Okta, Inc. (OKTA) Earnings Call Transcript & Summary

All right. Good morning. My name is Brian Essex, Goldman Sachs' security software analyst. Thank you to everyone for joining us for the first day of our technology and internet conference. Before we get started, I'd like to mention that if anyone on the webcast has questions they'd like to address, please enter those questions in the webcast portal. I'll try to leave some time, at least 10 minutes or so, at the end of the session, and I'll do my best to get to as many questions as I can. With me today we're very excited to have Todd McKinnon. For those of you that don't know, Todd is the Co-Founder and CEO of Okta. Founded in 2009, Okta is a leading cloud enterprise identity management platform. The company is still growing at over 40%, with annual recurring revenue of over $825 million and a market cap of $32 billion. Todd, welcome, and thank you for joining us. Sorry, I cut you right...

Thanks for having me. Yes -- no, thanks for having me on. I'm excited to have a little chat and talk about things.

Yes, we're glad to have you. So maybe to start off, I mean, you've got some pretty impressive numbers and you certainly outpaced a lot of vendors in the space. To set the backdrop, could you help us understand the opportunity that you saw when you entered the market, how you approached the market, whether it was different than others that enabled you to outpace everyone else?

Well, you're -- it's -- we're almost 12 years old. So it's been a while. I think for us, it was really a bet on the future prevalence of cloud computing. And at the time, it was really differentiate -- or a lot of -- there were a lot of app vendors, Salesforce, where I worked before I started Okta, Google Apps and Workday and things like this. And what we saw is that as -- really, there was a choice to do everything, an IT department who want to do from the cloud, you were going to need a new identity and a new security stack that was actually served from the cloud as well. Because at the time, there's still reticence to think about doing things about security and management from the cloud. That was kind of the bastion of on-premise, own the software, run the software. That's where you do your security and your management, but we had the -- we looked ahead and said, hey, when all the workloads are on the cloud, it's going to make more sense to have the security and the identity in the cloud as well. And that was an architectural decision we made very early, and it's really enabled us to do not only the things that are associated with cloud vendors now, the no maintenance cost and ability to get upgrade seamlessly in innovation, but also for us, which is super key is that it's enabled us to stay integrated to all of the different technologies in the ecosystem. And we have almost 7,000 integrations out of the box, which is if you're in a company installing an identity stack, you want it to be pre-integrated everything, and we were able to do that, largely because of our cloud architecture.

Right. Right. Super helpful. And maybe before I kind of dig in into the company a little bit, we'll get a macro question out of the way. I think we had a few analyst days yesterday and macro was certainly top of mind. I think as we kind of head into the year, particularly given the events that happened late last year -- well, maybe all throughout the year, maybe if you could help us a little bit and share with us what you saw last year? What was the perspective from your seat in terms of what stood out? There was a lot going on, but how did things change for Okta as you move throughout the year? And then, obviously, a major breach right at the end of the year. Maybe your perspective on that as well as we go into 2021.

We should clarify. It was not a breach of Okta, but it was a...

I'm sorry.

[ A mere ] -- I mean, you'll see that in the transcript being taken out of context. Yes, you're talking about -- talking about the SolarWinds payload.

I'm talking about the SolarWinds...

Yes. Yes. We should get into that. That's -- it's pretty interesting. But yes, so I think for us, last year, like a lot of companies, I think it was -- we had a -- coming into the year, we had a super aggressive growth and investment plan. And when the pandemic hit, we basically dialed it back, and we were pretty conservative in terms of investment and spending is still growing, but we changed our plan at that time to be more conservative on spending and growth. And we've -- as you've seen in the financial results through the first 3 quarters, we've greatly exceeded that plan. So it's -- I would say it was a prudent, cautious approach and then an environment that enabled us to beat that plan pretty handily. I think that's -- if you look at our outlook now, it's -- I would describe it the same way. I mean, we're growing, and we're investing, but we're also, I think, prudently cautious in terms of what could unfold in the months ahead. Now we have vaccines and what's -- does that mean that the impacted industries kind of bounce back? Does that mean that there's no more macroeconomic impacts broader than just impacted industries? We've -- in our business, about 11% of our customers are impacted industries, travel, cruise, hospitality, things like that.

