avoiding the company going down the toilet. Regulations obviously are one thing, data breaches are significant, they hit the news big time. Debenhams was in the news last week or the week before, their flowers website got hacked because of a partner company which hadn't got appropriate security, people then logged in, there was no multifactor authentication, so they could log in and then they started to abuse and download other people's information, it was a big problem. In fact, that website shut for several days while they fixed that issue. So the knock on effect to brand, outside of the fact that we're all in prison anyway, is quite significant.

The third area then, which is the more interesting area I guess, is how do we actually accelerate growth and utilize all of this innovation that the rest of the tech industry's creating to do something useful? How do we ensure that as we provide that, we actually pass that on so it's easier to do business with us if we're a partner organization? And I'll use Amazon as another great example of an organization that was able to embrace partners so easily that they've got maybe one million suppliers, it just blows your head up thinking about it, and hundreds of millions of products you can buy. Now, their warehouses are big, I get it, and there'd be an awful lot of drones delivering all of this stuff, but the ability for them to onboard new organizations and to interface with their suppliers was the key to them growing at the scale they did.

The second area then is really, how do you ensure that the customer, because we're obviously everybody's customer first, I haven't met an organization that doesn't say that they're customer first, by the way, that's a customer success. We want our customers ... Of course everybody wants their customers successful, but how do we make it not just successful with our customers, but actually a pleasure for our customers? If you've got several touch points within your offerings, whether it's several websites. If you're a bank you might have the credit cards, you might have loans, you might have retail bank, if you've got lucky you might have a private bank account with them, but there's lots of different areas. How do you give them one experience which is integrated? If you look at services, I was at New York City in their IT department. 8.8 million people, about 250 different services that people can log into, and only 40% of the population has internet access in the first place. So this is a big problem; how do you help a community that large? Make it easy for people who don't have a computer at home and who don't understand that they've got 250 sites to go to that could really help them socially benefit? 

So ensuring that we can innovate in a way that helps our partners, our customers of course, our shareholders, is also important. Underpinning all of this, again, is the Okta Cloud, and I'm going to touch on some of the areas that our products that fit into this really provide benefit to our customers, because many customers will know us for single sign-on, the fact that I don't have to remember all these stupid passwords to all these things. Yes, that's a great use case, and that all comes under this whole side of how do we make operations more efficient? How do we ensure that through single sign-on we don't have to remember 150 different passwords, and we can ensure that those people who are allowed to access those things get given access quickly? How do we also store, which is universal directory, an extensible metadata repository so you can manage all of your access and authorization within a single database? That's effectively all it is, a database, and I'm going to touch on that a little bit more, okay great, it's a database. 

Third area, lifecycle management. Once you've got all of these applications, and you want to then deploy them quickly. Let's say you've got somebody else join, a new person joins your organization, and you want to ensure they've got all the tools they need to do their job immediately, and the fact that they know them. I first came across Okta when I was working at Infomaniak, and we became a customer ourselves. I logged in, this new tool came on, 140 applications in there, 140. Now, what struck me wasn't, "Great, how do I get to use all these?" It was, "Am I paying for all this stuff?" So I did, I went away and I got finance down, and we looked. An FP&A person came and said, "Yeah, yeah, this is your list of all the sales software that you're paying for." 

We managed to get rid of 30% of our cost of all of the applications just because they weren't being adopted and used by anybody, and we just didn't have that visibility before. So being able to understand, A, who should have access, who is using your products, so you can ensure you get adoption, and then consolidate is actually very, very beneficial, but particularly when people leave, you no longer want them to have access. So if you can actually, through your HR system, let's say that's Workday or SuccessFactors, that somebody joins or somebody leaves automatically deploy and provision or de-provision all of their tools that they need instantly, this is a huge issue that's overcome if you don't have that technology. 

Within our changing technology environment and the use of mobile, whether it's tablet, mobile phone, or whether you've just got your PC on the go, how do you ensure that people can have the same level of security and access through multiple devices? Particularly if you've got a bring your own device policy at work. You have to be able to ensure that the appropriate levels of security are deployed, and that the company has control and can make sure that you deliver that same experience to your own employees, or your contractors, or partners without inhibiting them, but equally securing your business. 

