Okta Targets India's AI Boom with Local Data Residency

BENGALURU, India – January 16, 2026 – Identity security leader Okta, Inc. is making a significant investment in the Indian market, announcing plans to launch in-country platform tenants hosted on Amazon Web Services (AWS). The move, set for early 2026, is designed to deliver local data residency and enhanced disaster recovery, directly addressing the stringent compliance demands and burgeoning AI adoption within India's highly regulated sectors.

This strategic initiative aims to empower organizations in banking, financial services, insurance (BFSI), and healthcare to navigate the complexities of India's evolving data protection landscape while securely harnessing the power of artificial intelligence. By allowing identity data to be stored within India's borders, Okta is positioning itself as a key enabler for companies grappling with new regulations and the security challenges posed by an increasingly automated workforce.

The Regulatory Imperative: Navigating India's Data Laws

Okta's decision is timed to align with a seismic shift in India's regulatory environment. The cornerstone of this change is the Digital Personal Data Protection (DPDP) Act of 2023, the nation's first comprehensive, cross-sectoral data privacy law. While the DPDP Act allows for cross-border data transfers to certain government-approved countries, it has created a strong preference for local data storage to ensure compliance and simplify governance. For many businesses, keeping sensitive user data within India is the clearest path to meeting the Act's requirements for data fiduciary responsibility and robust security measures.

This push for data localization is even more pronounced in the BFSI sector. The Reserve Bank of India (RBI) has issued strict directives mandating that all payment system operators store the "entire" dataset related to their operations—including transaction details and customer information—exclusively within India. While processing can occur abroad, the data must be returned to Indian servers within 24 hours. Similarly, the Insurance Regulatory and Development Authority of India (IRDAI) requires insurers to maintain all critical customer records in data centers located within the country.

By establishing local tenants, Okta directly addresses these mandates. This allows its Indian customers in regulated industries to use its identity and access management (IAM) platform while fulfilling their legal obligations for data sovereignty, a critical hurdle for any cloud service provider operating in the region.

Securing the 'Invisible Workforce' of AI

Beyond compliance, Okta's move is a direct response to the security paradox created by the rapid adoption of AI. According to the company's own research, a staggering 91% of organizations are already using AI agents, but a mere 10% have a well-developed strategy for managing the identities of these non-human actors. This creates a vast and often unmonitored attack surface.

This burgeoning "invisible workforce" of AI agents, bots, API keys, and service accounts is proliferating. Industry analysts estimate that non-human identities now outnumber human ones by a significant margin, creating new vectors for cyber threats. Unmanaged machine identities, such as expired certificates or hardcoded credentials in public code repositories, have been the source of major security breaches. As Indian enterprises accelerate their AI ambitions, securing this new class of identity has become a mission-critical priority.

“As AI agents enter the workforce, traditional perimeter-based security approaches can’t keep up,” said Stephanie Barnett, VP Presales and Interim GM for Okta APJ, in a statement. “Okta is addressing this head-on with a unified identity security fabric that helps protect every identity—human or AI—with equal rigor.”

The company's identity security fabric is designed to act as a central control plane, applying consistent governance and access policies to every identity, regardless of whether it belongs to a human employee or an automated AI agent. This unified approach is crucial for defending against sophisticated, AI-powered cyber threats.

Shakeel Khan, RVP and Country Manager for Okta India, added, “As Indian enterprises accelerate their digital transformation, securing every identity, human or AI has become mission-critical. Okta provides the identity security fabric that enables this trust, helping organisations in regulated sectors like...BFSI and healthcare protect sensitive data and identities within India’s borders.”

A Strategic Play in a Competitive Market

Okta's expansion is not happening in a vacuum. The Indian IAM market is a competitive battleground, with global players vying for a share of one of the world's fastest-growing digital economies. The demand for local data hosting and AI-centric security has become a key differentiator.

Competitor CyberArk, for instance, has already established a local data center in India for its SaaS offerings, explicitly marketing its ability to help customers meet data sovereignty requirements from regulators like the RBI and SEBI. Likewise, cloud behemoth Microsoft offers extensive infrastructure in India through its Azure data centers in Mumbai and Pune, providing data residency options for many of its services.

This competitive pressure makes Okta's investment a necessary strategic move to maintain and grow its footprint. By localizing its platform, the company not only levels the playing field but also signals a deep commitment to the Indian market. The timing aligns with a surge in AI investment, with industry reports from groups like NASSCOM projecting a 25-35% compound annual growth rate for India's AI market through 2027. By providing the security framework for this growth, Okta is betting on becoming an indispensable partner in India's digital future.

Building on a Foundation of Cloud and Trust

The technical backbone for Okta's new offering will be AWS's extensive infrastructure in India. The platform tenants will be deployed across AWS's Mumbai and Hyderabad regions, both of which feature multiple, physically isolated Availability Zones. This architecture provides a high degree of resilience and fault tolerance, directly supporting Okta's promise of "enhanced disaster recovery" and business continuity for its customers during potential regional outages.

The investment represents a foundational step in building trust with Indian enterprises, assuring them that their most sensitive identity data can be managed with modern cloud tools without leaving the country. Both new and existing Okta customers will have the ability to deploy their tenants in the India region starting in early 2026, empowering them to pursue innovation with greater confidence, compliance, and security.