Right.

Does that spread? Does that stay contained? Does that go down? I think all those things are a little bit hard to know. So we're being cautious and prudent in our outlook going forward with those regards.

And how did that -- I mean, as we had events with pandemic and then obviously, certain industries more effective than others by an elevated risk profile, whether it was e-commerce or enterprises well exposed to remote employees. How quickly did that manifest itself in your pipeline and then conversion to revenue results? And what are your conversations now kind of post the SolarWinds incident? Do you have a more elevated expectations for 2021 and prior to the breach? And is that the tenor of the CEOs that you talked to?

Well, our business -- so our business is about -- so about 75% of our business is workforce identity. So it's helping employees securely access all the tools and technologies they need to be productive. And we -- and part of that is, since it's a cloud service, it's really built for remote access, for access from anywhere. It's not tied to a network. It's not tied to a firewall. It's not tied to an office VPN. So that -- right when the pandemic started, you could imagine there was a -- it was a bunch of people that were -- a bunch of companies and customers that were accelerating deals with Okta to get remote workforces deployed very urgently. So that was definitely a catalyst for the workforce part of the business early in the pandemic, specifically, directly and like very reactive. The second part of our business is -- it's about 25%, growing more quickly, but it's customer identity. So it's -- think about it's our customers helping their customers log into their mobile apps and websites. And that part of the business is also getting a boost from COVID, but I would say the lead time is a little longer because these solutions, many times, have to be built. So it's not just like you can take the cloud apps and a modern identity stack like Okta and turn remote employees on immediately. You have to build our APIs into your mobile app or your website. So we're seeing the benefits of that, I think, play out over a longer period of time and will continue in the next year and beyond. But this is all -- I'd say -- and this is related to your specific questions about the SolarWinds attack as well. I think the -- these are all -- these trends, whether -- these trends, the companies want to have a better online experience. If you're in retail, you have to be online, if you're -- even if you're just a neighborhood store or you're a neighborhood business, you have to be online. You're doing curbside pickup. You're doing all these things that the pandemic has showed are possible and are productive for companies. These trends are long-term trends anyway. So they're -- I would say they're being accelerated by the pandemic, but it's not like they're onetime things. It's not like we're going to stop using all of these convenient online features that we've gotten used to in the pandemic and businesses aren't going to stop investing in these kind of things going forward. Same thing on the workforce side. I mean, employees have been -- I mean, obviously, there'll be a -- people will go back to the offices, but the freedom and the power of remote work is -- I think it's going to be -- people are going to enjoy that freedom and they're not going to be as tied to VPNs, and it's going to be a better world, both from employee flexibility and for security. And I think that -- so while some of these things are being accelerated, I think they're just acceleration of long-term trends that were inevitable anyways.

Right. Right. That's super helpful. Maybe I want to touch a little bit about your plans to kind of expand from kind of a best-of-breed vendor to migrate more to a platform company. How do you see that evolving going forward?

