Express Computer

Home  »  Exclusives  »  India is not just a talent hub anymore, it’s a strong mini-headquarters for us: Bhawna Singh, Okta

India is not just a talent hub anymore, it’s a strong mini-headquarters for us: Bhawna Singh, Okta

ExclusivesInterviews
By Sayantan Mondal
Bhawna Singh
0 127

As AI reshapes the cybersecurity landscape, identity is emerging as the first line of defence. In this insightful conversation, Bhawna Singh, CTO of Auth0 at Okta, dives deep into how the company is responding to evolving threats in the digital identity space—especially in the context of GenAI, agentic AI, and rising cyber risks in a data-driven world. Singh also outlines the strategic importance of Okta’s expanding India operations, the company’s approach to zero-trust architecture, and why identity posture is becoming foundational not just for security, but for building trust in AI adoption.

Okta has significantly expanded its presence in India, underscoring its strategic focus on the region’s burgeoning digital economy and the critical need for secure identity across businesses and government agencies. Could you elaborate on the persistent risks and the increasing exposure to threats in this region?

GenAI and agentic AI are undeniably powerful technologies that we are keen to leverage. Many are excited about their potential for productivity improvements and solving back-office problems, and I’m already witnessing significant innovation in this space. However, with every transformational technology come inherent risks, vulnerabilities, and areas we need to monitor. Just as technology in the right hands can profoundly impact humanity, in the wrong hands, it can be detrimental. GenAI and agentic AI are no different.

Regarding the risks, several areas warrant attention. Firstly, security implications are paramount. A lot of agentic AI technology will heavily rely on data. Many organisations are still in the process of cleaning up or classifying their data, and understanding where their data resides and its nature is crucial. Therefore, having a strong data posture or data structure is incredibly important. Data risk, particularly concerning Personally Identifiable Information (PII), is a primary concern.

Secondly, there’s the issue of exposure. When we talk about agentic AI, multiple agents collaborate to perform a specific task. This means one agent will rely on another to complete different parts of the task. The challenge lies in ensuring that all participating agents are authenticated, legitimate, and that no malicious agent is attempting to interfere or intercept the process. We need a robust security posture, built with the right technology, and a strong identity posture to ensure each agent is authenticated with the correct tokens in place.

Lastly, there’s the overall orchestration. How do we ensure all agents are behaving correctly? And if an agent isn’t, how quickly can we disable it or take appropriate action? The implications vary based on the use case. For certain critical use cases, the value of the risk can increase tenfold. Conversely, if you’re working with public data and the use case is primarily informational, the risk significantly drops. So, it truly depends on the use case and the level of risk you’re exposing yourself or your organisation to.

As a Chief Technology Officer, how do you see Okta’s role evolving in the current digital identity landscape, especially as organisations increasingly prioritise security, digital transformation, and user experience?

Okta’s role is becoming increasingly central and core in this space. When we discuss agents, GenAI, and AI, which primarily focus on personalisation, identity and user information are at the heart of it. Consider a use case where agents book a flight or manage a user’s calendar. These agents are leveraging the user’s authentication and identity to perform their tasks. In essence, identity is being extended for the user as these agents work on their behalf.

Our product, which revolves around solving for the identity ecosystem for in-house company needs, as well as consumer and B2B use cases, is precisely at this core. When identity is handled correctly, you establish the right security posture. Ensuring you have the right structure and platform—one that unifies and secures your identity, along with robust governance, visibility, alerts, and control—is fundamental to achieving a strong security posture.

Therefore, Okta’s role is becoming more and more paramount as we move into this space. I’d also add that a missing piece in the adoption of AI technology is building trust. How do you build trust with a technology stack? By ensuring a strong identity posture. Bringing in a robust identity posture that supports your agent setup can significantly accelerate AI adoption. So, Okta plays a dual role: providing a strong identity setup for security and fostering faster adoption by building trust.

Do you believe individuals in India tend to treat identity security less seriously compared to their European or U.S. counterparts?

