- Okta shocked investors and customers by delaying a response to a Lapsus$ hack by two months.
- We believe that OKTA stock could remain in the penalty box in the near term.
- We discuss why investors should avoid OKTA stock for now.
- I do much more than just articles at Ultimate Growth Investing: Members get access to model portfolios, regular updates, a chat room, and more. Learn More »
Okta, Inc.'s (NASDAQ:OKTA) highly embarrassing security incident in January involving a breach through its third-party provider Sitel by hacking group Lapsus$ impacted its stock. However, some Street analysts did not consider the hack as "material" on its forward projections. For example, BTIG retained its Buy rating on Okta, believing the impact to be "small." It added (edited):
We have done a lot of independent fieldwork to better understand the implications to Okta from the company's recent third-party breach disclosure.
We also conducted a survey of 25 Okta customers. Therefore, we believe that any impact from the breach will be relatively small and contained within FQ1.
Still, there's modest potential for risk on new customer additions. That said, we believe the headwind will be relatively small and abate within three months. Furthermore, we see little to no risk in existing customer expansion initiatives or churn. (The Fly)
However, we remain unconvinced. We think the credibility impact from Okta to provide timely disclosure has riled several customers and notable cybersecurity providers/partners.
Furthermore, Okta is not the only leading IAM/MFA player in town. For example, CrowdStrike (CRWD) highlighted that it works with several identity partners, including Ping Identity (PING), Duo (CSCO), CyberArk (CYBR), and Google Authenticator (GOOGL) (GOOG).
Therefore, we think Okta's delayed response has severely impacted its credibility. Notably, management's response certainly didn't do justice to its stock's implied growth premium.
Investors should also note that IAM/MFA providers have consistently traded at a considerable discount to OKTA stock. Hence, we believe that OKTA could remain in the penalty box in the near term.
Okta Riled Its Customers For Its Delayed Response
Okta's embarrassing incident has caused a stir among its customers that used it as an identity provider. The impact wasn't so much about Okta getting breached. Breaches have happened to security providers, and even Microsoft was also breached recently. But Okta customers were justifiably upset with the company's best practices regarding such disclosure.
Cybersecurity partner Tenable (TENB) was "infuriated." CEO Amit Yoran articulated (edited):
Two months is too long. This compromise should have been disclosed when Okta detected it in January or after a competent and timely forensic analysis.
No indicators of compromise have been published, no best practices and no guidance has been released on how to mitigate any potential increase in risk. As a customer, all we can say is that Okta has not contacted us. And, to the best of our knowledge, we are not affected by the breach. Out of an abundance of caution, we are taking what we believe to be logical actions to minimize exposure.
Trust is built on transparency and corporate responsibility, and demands both. I’ve been in the space long enough to know that security is imperfect. Even Mandiant (MNDT) was breached. But they had the fortitude and competence to provide as much detail as they could. And they remain one of the most trusted brands in security as a result. (Amit Yoran's LinkedIn)
Furthermore, Cloudflare (NET) was also visibly upset at Okta's initial response. CEO Matthew Prince articulated (edited): "Can anyone who's gotten a satisfactory answer to #Log4J, #Lof4Shell from Okta raise their hand? We certainly haven't. #rottenfishstinks." Prince then assured Cloudflare's customers that none of its customer accounts had been compromised. In a subsequent post, the company further clarified that it only used Okta for their internal employee accounts, but not for external customers.
Given Prince's exasperation over Okta's response, we don't think NET will even consider using Okta for its customers moving forward.
Unprofitable Business Model Leaves No Room For Compromise
Okta reported robust revenue growth in its recent FQ4 earnings report, reaching 63.2% on $383M in revenue. However, its GAAP operating margins demonstrated that the company is nowhere near profitability, despite its growth.
Moreover, such a growth-focused strategy could work against Okta moving forward as it needs to work harder to convince customers on the sidelines given the loss of its credibility. As such, onboarding new customers could be increasingly costly, further impacting its weak bottom line.
Therefore, we think its weak fundamentals don't bode well for Okta until it thoroughly addresses its best practices on material disclosures moving forward.
We encourage investors to pay attention to how its key customers react to such guidance. Notably, they should also observe how its cybersecurity partners work with Okta moving forward. We think these players have a massive influence on the integration with Okta, given the multitude of options available. CISOs deliberations would most certainly involve inputs from cybersecurity players like Cloudflare and CrowdStrike moving forward.
Notably, Cloudflare and CrowdStrike partner with Ping Identity in its Critical Infrastructure Defense Project. Therefore, we believe PING could feature more in their discussions with their customers. As Cloudflare and CrowdStrike investors ourselves, we are glad the duo didn't pick Okta for its project.
Is OKTA Stock A Buy, Sell, Or Hold?
OKTA stock's growth premium has certainly been digested significantly. But, it's not surprising given that the market has consistently accorded a much lower premium to its IAM/MFA peers, as seen above. Nonetheless, it still traded at a premium, and we believe it could remain in a range or move lower.
Given lower peer multiples and a lack of management credibility, we think there are insufficient near-term catalysts to re-rate OKTA stock.
Investors should also be wary of using the average price targets ((PTs)) to add exposure to OKTA stock. The Street has gotten it "horribly" wrong over the past year, as they continued to revise OKTA stock downwards.
As such, we rate OKTA stock at Hold.
Do you want to buy only at the right entry points for your growth stocks?
We help you to pick lower-risk entry points, ensuring you are able to capitalize on them with a higher probability of success and profit on their next wave up. Your membership also includes:
24/7 access to our model portfolios
Daily Tactical Market Analysis to sharpen your market awareness and avoid the emotional rollercoaster
Access to all our top stocks and earnings ideas
Access to all our charts with specific entry points
Real-time chatroom support
Real-time buy/sell/hedge alerts
This article was written by
JR Research is a seasoned investor with a background in economics. He focuses on identifying growth companies, market trends and growth opportunities. His approach combines price action with fundamentals.He runs the investing group Ultimate Growth Investing, which specializes in identifying high-potential opportunities across various sectors. The group is designed for aggressive investors seeking to capitalize on high-growth opportunities, and investors looking for growth opportunities at a reasonable price. Learn more.
Analyst’s Disclosure: I/we have a beneficial long position in the shares of NET, CRWD, GOOGL either through stock ownership, options, or other derivatives. I wrote this article myself, and it expresses my own opinions. I am not receiving compensation for it (other than from Seeking Alpha). I have no business relationship with any company whose stock is mentioned in this article.
Seeking Alpha's Disclosure: Past performance is no guarantee of future results. No recommendation or advice is being given as to whether any investment is suitable for a particular investor. Any views or opinions expressed above may not reflect those of Seeking Alpha as a whole. Seeking Alpha is not a licensed securities dealer, broker or US investment adviser or investment bank. Our analysts are third party authors that include both professional investors and individual investors who may not be licensed or certified by any institute or regulatory body.