The average security breach costs companies million of dollars and untold damage from the loss of consumer confidence. With more and more data being stored on remote servers throughout the world, protecting that information is vital.

That's where my pick for this month's top software-as-a-service (SaaS) stock comes in: identity manager Okta (OKTA -2.52%). Read on to see why the company's stock has tripled since going public two years ago, and why I think there's still lots of room for it to grow.

A digitalized fingerprint with ones and zeros in the background and foreground

Image source: Getty Images.

What Okta does

Okta has a very clearly delineated mission and vision:

  • Mission: to improve the connection between people and tools to make people more productive and secure.
  • Vision: to enable any organization to use any technology.

For investors who might not be familiar with the ins and outs of cyber-identities, this helps clarify where Okta sits in the value chain. It simply wants to make it possible for groups to safely use technology. It does this by managing tools that ensure a person (or "user") is who they say they are. Since a lot of work isn't done face-to-face anymore, this is vitally important. Okta helps people sign on and gain access to data and tools.

One way to think about how this works is to examine how you might sign into a site like GrubHub or Pinterest. Often, you can use your Google or Facebook account to gain access -- since you've already signed on to those sites. There's no need to remember a password for each additional platform since you can just use one of these two.

However, in the business world, the data is usually more sensitive. Additional levels of security are required.

Traditionally, companies would protect data stored on their servers in a "castle-and-moat" fashion. If someone was trying to access data from inside an organization -- for instance, trying to view a company's files from a port inside the company's headquarters -- it was automatically granted access. Attempts to access data from the outside were either denied, or the user had to jump through hoops to gain access.

That approach is quickly fading. Too often, hackers can get access into a user's profile via a virus and access very sensitive material. In its stead, "zero trust" is the strategy of choice. This means a system doesn't trust anyone -- whether from an organization or not -- without first identifying exactly who they are.

Okta does this through its recently renamed Okta Identity Engine. It offers companies the tools to grant access and manage identities for both employees and customers.

Growing customers

There's no better way to gauge the interest in Okta's offerings than by examining the number of customers it has signed on over the years.

Chart showing Okta customers over time

Chart by author. Data source: SEC filings.

Each one of those customers pays a subscription fee for using Okta -- with the fee varying depending on the size and scope of tools it needs. While Okta gets some "professional service" revenue from installing and helping train companies on how to use the interface, subscription revenue is what's really worth monitoring. 

Over the past five years, subscription revenue has increased almost tenfold.

Chart of annual subscription revenue over time at Okta

Chart by author. Data source: SEC filings.

It goes without saying that Okta is clearly offering a solution that more and more companies want.

It all comes down to the moat

None of that would matter if Okta didn't have a way to keep customers with the service for the long haul. If legacy players like Cisco or Symantec came along offering the same thing for cheaper -- and customers responded by switching over -- Okta wouldn't be a very good investment.

However, there are two forces helping create a wide moat -- or sustainable competitive advantage -- around the company. The first comes in the form of high switching costs. When a company finds a tool to help manage its security -- and employees and customers become more familiar and comfortable with that tool -- it's an arduous process to switch to a different provider. 

And Okta's dollar-based revenue retention (DBRR) -- which measures the amount of money the same cohort of customers pays year after year -- has consistently been north of 100%.

Metric 2014 2015 2016 2017 2018
DBRR 129% 120% 123% 121% 120%

Data source: SEC filings.

What does this mean? Not only are customers staying on with Okta (as evidenced by DBRR of near 100%), they are adding more functionality over time. If we assume the average DBRR of 120%, the customer that pays $10,000 in Year 1 often pays $12,000 in Year 2, and $14,400 in Year 3. That's powerful compounding -- and evidence that Okta is becoming more deeply embedded in their customers' DNA.

There's more. Okta uses machine learning to help identify threats and allow for different types of authentication. It's new Hooks and ThreatInsight technologies use computer learning and artificial intelligence (AI) to offer password-less sign-ons. They do this by using progressive user profiling.

In layman's terms, this means Okta's machines are learning how to see if someone is who they say they are. They are able to identify users as high, medium, or low threats -- and match that against the importance of the data and tools trying to be accessed. 

Okta can do this because its machine learning gets better and better with more data. More customers (look above to remember how quickly customer rosters are growing) mean more data. More data means better machine learning. With each new customer, the machine learning gets better, making the product even more valuable than the competition's.

That's the type of moat I like to see being built around a company. It's also why, when Motley Fool trading rules allow, I'll be making Okta at least a 2% position in my own personal portfolio. If you're looking for a fast-growing SaaS stock for your own holdings, I suggest kicking the tires on Okta.