The -- so it -- we talked about our business and sometimes -- people talk about our business sometimes in the security context, how we help companies more secure because we can more effectively determine who the user is because we can do 2-factor log in or we could take a look at usage patterns and know-how to what kind of security checks we should be doing on the user base side usage and things like that, and they can be done for employees and for customers. But a lot of what we do is -- or the value prop and the way we position the service and the way we sell the service is, it's like a productivity increase. So it's use Okta because you'll make your employees more productive. It's not necessarily a security play. That's part of it, but it's more of a -- it's also, in addition to the security, it's productivity and helping getting new apps deployed and getting new applications adopted. You're invested in these SaaS applications, keep them adopted, making them easier to use. And on the customer side, it's making your developers more productive. It's getting those services built quickly and with high quality. So for us, when we think about becoming a platform, it's very simple for us. There's 2 parts of it. The first part is we need to address any use case a customer has around identity. So it's got to be not only identity for cloud applications they want to log into, but it's got to be identity for their on-premise applications as well. So they don't want 2 identity stacks. They want -- everyone has some on-premise resources, and they're more -- migrating more and more to the cloud, and we want to meet them in both of those use cases. It's not -- I talked about this before with the different parts of our business, but it's not just about being identity for your workforce, but you need -- have to have the same capabilities for customer -- our customers' customers and in the workforce. So it's being flexible and extendable and customizable because identity is complex. And what's happened in the past a lot of times is that the identity technology was part of a different platform. It was part of Windows or it was part of Oracle or it was part of IBM, and it wasn't powerful and flexible enough and customizable enough to be a platform on its own. And what we've really done is build this system that's flexible, customizable, extendable and really can stand on its own and serve any use case the customer has. So that's one part of it. And then the second part of it is like -- and this is a hallmark of all platforms, it's solutions are built on top of it, right? So you have other kinds of solutions that are actually -- other software developers are building solutions on top of us and then kind of selling them alongside of Okta. So it's -- so if you look at it from a customer's perspective, they have all kinds of identity challenges from customers to employees and partners and different apps and different -- they want devices to log in securely and they want networks to be authenticated and they want different policies. So we come in and we say, hey, it's pre-integrated. It can serve all of these use cases. And there's these solutions built around it that give it the benefit even beyond what Okta is building. And that's for us what it means to be a platform and what we're executing in terms of our strategy.

Got it. That's super helpful. And then we've kind of -- the next step on that is, we've already begun to see boundaries blur within the identity markets, whether it's privileged access management, governance, acquiring IDaaS capabilities and vice versa. How do you think about defining the boundaries of where you'll compete? And what the -- what you expect the market to look like several years down the road?

Well, I think that -- I think the first part of it is that it's -- the future -- I mean, this sounds kind of -- I'm sure a lot of CEOs say this at your conferences and people you talk to, but cloud is the future, right? So you have to be a cloud vendor in this space, especially in identity because like I said before, one of the key differentiations for Okta is this pre-integration. So it's this platform that's integrated to thousands and thousands of different types of technologies. And it's not just apps, it's devices and firewalls, we're integrated to everything. We're integrated to other management software, to HR systems and workflows. And so I think that it's -- you have to be in the cloud to do that. And I think that from an architectural perspective, we're still, in our industry, in this phase where a lot of the solutions are still software. And I think that as a vendor, sometimes, they're a little bit trying to straddle the fence and say, hey, software is still good for some situations and sometimes you want to run it yourself, and sometimes you don't. And we very strongly believe that identity needs to connect to everything, but you shouldn't be running your own identity stack. So I think that's -- if you look at how we look at the market, that's really important. And then I think some of these categories are -- because of the shift to this new kind of post perimeter world and people connecting from everywhere and all this flexibility, there are categories that probably shouldn't be separate categories. I think if you look long term, if you look at a lot of the things around privileged access management, this is -- you're kind of migrating from a world that was very different than the world we're going to, both from the -- where people access services from, and what it means to be a privileged account. I mean, it used to be that if you are on the -- in the data center, right, logging into the master database, then you really needed to secure that log in and you needed to have privileged access. You need to audit it. You needed to have a different level of access, check-in and control for that. But now it's -- first of all, the server admins aren't logging in from the data center, they're logging in from everywhere, right? Because they're working at home, too. And really you have so much flexibility with people logging in from different systems, you really have to have the technology to check every log in that securely. So it's almost like, in some sense, every log in has become a privileged log in. So I think that architectural shift is structurally forced some of these categories to come together. And then if you -- and you also look at just the services and the systems that you're trying to secure. If you're looking at -- we have a product called Advanced Server Access. And people always ask me if -- is that -- are you competing in privileged access management? Is that a traditional privileged access management product? And I say, well, I guess, but it's built for a very different type of environment. It's built for this environment where you don't have 5 servers running Oracle in a dedicated rack in a data center. It's built for an environment where you might have 5,000 servers spinning up dynamically and supporting a massive e-commerce site. So that's -- and that's a different -- you have to do different things there. You have to have a different binding in the types of the software that you are securing, you have to make sure that the users are authenticated in a flexible way. So I think that -- yes, I think that's an example of how the migration architecturally and the evolution architecturally is causing that category, I think, to change and collapse, in some senses.

