Mark Whelan, Head of EMEA Growth Markets at Okta.
As organisations accelerate their digital transformation journeys, identity has become the new security perimeter, and the most critical layer of defence against modern cyber threats.
Yet, with a growing number of SaaS applications, fragmented security frameworks, and evolving compliance mandates, securing identity is more complex than ever.
Okta, a global leader in identity and access management, is working to change that. From championing a new Identity Security Standard to rolling out AI-driven threat protection and embracing a passwordless future, the company is aiming to redefine how enterprises approach identity.
Mark Whelan, Head of EMEA Growth Markets at Okta, shares how the company is building a more secure, scalable identity ecosystem, and what lies ahead for the future of identity management.
Q: What are the key objectives of the new Identity Security Standard, and how will it elevate identity protection across SaaS platforms?
The Identity Security Standard initiative is about creating a unified, standardised framework to securing identity across all enterprise applications. Its core mission is to provide a common framework that SaaS builders can rely on to meet the increasingly complex security needs of their customers. By standardising identity practices, we aim to make enterprise apps secure by default, fostering an open ecosystem. This move enhances end-to-end security for enterprise SaaS platforms.
Q: Okta’s recent solutions like Governance and Identity Threat Protection aim to build a secure ecosystem. What sets Okta’s approach apart from others in the industry?
What differentiates Okta is our commitment to delivering complete and unified identity management. Our platform integrates seamlessly with existing IT ecosystems, which means customers don’t have to choose between compatibility and innovation. We focus on high availability and always-on security, ensuring that protection is continuous and resilient. Importantly, we also emphasise user experience. There should never be a trade off between security and usability.
Q: How does the Okta Secure Identity Commitment (OSIC) influence client security practices? Could you share any notable examples?
One of OSIC’s core focuses is promoting phishing-resistant authentication. Beyond that, it reflects our ongoing investment in next-gen tools, including the use of AI and emerging areas like Identity Security Posture Management. The results speak for themselves: clients have seen up to a 90% reduction in credential stuffing attempts over 90 days, and in just a single month, OSIC’s protective mechanisms have blocked 2 billion potentially malicious access requests. These outcomes underscore how deeply OSIC is influencing operational security in real time.
Q: How is Okta leveraging AI in identity security, and what role do you see AI playing in protecting against future threats?
AI plays a pivotal role in our identity threat protection strategy today and will only become more critical moving forward. Currently, AI enables real-time threat detection and behavioural anomaly analysis, which means capabilities that are essential for identifying risks before they escalate. In the future, we see AI enhancing both security and user experience by analysing vast signals more efficiently and automating response mechanisms. This transition from reactive to proactive identity security means we can predict and prevent threats before they occur. Tools like Okta’s AI-driven Identity Threat Protection are already showing how transformative this approach can be.
Q: How does Okta ensure that new features effectively combat identity-based attacks, and what challenges do you face in staying ahead of these threats?
We take a customer-first approach to product development, working closely with organisations to understand the challenges they face. This gives us a comprehensive view of the industry and the market. To address identity-based attacks, we rely on a combination of real-time risk monitoring, adaptive multi-factor authentication (MFA), and AI-powered detection. These systems continuously evaluate user behaviour, flag anomalies, and respond dynamically to threats—offering protection that extends far beyond the login screen. Of course, staying ahead isn’t easy. The pace of attack sophistication is accelerating, and striking the right balance between robust security and seamless user experience is always a challenge. Our solution is to continuously evolve and integrate with a broad range of tools, ensuring we stay resilient as the ecosystem grows more complex.
Q: Looking ahead, what major shifts do you expect in identity management over the next decade?
That’s the billion-dollar question. It’s always tricky to predict the future, but some trends are already becoming clear. First, passwords are on their way out. Technologies like Passkeys are gaining traction, and we expect passwordless authentication to become the norm. Second, Zero Trust has gone from being a buzzword to a foundational principle; it’s now standard practice, especially among digital-native organisations. We also anticipate stronger privacy regulations, and Okta is proactively building compliance and transparency into its solutions to help customers navigate this changing environment. Finally, AI will take centre stage. As it matures, AI will bring greater intelligence and automation to identity management, allowing organisations to predict and neutralise threats before they materialise.