Now, on the flip side of all of the excellent benefits within making IT more efficient is driving the innovation. I started off as a programmer. My first programming languages were COBOL and Mainframe, and then we upgraded our mainframe to VMS. Those of you that worked in the early '80s through to the late '80s on VAX products would know that DEC was by far the best technology and Unix was terrible, but of course DEC disappeared and so did VMS, but that's where I started working. At that time, we wrote our own database management systems, can you believe it? I actually wrote file systems, not the database itself, but the actual management system. You wouldn't dream of doing that today, you'd just buy a database and plug it in. So I thought, "I'll upgrade." I went to work at a company where we wrote our own BI tools, so graphing technology. Again, this is when Cognos version 0.1 was out, and we wrote it in Oracle Forms, so you can understand that I'm very patient in life now having worked with Oracle Forms 2.0 at that time. Yeah, we were writing BI tools. 

I joined another company where we started writing our own, and this was for a long time when you're building data warehouses, writing your own ETL tools and scripts, DLC, whatever it happened to be. Now you would plug in an ETL tool, and in fact, you'd get one with that new database that you would be using anyway, and your data integration typically would be through a tool. Yet, when you're writing new applications today, many organizations still create their own login pages, still write their own access controls, still write their own authentication, and typically ... The last website I wrote, it was a library program for my dad to record all his VHS video tapes that he had. When he moved from Betamax through to VHS he had to upgrade his entire library. I'm serious, he did this, he had about 200 of them. Now he's gone to DVD, which I was ... So the office I worked in, I think the average age on the floor is around 25 years old, and the DVD is sort of, "What on earth is that? Why would you have a movie on a DVD? I don't understand." In fact, even games now, I think you don't even get games on a disc, I just feel older every single day. 

My point is, why should we be developing a lot of things that you can plug in? So the whole area around all of the functionality of our product set delivered through to developers so they can build their own applications and plug in the appropriate technology knowing that it's secure, knowing that it's part of a platform which is supported by an organization that this is all they do for a living. 

So back to some of these use cases, if you like, and I'd like to touch on a couple of companies here. First is, and again, I've talked about M&A, ENGIE. We're going to talk a little bit more about ENGIE a little later, formerly known as GDF SUEZ, big into natural gas, big into solar, big into renewable energy sources, and grew a lot of that through acquisition. When you acquire, and those of you that have acquired a lot of Microsoft Exchange or Active Directory will know that actually it's a real pain to manage all of that, and ENGIE were able to ensure rapid adoption of 365 across the organization by consolidating and ultimately removing the active directories. 

Second example around modernizing IT, News Corp. News Corp, which obviously was one of two components of News Corporation that was split off. This is the, I guess The Times, and The Sunday Times for many of you, The Sun for me, as was. I'm from the north, that's what we read. Comics in The Sun, Viz comic in The Sun, in fact. I don't even know if Viz is still going, very good. So this was a case of exactly what I was talking about before about Informatica was a whole lot of applications, but how do you get people to adopt it? So how can we modernize our infrastructure and remove all of our legacy applications, which you can't do until you've got adoption of the new ones, and that's hence why you bought these new ones in the first place. A huge adoption rate, 25,000 people now running 150 new apps within nine months, and a great use case as to how you can ensure that everything that you've been spending your money on, how shadow IT, wherever it sprung up, can actually be brought into the fold. 

The final one is a company called Experian. Many of you may know Experian. My first sale to Experian was when they were part of Great Universal Stores, which became GUS, which became Home Retail Group, which became Sainsbury's ultimately, bit of M&A going on throughout that process. GUS started to actually get a programmer in, in their early days, to actually start writing a database, or file system in those days, to list people's names, addresses, and then they added county court judgment data and a whole lot of other data. It became basically a database. Experian now is a multi-billion dollar organization selling both credit checking and other services around the use of data. They obviously now first of all had to modernize their own IT because they've been expanding into lots of varied use cases, but this is a great example of an organization that now had multiple touch points with their customers and wanted to give those customers a single experience; log in once and get access to all of the applications and all of the information that Experian have to offer. So consolidating that user experience through use of a single identity technology.

Now, this is all very good, and I'm sure everybody's very please to listen to me. I could say anything to you, I'll just check the list of who's not here and put them up and say they were doing a brilliant job, but how about we actually listen to some of our customers themselves? So I have the great pleasure to welcome three companies up onto the stage with me: Paul Hannon, David Nix, and Alain Delava all from SGN, and Gavi, and ENGIE are going to join me for a little bit of a fireside chat night. Please.

You get the same Def Leppard as I did. I think everybody's getting that in my slot, good. Well, welcome. Thank you first of all for being customers. Thank you also for being up here on the stage with me. Perhaps to start off with, maybe start with Paul, a little introduction to yourself and your organization?