Right. Right. Maybe on that, I mean, in line with that enterprises increasingly focused on principles like Zero Trust, which identity obviously plays a critical role. How should we think about CIOs or enterprises in general and their ability to adopt those principles? Are we still kind of in an educational phase? Are there certain limiting -- are there architectural limitations that would limit their ability to adopt those principles? Or is this more of like a -- just a gradual migration over time to maybe get principles in line with Zero Trust?

Well, I think that it's -- I think it's a heavy lift, right? So I think what you're seeing is that people are -- companies are adopting it kind of like at the edge and then eventually moving toward the core of the data center. Does that make sense? I'll give you an example. So for those of you that aren't intimately familiar. And by the way, I think what's -- big difference over the last 3 years that CIOs now are pretty consistently -- they understand what Zero Trust means, where I think 3 years ago it was so new that people had different interpretations of what it means. Basically, it means that build your security posture so that you don't have a different set of policies and access requirements behind the firewall and outside the firewall. So build all of your policies and access requirements as if people -- as if it was someone that was outside the firewall, build it like that consistently all the way through. So you don't have a situation, by the way, like a SolarWinds where you get inside the firewall and then they're past all of the access control checks. So that's the idea. And that's -- but the problem is you have 30 years of architecture that were not built that way. You have 30 years of architecture that assumed that once you were in the office and once you were in the data center that you were secure, in that it wasn't -- you didn't really have to worry that much about it. You didn't have to check the log in. You didn't have to have the kind of analysis and detection software that would be required and so forth. So I think that -- you're seeing CIOs and companies adopt this from the outside in. So the first thing they're doing is they're applying Zero Trust to workers that are remote, right? So you're saying -- and that used to be done without the VPN, by the way, which is kind of the wrong approach because with the VPN, what you do is you're essentially saying, now we're simulating as if this user is behind the firewall, and not doing all the detailed checking that we should be doing outside of the firewall. So they're starting with remote work. And I think this -- in a lot of ways, the COVID situation has forced the acceleration of Zero Trust principles on these remote workers. And I think it will work its way in. I mean it will work its way all the way eventually even to the data center, where inside the data center, you don't have 2 servers sitting next to each other, trusting each other. They're continuously checking and making sure that one of those servers hasn't been compromised because if you look at what happened with SolarWinds is that the attackers were able to use that mechanism to get inside the data center. And because all of those servers inside the data center are -- were trusting each other, they weren't built in a Zero Trust way. The attackers could do whatever they wanted. So I think you'll see Zero Trust get all the way into the data center. And you'll see, eventually, it's going to be a heavier lift, but you'll see 2 servers sitting next to each other in the data center continuously checking authorization and access so that even if one of them gets compromised, the attacker won't have seamless access to the rest of the servers in there.

Right. That makes a lot of sense. And how should we think about Okta in terms of the way that you're growing in the market? Did it start off with more kind of midsized businesses and you're going upmarket into large enterprise? How do we think about your ability to expand penetration beyond your initial customer size? And is it bringing feature sets in parity with other peers? Or I guess fine-tuning go-to-market? How should we kind of put past growth in context to where you're going from a customer size perspective?