Regardless of whether I think so, the question is, should they? And I would unequivocally say that everyone should take their identity and personal information seriously. Your personal information is an asset, and you should have control over how it’s leveraged, used, and the extent to which it’s utilised. So, should people worry about it? Absolutely. It’s the right thing to do.

Now, if you introduce AI into this mix, consider how AI will use this information in more powerful ways—both to help and potentially exploit humanity. This necessitates an even greater focus on identity security. Geographically, everyone should be taking their identity seriously. I understand that during the early days of social networking, people were comfortable sharing a lot of information, like pictures and real-time locations. However, I believe users are becoming increasingly aware of what they share on social media and how much they’re exposing.

I do think and hope people will worry about it. A significant part of this involves how we, as technology leaders, journalists, and others, raise awareness. Education will be key to changing how people perceive and manage their identity.

With the increasing sophistication of AI-driven cyberattacks, such as deepfakes and automated phishing, how is Okta evolving its security stack to maintain trust in identity verification and management?

Bad actors have always existed. The shift we’re observing now is in the frequency and sophistication of these attacks. As we witness this evolution, we are also leveraging similar powerful technologies to thwart these attacks. This includes detecting deepfakes—both visual and audio—and increasingly utilising biometrics and enhancing our authentication capabilities. Multi-factor authentication (MFA) is absolutely crucial. I’ve noticed that MFA isn’t always leveraged in many places, as you mentioned regarding geography. Implementing MFA makes it significantly harder for breaches to occur.

At our core, security is about defense in depth, meaning having multiple layers of protection to make breaching more challenging. While any single factor could be breached, multiple layers make it far more sophisticated for attackers. As attacks become more sophisticated, we must create equally sophisticated defenses. We constantly learn from our data, drawing insights from attack patterns. We even publish an annual white paper to share these learnings and best practices around things like credential stuffing with our users and customers.

We cannot stop the technology itself, but we can leverage it in a positive way to counter what bad actors are doing. This is the role Okta and many of our partners are playing.

It sounds like it’s always a task to stay one step ahead of the bad actors.

Exactly! That’s the only way to win. The game, honestly, is about how we stay a step ahead. This means leveraging, adopting, and understanding every new technology faster, discerning its power and value, and bringing that back to our customers and users.

I was talking with a CISO recently, and that person shared a philosophy that resonated – “They only have to be right once; we have to be right every time.”

That’s a wonderful way to put it. You’re right, a breach only needs to be successful once. But as a protection or defense product and solution, we must ensure that we are right all the time. And looking at our data, we are doing exactly that. You hear about breaches in the industry, but you don’t hear about the billions of times we’ve saved our customers. Yes, it’s a hard and complex job, but that’s where the challenge and the satisfaction come from.

As enterprises increasingly shift to hybrid and multi-cloud environments, zero-trust architecture is becoming more critical. How does Okta support large-scale zero-trust implementations across diverse IT systems?

Having a strong, unified identity infrastructure is foundational for any zero-trust model; identity is at its core. Defense in depth, which involves implementing layers of defensive technologies to provide protection based on the use case or solution being built, is also crucial.

The concept of least privilege is another key aspect of zero trust. For example, within Okta’s products, we offer the ability to configure session duration. Depending on the business risk and even geography, you can tune this differently. This is just one small example within a larger product. Similarly, how you exchange tokens between APIs is another consideration. These capabilities are essential not only in your identity platform but in every technology or security solution you use, allowing you to tune configurations based on specific needs. If you over-secure, you risk creating friction.

We have a product called Adaptive MFA, which goes beyond basic MFA. It understands geography, user behaviour, and the threat level of a given space or IP address, and then adapts. For instance, if the threat is high, it might introduce a CAPTCHA. If there’s no risk, the experience should be frictionless. You need products that understand and adapt to the threat, providing the flexibility, frictionless experience, and protection for your users and business. This is how you drive zero trust without creating friction. The moment users encounter friction, they tend to find workarounds. We aim to provide solutions that users will adopt, engage with, and utilise naturally.