Paul Hannon:  Yep. So I'm Paul Hannon, I'm the CTO at a company called SGN. We're a gas distribution utility in the UK. We deliver or distribute gas to about six million homes. We have about 5,000 people that work for us. We perform not only the distribution service, but we also provide an emergency service and we form part of the critical national infrastructure in the UK. So while security is hugely important to us, so is operational excellence. 

SGN, like many utilities, many organizations, is being hugely disrupted by lots of digital innovation. We're seeing a massive increase in terms of the use of robotics, realtime network monitoring, analytics, and that's being driven in SGN by a very forward thinking CEO, but also a very forward thinking regulator, and that's driven us to essentially develop a technology strategy which is based upon an all in adoption of cloud services, driven by the need to increase security, increase durability, reduce costs, and, as I said, security is that number one driver for the adoption of cloud, and hence identity is at the center of that. So hence the relationship with Okta. 

Charles Race:  Thank you. So the second panelist, when I saw the name I was very excited, Gavi. I thought, "Gavi di Gavi, this is absolutely up my street, bit of red wine," but equally medicinal, so welcome.

David Nix:  Thank you. My name's David Nix. I'm the Chief Knowledge Officer for the Gavi Alliance. Gavi is an organization, it's a global non-profit started by the Gates Foundation back in 2000, and we work with 73 of the world's most developing countries to implement and provide vaccines to children worldwide. Year to, or lifetime to date, we've saved 500 million children's lives through the implementation of vaccines, and in the next four or five years we expect to save another 300 million children's lives. 

I'm responsible for leading the digital knowledge transformation within Gavi. We believe that data information and knowledge connected to our partners and our countries is the way to continue to improve vaccine and immunization practices, and we see that as a key with our relationship with Okta. We think that Okta's alignment to, not only the security and the best practices, but as well as the mission of saving children's lives as important to our success.

Charles Race:  Phenomenal, 500 million lives. I mean, it's just inconceivable to think of it. Thank you and welcome. Finally, Alain. 

Alain Delava:  Hi, I'm Alain Delava. I'm the Deputy Chief Infrastructure Officer at ENGIE. So ENGIE is a power, natural gas, and energy services company. We're present in about 70 countries. It's 150,000 employees, and with the energy transition, really ENGIE now is all about degovernization, decentralization of energy, and digitalization. So basically we provide services around energy efficiency, renewable energy, liquified natural gas, and digital technology as well.

Charles Race:  Okay. Well you may have noticed from the job titles there's been a shift change in the last few years from when I would have a panel like this, we'd get three CIOs up, and we've now got an Infrastructure Officer, a Knowledge Officer, as well as a Technology Officer. So what does that say, and I'll start with you Alain, is the sort of changing role of IT in organizations? 

Alain Delava: Well first of all I think we should not underestimate the discussions about titles. I'm sorry, it's not that important. I think at the end of the day, it's all about technology, and the way we see it in terms of where identity sits in the organization. It's a technical foundation for any business you want to set up that has a digital element to it, identity is a big part of it, and it's quite technical, even if we have Okta to help us. So in our organization it sits under the CIO, which is also the Digital Officer.

Charles Race:  Okay, thank you. David?

David Nix:  Yeah, you know, it's interesting for us. I think Okta and identity management sitting within the infrastructure and the security, it really is a part of the foundation. I think though, through our digital transformation journey, what we're finding is that transformation's not just about the technology, it is about organizational transformation as much. So part of what we work on is making sure that we have business ownership and alignment to the capabilities that we're trying to deploy. So for us, certainly it's a Security Officer, it's certainly within the IT organization to own and enable this sort of capability, but ultimately when we can have a business owner take responsibility for identity management and the delivery and adoption of that, that's where I think we've really achieved kind of digital transformation success.

Charles Race:  Okay. Thank you.

Paul Hannon:  Yeah, I'd reiterate those points. I'm a great believer in the devolution of IT and technology back out to the business. I think if technology departments, IT departments don't change, we run the risk of being obsolete because fundamentally the horse has bolted in terms of IT having direct control over the consumption of IT services. A business user can, with the use of SaaS, go and create an ERP system in a matter of hours. So the role of IT has fundamentally changed. As a CTO, much of my role is now built upon building that strategic ecosystem of suppliers, of partners, rather than locking down and tying down strict standards about how things must be built, the head of architecture type strict governance role, and I think it's a wonderful thing that we're seeing. Putting IT back into the hands of the business ensures that we get sponsorship, that we get buy-in from the business, and actually we drive adoption, rather than IT trying to push technology at the business. 