Well, it's a big market. I mean, if you think about what we're doing, it's -- anyone -- any company that uses technology needs identity to securely authenticate and get information and get applications to their users. So it's essentially any -- every organization in the world. And that's on the workforce side. And then you also think about the organizations that are trying to have a better online experience, connect with their customers and their partners with mobile apps and websites and think about what that means for their supply chain and the distribution chain. It's a massive, massive opportunity. So I mean -- and we're still relatively small. I mean, we're still around $200 million a quarter in revenue, growing quickly, but it's -- we feel like we're just getting started. I think traditionally, we've -- we were very successful in, call it, the mid-enterprise segment, and we've been aggressively moving up. I mean, if you look at the numbers over the last 4 quarters in terms of our growth and the main metric on size of companies we're selling to is our number of deals over $100,000 of ARR a year, and that's been growing steadily. And I think that's -- you're going to see that continue, because if you look at the organizations that have the biggest identity challenges, it's the biggest companies in the world, the biggest organizations in the world. They have the most people, they have the most technology, they have the most benefit, I think, to gain from that, but also on the customer side, the way they can reinvent their businesses and create new businesses by being online. And identity is a part of all of that. We want to meet them where they are. One -- you asked about evolution of the product. One -- in terms of -- the other thing about large enterprises is that they -- they still have a lot of technology, and oftentimes, a lot of legacy technology. So we've done a good job over the last few years making sure that we can support that so we can -- we have a product we've released called the Okta Access Gateway that really helps us connect in a deep and powerful way to on-premise technology. So that's an example of something we built specifically as we move upmarket in this large enterprise segment. And the good news for us is that the future is the cloud and these large organizations are going faster to the cloud, especially when they see things like, obviously, COVID and the ability to make remote workers productive. That's much more easy with cloud services and applications. But also the -- like the SolarWinds attack, one of the things that's accomplished, it's -- the effect it's having is that it's kind of proving that there used to be this idea that on-premise was more secure, right, and that, that was the way to stay secure if you control it all yourself. And I think that's proving to be not true. I mean, I think there are security risks and everything. And I think it's about how do you mitigate the security risks, and it's not the scenario where on-prem is secure and cloud is less secure. I think that's becoming very clear now as people think about the benefits of cloud and the -- kind of the risks of the old way of doing things as well.

Right. Okay. And then maybe if I could touch on the customer identity and access management, the CIAM space, you know it is a pretty nascent market. But you've seen pretty strong traction there. I mean, maybe can you help us understand how you think about the opportunity ahead of you in that market and circumstances where you're competitive against other vendors that may be CIAM first, where they lead with that or more developer focused? How do you see the dynamics in that market playing out?

I think there's a couple of things. One -- I mean, I think the biggest driver in that market is build versus buy. So I think that a lot of -- what we see a lot is that companies that are building a website or a mobile app, the first instinct is just to build log in themselves because it's -- you can build a simple log in page and a simple password page, and what doesn't become apparent until later is that the simple flows there and the simple requirements there kind of -- you hit the wall quickly when you think about how to do this at scale and what about password resets and what about if you want certain kind of risk challenges for certain kind of users. And then on the back end, a lot of these sites have different user databases, and then you have a password database that's not integrated with the user database and you have account profiles that are not synchronized. So it gets unruly very quickly. So I think one of the biggest catalysts of the market is just developers are realizing that they don't have to build this themselves and that as companies are successfully using things like Okta, it's becoming clear in the industry that you should use this as a component, not build it yourself. So that's a big catalyst in the market. I think that the other thing is that this is -- I think we're still working to define a complete solution for the customer. And what I mean by that is the problem they're trying to solve is it's like a developer productivity problem. It's a security problem. But there's also, like I mentioned before, there's also like a data integration problem. They're trying to integrate customer data from various systems and there's marketing systems and there's CRM systems. And so I think there's specific fraud, there's consent and privacy around -- now that the user is using the service, how do they know what data is being tracked and how do they consent to having to be tracked? And so we're working to really define the complete solution for the customer so that it's very well understood they don't have to build it, and it's very well understood what they should get in the CIAM offering versus what they should have to get from other vendors. And I think that as that gets hammered out, you're going to see the market really accelerate because there is a lot -- there is a big problem here. And there's a big amount of value we can deliver for customers. And we're working hard to be the leader in this market.

Right. That's helpful. And maybe back to the enterprise side. If I think about some of the peers that offer more kind of what we call, hybrid solution, but the choice of on-prem versus in the cloud. Any thoughts on how customers think about that? Do they view those vendors as vendors that can maybe help them on-prem and then hold their hand while they get to the cloud or in a hybrid environment or should a solution be agnostic if we use -- speaking of cloud to begin with?