With stricter data privacy laws, like the recent DPDP Act in India, and a global emphasis on digital sovereignty, how does Okta ensure compliance while maintaining a seamless user experience across borders?

Our product is designed to function across different geographies and adhere to the local laws and privacy expectations of each region. Primarily, this is how we’ve engineered our product. It very much depends on the region or environment it’s running in. However, most companies, including ours, strive to build their products based on generic rules. We often adopt the strictest possible rules and try to apply them universally to ensure compliance everywhere. Of course, based on deployment, we might tweak certain things if a specific geography requires it. Our products comply with laws and regulations, and we hold all necessary certifications for the regions in which our product operates.

Okta recently expanded its global innovation centre in India. What role does this centre play in product development and global strategy, and how do you ensure it remains tightly integrated with Okta’s global engineering vision?

I’m very pleased to share that we anticipate exceeding almost 1,000 people in 2025, making it a strong mini-headquarters for Okta in India. Your own write-ups and other research indicate that the AI market in India alone is projected to reach several billion dollars by 2030, with Deloitte reporting that 80% of Indian organisations are experimenting with AI. There’s immense activity regarding tech talent and organisations in India. This is precisely why Okta is investing and growing here.

Considering India’s market growth projections and the growing talent pool in innovative technologies, it’s only logical for us to view our India setup with optimism, especially in terms of its contribution to innovation. My team in India is already heavily innovating by leveraging AI to enhance productivity and improve developer experience. Multiple teams in India are also building solutions for non-human identities. We see it as an extension of our innovation and R&D efforts. My visits to our India office have been incredibly energetic and enthusiastic; it’s inspiring to see them educating themselves, learning, and understanding the value that new technologies bring. We’re very excited.

Regarding tight integration with Okta’s Global Engineering Vision, we are all building and solving for our core vision: securing identity and ensuring everyone can safely use any technology. The India setup is working towards this same vision while adopting the best and state-of-the-art tech stack available to help us achieve our goals.

India is currently home to over 1,700 GCCs, employing over 1.9 million people. What do you believe are the core reasons for so many companies establishing innovation centres here? Twenty years ago, it was the “BPO of the world”; now it’s a hub of innovation. What has caused this shift?

Firstly, it’s the access to strong tech talent here. Secondly, companies that were already established for IT and other services had a robust base there. Extending this to R&D simply makes sense and helps them grow. This, in turn, motivates other companies to see the possibilities. Thirdly, there’s a strong innovation and startup buzz which fosters new ideas. What tech company wouldn’t want to tap into a highly innovative space with abundant tech talent?

I’d say it’s a no-brainer. While other countries are also emerging in this way, as a global tech company, Okta and many others are looking for places with strong tech talent, rapid innovation, and fast adoption of new technologies. You’re absolutely right; looking back 20 years to now, India itself has truly embraced innovation and is actively building it. That’s what we, as a global company, are also seeking.

Are there any specific products or capabilities you’d like to highlight and you’re really looking forward to?

Yes, there are two products I want to call out. First is Auth0 for GenAI. This core product serves as a foundational setup to help build agentic AI solutions or applications. It provides out-of-the-box authentication and secure API-to-API calls. Crucially, it assists with authorisation, especially important because data is core to this. Not all agents should have access to all data; some agents should only view specific data, while others work on different pieces. Auth0 for GenAI helps create those essential guardrails.

The second capability I want to highlight, which I also mentioned earlier, is the non-human identity piece. These two areas are significant for us.

Get real time updates directly on you device, subscribe now.

Sayantan Mondal

Sayantan is a Correspondent at Express Computer and CRN India, The Indian Express Group. His interest lies in technology and innovation across all industries. Sayantan holds a Masters degree in Media and International Conflicts from University College Dublin, Dublin, Ireland and a Bachelors degree in Journalism and Mass Communication from Amity University Kolkata, Kolkata, India.

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image