Charles Race:  Which is a good segue, I guess. We showed a video of the businesses at work earlier. Obviously you're all Okta users, but what are the other sort of tools that you're really providing to the business to help them achieve their own missions and goals? Again, I'll start with you.

Paul Hannon:  Yeah, I mean, from an SGN perspective, in alignment with the majority of your users, Office 365 is a key element to us, we are rolling it out across the full 5,000 workforce that we have in SGN, but we also use a variety of services, DocuSign Blink, a number of semantic security tools serviced now, and a single source of identity is really helping us manage that. 

What we also use Okta for is helping to secure our AWS environment. AWS is an absolute core part of SGN's strategy moving forward, so making sure that we're securing that management console, but also our workspaces all including, all through a single source of identity management. Enabling multifactor authentication is absolutely fundamental to us. 

David Nix:  Yeah, so for us, Gavi has an aggressive cloud first strategy with regards to our transformation, it's probably not uncommon. We use Salesforce for enabling customer or stakeholder interactions. We use Office 365 to manage documents and collaboration. We use ServiceNow for monitoring and managing the operations behind all of that, and then there's a number of niche services that support our capabilities there. Okta is the glue between all of that that enables a seamless customer experience through those different services. What continues to astound me is just the simplicity that it's brought to our integration of all of these different services. Even our initial implementation, I've implemented identity management in prior lives and more traditional architectures, and it's been difficult. SO I was really worried when we went through the process of implementing Okta, but it was a six week implementation. We integrated first off 14 different applications, and within two weeks we had 90% of our secretariat staff registered and using the solution with almost zero negative feedback. It was astounding to me what it really helped us do.

Charles Race:  Are we recording this? We should get that on ... That was good soundbite, that.

Alain Delava:  I was about to say, we've got kind of a similar story. I think particularly with ENGIE, or challenge was that we are a very decentralized organization. We have hundreds of subsidiaries and IT teams and active directories, and all of that. So in terms of the tool we're using, the driver for putting Okta in place was actually Office 365. We wanted, as the business is transforming, to have a single collaboration platform for the whole company, but we didn't even have a single directory, we only had entities of the company. So that's where really Okta helped us.

Now, when we did that, in six months 150,000 users are on Okta. Takes a bit more time for Office 365, of course. We realized that, "Wow, we have a golden mine," and now I'm speaking to you, we have like 60 plus applications connected to Okta, in addition to Office 365. AWS is on there, Oracle HCM, Zscaler, Alwatch, you name it, there's plenty there, and that wasn't in the original plan, that's the nice thing about it. 

Charles Race:  Okay. I've got one last question and then we'll wrap up, it's not one that we've rehearsed. So who I pick first is kind of key here. So as you look at the future, and I talked about an identity revolution and really the complexities that the whole change in the way that people run their lives and how technology's disrupting that, what do you see as the future identity challenges for your organization as you look beyond sort of the immediate projects that you've got going on today, and how are you going to look identity for your business in the future?

Alain Delava:  I might as well start. So, as I explained, at ENGIE the focus was currently on employees, so B to E, as we call it. Our next challenge is really, as we want to expand and sell digital services to our customers, it's really to expand on the B to C and the B to B side of things. We're looking at Okta to help us with that. So I would say that's, in terms of identity, our next challenge, and let's, as you mentioned earlier, not forget about the governance and the ownership of the identity because I see data quality as a very big challenge all the time. It's ongoing, data quality.

Charles Race:  Thank you.

David Nix:  So for Gavi, it's a very interesting journey, and what we're doing is we're connecting stakeholders in some of the most difficult environments in the world. We're talking about users out of North Korea, and users out of Syria, and the infrastructure challenges that they have are so difficult. Now, layer on top of that environments like Africa where you've got mobile explosion that's happening there, and for us when we start to think about the challenge that we're trying to face or we're trying to solve, it's how do we connect all of those users in those types of varied environments? We see Okta as a way to help connect those people, but not only the people, but ultimately the devices as well. It is about knowing who the people are and ultimately about the devices. 

For Gavi, one of the biggest opportunities, and an opportunity in a lot of the countries is supply chain management, and as we get better at supply chain management we're able to become more efficient with how we're managing vaccine in country. If we can connect that supply chain, the cold chain equipment into our applications and know what devices are connected, what users are using those devices, the amount of data and knowledge that we can capture and share back to save more kids' lives faster, is astounding. 