I think that -- I think -- I mean, surely, there's customers out there that still want to run the software themselves. I think there's less of them, and they're -- I think in the future, I think that's -- there's going to be a very, very small minority. And I think it's not -- so I think that's just like a reality of where the world is going. I don't -- I think it's -- in terms of the migration and so forth, I think the biggest thing is people are seeing that identity can help lead that migration in a sense because it's really a lot about getting the services accessible from anywhere and identity can help get that service accessible from anywhere. So instead of like -- if it makes sense, right, instead of installing your identity stack on-premise and then having that help your migration, it's going to help your migration to get the identity stack in the cloud and then have it kind of pull workloads out, if that makes sense. But that's the way we see it. But we're -- the one -- the folks we work with are -- they're not the ones that want identity software on-premise. So it's -- we have a little bit of a -- kind of a selection bias there.

Right. Right. Okay. And then maybe on the build versus buy point, maybe just your view on M&A. I think overall, the security market is one that's ripe for consolidation. Maybe as we start to see a light at the end of the tunnel here from a macro perspective, we'll see that activity pick up. But how do you think about it from an offer perspective in terms of what you might develop in-house versus IT or talent and they go out and acquire? And how big is your pipeline?

You're talking about for M&A, right?

Yes. M&A if you were to go out and pursue acquisitions.

Right. We have a lot of pipelines. We have a lot of pipelines. We have sales pipelines, we have M&A -- we have talent pipelines. We've got pipelines on pipelines. So M&A -- so there's a couple of things about M&A. First of all, we're -- we take a very customer-centric view of this as opposed to, I think, some company as they've taken like a financial-centric view, what do the financials look like, what would be the ROI for Okta? We certainly care about the ROI for Okta, but we flip it around and say, what was the customer benefit most greatly from if we had it in part of our technology and part of our sales team. And so that's the first lens we look at. And I think that one of the interesting things about it is that, that tends to lead us to things that are kind of like core integration technologies, because the biggest value prop for Okta is that we're neutral. And we're going to connect the customer to any technology. We're not going to railroad them into a certain set of apps or a certain set of collaboration or a certain set of devices, or it's like your identity is going to be the core platform that lets you choose anything and that freedom and choice is powerful. So like for example, we bought this company a couple of years ago that did essentially like low-code workflow platform that lets the user of Okta now and that we fully integrated it -- it's -- product is called Okta Workflows. It lets them specify the -- really at almost a programmatic level what the identity cloud should do in response to certain events like a user being -- an employee being hired or changing jobs or customer coming to the website. So that was a technology that was really -- it's really an integration technology because the choice for the customer there is like the ultimate -- or the benefit for the customers there is the ultimate expressive power to connect any system they want, right? So that's the kind of things we tend to see in our M&A pipeline and it's robust. I think we're looking hard at a lot of different things around bolstering the workforce business and the CIAM business. And I think it's -- I think we're going to make a lot of progress there over the next couple of years.

Okay. Great. I wanted to -- I got a bunch of questions, I'm probably not going to get to all of them on the website.

Yes. Your pipeline of questions is very long, I noticed.

By the longer pipeline here that are kind of freestyle as we've gotten them over the web portal. So maybe I'll start off with this one. With regard to integrations out of the box, clearly, a competitive advantage for you. Interested to hear some of the context around just how large of a moat that creates for Okta. So what would it take for a competitor to replicate this? How many pre-integrations did your closest competitor have, et cetera? Anything you could -- any color around that would be helpful.

Yes. I think it's -- I think the number is -- the number is important, but I think another factor about it too is that it's constantly changing, right? So the -- all these services are being upgraded, and they're adding more capabilities and you have to not only create the integration, but it has to be maintained. So the biggest advantage and the moat that we have is that we have so many customers that -- vendors and partners are maintaining the integrations for us. Does that make sense? So -- and to be able to have that flywheel, you have to have these integrations 5 years ago, because that's when we built the flywheel of people knowing that if their integration is up to date maintained on Okta, it's going to get to the most customers. And the customers know that Okta has -- going to have the one that's created and maintained. So that's an important distinction that people miss there a lot. And it has to also do with like the depth of the integration, right? Is it just an integration that lets you log in, which is important, but what about -- how do you synchronize the group memberships and the details about the user profile across services? That's a deeper integration. And how do you integrate to things like not just a business application, but let's say you have like a firewall that has rules about which types of users can log into which types of services, and how does that integration, think of Palo Alto Networks, right? How does that integration work? And how is that maintained? And so there's all kinds of -- integrations is a big deal. And I think that our biggest benefit now is that, like I said, we were there with the catalog and the network 5 years ago so that we built up this. It's a whole ecosystem and community of maintenance and investment and people building integrations. And these vendors go out to the market and the first -- especially smaller vendors, like the first 50 customers they get, all have Okta. And so it's kind of a no-brainer for that vendor to build the integration to make sure it's Okta-certified right away.

