Q&A: Okta’s Chief Product Officer On The Identity Threat Landscape And Securing GenAI Identities

Securing enterprise identities continues to be a significant challenge for security teams. Identity-related attacks are one of the most common vectors of compromise in organizations today.

Arnab Bose is Chief Product Officer at Okta, a global market leader in workforce IAM solutions. Bose is responsible for the development of the company’s Workforce Identity solutions.  

Prior to joining Okta, he was a VP of Product Management at Salesforce, where he led several efforts, from integrating Quip into the Salesforce Platform to process automation. Arnab also served as a Senior Program Manager Lead at Microsoft.

As part of our ongoing series interviewing leaders from across the cybersecurity space, Expert Insights recently spoke to Bose to hear his views on the state of the IAM market, how teams should prioritize security spending for 2025, and his top recommendations for CISOs.

Q. What are the biggest challenges facing organizations in the workforce IAM space today and how are threats evolving?

The threat landscape is rapidly evolving and in today’s distributed workplace environment, identity is security. Threat actors are targeting identity, with 80% of breaches involving some kind of compromised credentials. Any time employees, vendors, or partners are attempting to sign in, organizations must be equipped to authenticate that log-in attempt and verify the person behind the screen is who they say they are.  

Along with the rise of AI in the enterprise, bad actors are getting more creative in their endeavors to leverage the technology for credential theft and account takeover. Generative AI is being used to conduct personalized phishing schemes, powerful brute-force attacks, and automated credential stuffing. As organizations look to combat these threats, identity access management (IAM) has been pushed to the forefront of the security conversation.

Q. How does the Okta Workforce Identity Cloud platform help teams address these challenges, and how do you continue to stand out as a leader in such a competitive market?

Today we’re seeing enterprises use an average of more than 1,000 different apps, and over 82% of companies use three or more cloud infrastructure providers. With all these apps, platforms, users, and devices to manage, visibility and control can sometimes feel out of reach for IT and security teams being tasked with managing this growing attack surface.

Our Workforce Identity Cloud (WIC) is designed to help organizations defend against identity-based attacks by streamlining and simplifying IAM, identity governance, and privileged access. WIC helps teams enforce authentication policies, discover and remediate gaps in identity posture, and quickly detect and respond to threats across all users, resources, and devices.  

At Okta, we’re constantly listening to the needs of our customers and refining the WIC platform to help organizations stay proactive in today’s threat landscape. Recently, we announced updates to WIC that address top security challenges we’re seeing such as unmanaged SaaS service accounts, governance risks, and identity verification. 

Okta also led the formation of an OpenID Foundation Interoperability Profile for Secure Identity in the Enterprise [IPSIE] working group because we believe that a unifying industry standard is the key to fostering an open ecosystem where it is seamless and efficient to build and use enterprise apps that are secure by default. This framework will provide a clear blueprint for enterprises to implement the strongest level of identity security before, during, and after authentication.

Q. What are your top recommendations for CISOs in the process of looking for an IAM solution?

Finding the right identity partner is about trust. The digital attack surface is growing larger and threat actors are using AI to scale their operations more easily, with identity-based attacks like phishing no longer being manual and expensive undertakings.  Above all else, CISOs and other security decision makers are looking for IAM solutions they can count on to evolve along with the threat landscape. 

Okta is dedicated to serving as a transparent, trustworthy partner in identity posture. The Okta Secure Identity Commitment (OSIC) embodies Okta’s broader vision to lead the fight against identity-based attacks. By sharing our roadmap to a more secure future, Okta is demonstrating progress on its vision to raise the bar across the industry.

Q. What trends do you expect to see in the IAM space in 2025?

In the year ahead, we expect to see the adoption of multi-factor authentication (MFA) continue to surge. Okta’s recent Secure Sign-In Trends Report showed that MFA adoption has climbed to 66% and phishing-resistant authentication methods are starting to gain traction in the enterprise, with Okta FastPass adoption jumping from 2% to 6% in one year. A passwordless future has been a hot topic in the identity space for years, but for a growing number of organizations, it’s becoming a reality.  

Additionally, next year will bring a further rise in AI-powered identity-based attacks, such as social engineering and deepfakes, across industries. Bad actors are exploiting weak identity verification processes—like temporary passwords or help desk admins who can be socially engineered—that allow them to impersonate legitimate users. As these security challenges continue to evolve, companies will need to have robust identity verification systems, such as Okta’s Out-of-the-box Integrations for Identity Verification, in place to help verify an individual is who they say they are. 

Fortunately, AI isn’t just for the bad guys. As AI technologies grow more sophisticated, security teams will also have new tools at their disposal to leverage AI for improved threat detection, response, and remediation. For example, Identity Threat Protection leverages Okta AI to detect and respond to identity threats in real time during and post-authentication, amplify security signal sharing across the ecosystem, and orchestrate remedying actions.  

Q. In your view, what should organizations’ top IAM planning priorities for 2025 be?

We’re seeing a rise of AI agents that are currently making their way into the enterprise, but questions remain about how organizations plan to secure these agents. How can they ensure the correct – and least privileged – access to sensitive customer information? How do they build and implement human-in-the-loop processes for a trustworthy foundation? How do they implement security controls for Service Accounts and non-human identities? Security leaders need to start thinking about how to protect customer interactions with generative AI agents and how development teams can safely build AI agents into their apps. 

To help address these concerns, Okta recently announced two main features. The first is Auth for GenAI, our new product that can help developers and organizations secure identity in GenAI applications. By protecting sensitive data and user credentials and securing integrations across user applications, consumers and businesses can feel more trusting.

The second is locking down Service Accounts in SaaS applications using vaulting and secret management. Okta can discover and protect accounts that are created directly in top applications and fulfill AI business goals. 

Further reading:

• Learn more about OKTA
• Read our guide to the top Identity and Access Management solutions