Charles Race:  Great. 

Paul Hannon:  I think, for us, when we think about that devolution of IT back out to the business, one of the things that I think about most is really making sure that we're giving the business a very straightforward and easy way to manage that access. The concern I always have is, we have a business that wants to grow, wants to change, wants to develop, and it's very easy for them to go out and consume more and more services. When we talk about identity, when IT people talk about identity, security, normally most business users' ears fold over because they think that's associated with delay, cost, expense, frustration. 

One of the analogies I've used before is the ability for the business to go out and consume SaaS services directly is analogous to that essentially getting a young pet tiger cub. When you start off and there's a few small users, and everything's nice and manageable and easy, it's fine; it's easy to manage access and identity when something's small and controllable. When things grow, become bigger, become much more difficult to manage, if you don't sort out the identity for those SaaS services at the very beginning, suddenly you've got a very big issue on your hands. So it's a bit of an abstract analogy, but it always makes me think that having identity, having an independent identity provider, having an identity provider that maintains a very large ecosystem of suppliers that actually makes it really easy for the business to adopt is a really strong position to avoid that worst case scenario.

Charles Race:  Great. Well, we're out of time, but I'd like to thank you all for joining me up here, and a big round of applause and thank you for our customers. Thank you very much.

So we touched on there something we are very proud of at Okta, which is the ecosystem of partners who are integrated into our offering, over 5,000 technology suppliers who are integrated so that you can easily attach and adopt all of the technologies that you'll be looking at. I'd like to bring up one of those partners right now to speak. This is an organization which itself has gone through its own transformation as it started off disrupting both cloud store, the traditional storage with cloud storage, and then collaboration technologies and how we can work now that we're in this global workforce, and that we have disparate data held on and off premise. So please join me in welcoming David Benjamin from Box. So welcome.

David Benjamin:  Great to be here, thank you. 

Charles Race:  We'll start the same way, if you could maybe do the little ... You get the pitch. So you're pitching to these people as well, you get the little pitch too.

David Benjamin:  Well, yeah. So David Benjamin, I'm the General Manager for Box, looking after Europe. So for those who aren't familiar with Box, we were founded in 2005. I'm also working for a Silicon Valley company, so I share your schizophrenia in terms of attire, and we provide content management to enterprises. So we purely focus on businesses, and we've got 70,000 customers globally. I'm responsible for our European operations, as I said, so we've got offices here in London, Paris, Stockholm, Amsterdam, recently Munich as well. So yeah, I'm proud to be here. Also, like I said, whilst we are also sponsors of this event, we actually have a very deep and meaningful partnership, business partnership with Okta, which we're really proud of. So thanks for inviting me.

Charles Race:  You're welcome. So you've got 70,000 customers, wow. My sales team's in here somewhere, 70,000, that's our goal for next year, 70,000 customers. So you must have seen, and you've heard from our customers there some of the innovation that they're doing and the ways that they're transforming their business. What have you seen as trends within the customer base of how people are collaborating and using technology in different ways?

David Benjamin:  Well, I guess there's three generic trends, which we see across the board, which actually resonated a lot with some of what you said in your keynote. The first one would be that we're seeing that mobile is becoming ubiquitous. So everyone has either access of or ownership or mobile devices, so that's a key trend. The second key trend, and I should say these are slightly interrelated as well, but the second key trend we see is that employees of organizations are looking for the ability to work with anyone, anywhere, anytime. That means cross borders, and it often means externally as opposed to just internally as well. That puts into focus the third key trend that I see at a generic level, and that is, given those first two trends, it puts an increasing focus on data residency, security, compliance. So the ability to actually manage that content, but also respect the local compliancy requirements in each region that we serve. So those are the sort of three key trends we see.

At a more specific business unit level, and it was touched upon by the customers who were on stage just a moment, I guess the key trend I see at the moment is the use of the word digital transformation. Every organization seems to have a digital transformation agenda of some thought, usually wrapped up in a 2020 strategy as well, but what we find is that digital transformation means different things to different organizations. Of course, I think there's the opportunity as you go through the eras, as you described, that digital transformation means that if you've got a process that is manual, that is repetitive, has a bit of data processing, then the likelihood is it's going to be done digitally over time, but the trend we're seeing now is that organizations are taking the opportunity not just to apply software onto the same legacy process, the same legacy workflow, the same legacy business model, they're actually taking the opportunity to completely reinvent, redefine how those processes are being done, and that gives rise to a much more sort of friendly and better customer experience. So yeah, digital transformation, but not just applying it to the same legacy business processes. Digital transformation on the back of complete reinvention of how work gets done in the office.