Makes sense. Maybe next, could you help us understand how Okta helps machine-to-machine identity opportunity? Or might you address that in the future?

Well, we have a product called API Access Management, which is -- it depends on what you mean by machine-to-machine. It's machine-to-machine, but it's like when one machine calls another API on behalf of a user. And so that's -- I think that's important. There's a whole -- I think there's an emerging, interesting -- there's -- if you really think about it like -- you could also put advanced server access in the same category. It's a developer logging into a -- or a server admin log into an admin machine. And it's -- there's a lot of information in the flow about -- knowledge about that machine, what risk is tolerated, how you authenticate and so forth. Yes, so I think it's -- we're pretty user-centric, but a lot of those flows have to go machine to machine.

Right. I mean, do you envision getting into? I know that some machine identity vendors out there, at least there's one private one that's relatively large. I mean they look at, essentially, I guess, authorizing or updating access to certain machines, updating certifications and so forth, refreshing those on an ongoing basis. Is that something you might get into? Or is that a completely different market?

I think it's pretty different right now. But like I said, we're pretty customer-driven, right? Even our customer identity market -- our customer identity business, if you could roll the clock back 8 years, it's -- customers are asking us for that. That's why we built it. So I think -- and we have a lot of reach in the marketplace, right? Because we've talked to a lot of customers, a lot of large enterprise customers, a lot of small customers, and if there is a signal out there about what they need, we're likely to pick up on it and do something there.

Right. Got it. And we just have a few minutes left, so maybe I'll hit you with this one. Just in terms of competition, competitors you might be the most worried about, whether it's emerging vendors or legacy vendors that may have a strong presence in identity overall?

Well, I think that it's -- I mean for -- like if you look forward 10 years for Okta, the world view of Okta and the most relevant, I think, "competitive dynamic" is, do -- is identity done as a part of other clouds or other platforms or is it its own cloud? So if you look out, there's going to be a dizzying array of technology in 10 years. I mean, everyone agrees on that. But a company is going to have 5 or 6 major clouds, infrastructure, collaboration, something probably around back office ERP. You could probably debate on which they'll be, but there's not going to be 1,000 of them. There'll be 1,000 technologies, but the major cloud, there's probably going to be 5 or 6 of them. And it's very important. We think that identity is going to be one of those clouds. Because the -- it's so important to have this primary source of getting your users authenticated and secured and logged into the other clouds and all of that other technology. And so that's the -- that's what we're driving for. When we make investments on the product, on the platform, extensibility, things building on top of us, it's toward this world view that identity is its own cloud in the future, independent and neutral from any other cloud. So in terms of competition, it's not kind of exactly what you're asking, but what we make sure is that it's very clear to the customers in the market that you can't have identity as a one-off part of another cloud. You can't have identity hanging off of your e-mail. You can't have identity hanging off of your infrastructure cloud. Identity, of course, needs to integrate to all those things, but it's its own independent thing. And that's really -- if you go back to your first question, which was what was the -- how did Okta get started and what was our first differentiation? It's kind of our first differentiation. If you think about it like -- people said, it's not a big enough problem, like why would you build an identity company? All the identity companies in the past kind of got swallowed up when they were small. And what we thought was that because of there's going to be -- because there's going to be so much more technology and because the risk of not being able to log people in correctly and securely and consistently, you're going to have this elevated need for this independent cloud. And that's -- even to this day, that's still what's playing out and that's still what we're working hard to make sure continues to evolve as the architecture of all this evolves.

Great. Great. With that, I think we're out of time. So Todd, thank you so much for joining us this afternoon. I really appreciate it. To those on the webcast, thank you as well.

Happy to be here, Brian. Thanks for having me.

All right, great. Have a great day, everyone.