The enterprise cybersecurity landscape has undergone sweeping changes. In response, companies see value in unifying different internal operations as security increasingly becomes a shared responsibility.

An organizational example is Okta Inc., which has managed a balanced cybersecurity strategy for itself and its customers through the shared participation of security and IT teams. Identity is driving strengthened relationships and partnerships across security and information technology, according to Alvina Antar (pictured), chief information officer of Okta.

“In the past, it was security [making] strategic decisions around what we need to do to be able to drive our overall strategy, and IT is in a position to execute without questioning the strategy,” she said. “That doesn’t fly, especially if you’re thinking about how to operate with an identity-first mindset and ensuring that what you’re enabling is this balance between security as well as the experience and that they’re not mutually exclusive.”

Antar spoke with theCUBE industry analyst Dave Vellante at the Supercloud 3: Security, AI and the Supercloud event, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the company’s identity and access management approach, particularly in the context of supercloud and artificial intelligence.

Why joint accountability is important

Joint accountability in enterprise security must go all the way up to the chief information officer and chief security officer. In doing so, companies can attain a gapless security posture while also maintaining a seamless experience for employees across areas such as product, sales and marketing, according to Antar.

“That is what allows us to shift our mindset that driving a hardened security posture doesn’t necessarily mean that you’re now creating a frictioned experience,” she said. “All that we’re talking about with our passwordless journey is actually hardening security while creating the most seamless, … least disruptive experience for our employees. They go hand in hand.”

Of course, security strategy flows out from the CSO’s office — but it must permeate across the entire organization in a distributed structure, Antar added.

“What we’ve done in the evolution of our security structure is that security ultimately is driven through our chief security officer in a distributed model across the organization, with my organization responsible and accountable for enterprise security,” she explained. “We have a … product security focus within our product and engineering focus. It’s a distributed model and really wanting to ensure that we’ve got a mindset where security is everyone’s priority across the entire organization, not just mine from an enterprise perspective.”

How multicloud and AI fit into the cybersecurity thoughtscape

Supercloud is, by definition, an extension of the existing multicloud idea. Thus, it’s worth examining the potential effects stakeholders are seeing as they enact security protocols across multiple clouds.

“I think it’s an opportunity,” Antar said. “I see multicloud is where everyone is focused, not just from increasing reliability and redundancy, but also from an efficiency [point of view], which is top of mind for all of us. And it does add complexity from a security perspective, and that’s the opportunity that we all have to ensure that we’re now balancing our tools and methods and capabilities that may be different across multiple platforms.”

Multicloud’s central idea, which is an infrastructure without boundaries, must be extended to how cybersecurity is discussed and enforced. A centralized identity model to manage multicloud environments is critical, according to Antar.

“We need to think about our environment as boundaryless, whether it’s through multi-infrastructure, whether it’s through multiple devices, whether the perimeter,” she noted. “We talk about how the security perimeter has expanded, not just across your employees, but think about your contractors and your extended workforce. Needing to be able to have a centralized identity model across this expanded perimeter is critical in a multicloud and multi-everything environment.”

AI is playing heavily into how applications are being built now and into the future. To secure these complex applications, Okta sees its identity management approach as “the most equipped,” Antar added.

“It’s exciting [that] just even within our own products, within workforce identity and customer identity, we have capabilities that we continue to further evolve as it relates to AI across our security center and across threat insights … that allow us to be able to understand what is happening and provide signals and insights to our customers around risks to prevent attacks,” she said.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the Supercloud 3: Security, AI and the Supercloud event:

Photo: SiliconANGLE