One of the challenges facing organizations in a time when anyone can easily procure their own software with a couple of swipes on their smartphones is how you still manage compliance and governance on the backend.
I spoke to Todd McKinnon, CEO and co-founder at Okta, and his company's vision is to build an industry-standard way of managing compliance and governance in a central place, all from the backend, regardless of device or service -- at least that's the overarching hope. He admits they aren't there yet.
For now, he says they are solving basic problems like single sign-on, single source of access control among multiple services and Active Directory consolidation.
While some may consider this freedom to choose applications chaotic, McKinnon sees it differently and he believes what's chaotic is really a matter of your perspective.
"It depends on how you define chaos. Chaotic to whom?," he wondered. He said if you ask end users who were struggling with enterprise software, they are probably much happier with the current situation, but if you ask security/compliance/governance folks you might get a different answer. "Chaos is relative," he told me.
Yet McKinnon understands that companies need to provide some sort of protection, and that's where his company, Okta, comes into play.
"One of the things that my company is trying to do is define standard ways to give all these applications consumed directly by end users a consistent industry-defined way to talk back to a central system, so they can register in terms of auditing, logging, security and authentication -- taking all the stuff that the compliance guy wants and having a standard way for the apps to connect into that and still letting the users choose [the applications they want]," McKinnon explained to me.
He says he knows they have a ways to go before achieving that, but he hopes as they grow as a company, they will be able to exert more influence and fuel the conversation about industry standards.
As he told me, if you think about it, the idea that we have a cloud stack at all is fairly new, so having a standard way of connecting to that is going to take time. "It's still pretty early. There has only been a viable cloud or service alternative for every part of the IT stack for the last five years," he said.
McKinnon believes over the next five years we will begin to resolve these problems and end users and IT will be able to get what they need without getting in one another's way.
"I think we are in for a period of another five years of more choice and more chaos and more diversity before some of these security and compliance and auditing and control standards evolve to where companies can have both -- choice and security and control," he told me.
The other thing he said that's new is this whole notion of BYOD. As much as we write about it here at CITEworld, the idea of bringing your own powerful computing device to work is a relatively new one, so trying to bring some order to all of that is going to take some time too. Mobile Device Management was one attempt at that, but attacking it from the back end probably makes more sense.
As for his ultimate vision: "I'll tell you what I see happening in terms of the ultimate goal for the industry. As an industry, we agree on a broad set of standards, that lets all of these services share in a standard and organized way."
But it's going to take some time to get there.