Charles Race:  You mention an interesting thing, well interesting, people do have a lot of strategies called 2020, and not enough of them are called 20-20 vision, I just don't get it. So you touched on the technology that's enabling collaboration, it's therefore bringing in other technologies that people need to work with. So how do you see the role of identity in the customers that you're working with changing over time? 

David Benjamin:  Well, it's critical, certainly for us, hence the reason we choose to partner with Okta; not just because it's a great product standalone, but also out of self interest frankly. So for us, what we see, and again using your use cases, things like a single sign-on, mobile management, lifecycle management are actually key to deploying applications like ours really quickly, and as a SaaS business, we all know that deployment is key to adoption as well, and adoption is one of the fundamental requirements for the SaaS business. So what we see is that when we integrate with Okta and take advantage of your identity services, that we deploy more quickly, we get greater adoption because we remove the barriers and the friction from password resets or profile syncing etc. So that's the first thing we see. 

The second one, I guess, is also that from a security perspective, we see that Okta enhances our security storing and our security credentials, giving our customers the ability to manage what content or what devices have access to content as well. So manage devices, sanction devices, and also secure devices too. 

Finally, I would say that, and not sure how this will translate with those who may be from outside the UK, but we like to eat our own dog food as well. So we are a customer of, and user of Okta, and as a fast growing business, and we are hiring people, and to an extent we have some [inaudible 00:48:33] as well, but with that level of transaction taking place from a recruitment perspective on-board and off-boarding, the speed at which we're able to do that using Okta at the heart of our on-boarding, off-boarding process is phenomenal. So it's something that we see every day, and it enables us to move very quickly in the marketplace.

Charles Race:  Okay. I also have one question which we didn't script based on what you've said, and it's interesting because I think every conversation I have with people, it comes up in varying degrees, and it is this whole area of data residency and compliance, and what should be, what shouldn't be, what's within a geography. If the perimeter's gone within IT, is there really a perimeter within countries anymore? What do you see as maybe some pointers for the audience to look at when they're struggling with that challenge?

David Benjamin:  I would say that, and again, exemplified by the customers, when you move to particularly SaaS services and take advantage of identity systems and platforms such as Okta, it gives you the opportunity to work with best degree platforms, so that may be Salesforce for instance, it may be Slack, or others. We saw many examples of customers having 50, 60, 70 different applications. What we also see therefore, is when you have that sprawl of applications, you also have content sprawl. Each of those applications has content in, and therefore you have to worry about and be concerned about where that content sits, does it comply with local residency and compliance requirements, etc.? So our proposition at Box enables you to work in those applications natively, store the content in one place, but equally respect the local compliance requirements. So we like to describe ourselves as sort of the Switzerland of the data storage market. So you can choose which region you want, indeed which hosting service you want to use, whether it's IBM, or AWS, or Azure, or others, you can choose which one you want and it makes sure that you are satisfying the local requirements of the countries that you have your data stored in.

Just to quickly build on one point though, because I know you've got a subject on it later on, is GDPR. I guess one of the key aspects we're seeing at the moment, it's a trend as well, is increasing focus on companies getting ready for GDPR, but I think the challenge we see is that, despite a lot of noise and messages about, there is nothing really which defines what GDPR compliance means. So, many of us are still grappling with how we're actually going to satisfy that. What my advice is for organizations going through the same challenge is to make sure that you set the bar really high, because if you set the bar really high in terms of satisfying compliance, then actually when the definition does come out, which is likely to be more about actually code of conduct, as opposed to a defined requirement, then you're much more likely to satisfy the requirements. 

Charles Race:  Okay, great. Well thank you for being a customer, thank you for being a partner, and thank you for joining me on stage.

David Benjamin:  Great to be here.

Charles Race:  David Benjamin, thank you.

David Benjamin:  Enjoy the rest of your day, thank you.

Charles Race:  So my last few words are to thank you all for coming along. Please make sure you get the most out of it. We have got a large team here, make sure that you get all your questions answered, except the one, "Can I have a discount?" That's not a good question to ask today, but make sure you get all ... I am so excited to be part of this company, and I'm so excited every time I speak to any of the organizations, any of our customers, any of our prospects, at just what we can achieve together in this identity revolution. Have a great day, and I hope to speak to many of you throughout the course of the networking. Thank you very much.