Keiko Itakura supports Okta’s Japan region by providing customers and prospects with security program assurance and best practice advisories. Keiko brings approximately 20 years of experience in the Information Technology space including Microsoft Japan, IBM and the Rakuten Group, at various levels with a key focus on security and Identity management. Keiko’s downtime is often spent watching sports, driving or spending quality time with her dog.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=58&h=58&q=50&fm=png","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=15&h=15&q=50&fm=png 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=29&h=29&q=50&fm=png 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=58&h=58&q=50&fm=png 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/3ms5EsNFQvq2m8TJSk2xdF/f08f008a8efb8b07829c639a391172b7/Keiko_Itakura.png?w=116&h=116&q=50&fm=png 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#181818","width":58,"height":58}}}],"title":"CSO Conversations: Keiko Itakura, Regional CSO of Japan","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What motivated your career pursuit in cybersecurity at Okta?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Logging in is the first step in a threat scenario, and identity represents the person themselves. In one survey, it was found that over 80% of security incidents were related to identity credentials. Okta is used by many customers in Japan, and the greatest reward of pursuing a career at Okta is that by securing Okta, we contribute to protecting the businesses of our many customers.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How has your previous experience shaped your approach to cybersecurity today?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"I have worked in the identity security field in a variety of positions, not only as a product vendor, but also as a security officer at a user company, as a consultant at a partner company, and as an engineer at a system integrator. Attackers may attempt to exploit gaps in normal processes, such as emergency recovery processes or exception processes for executives. My real-world experience in a variety of roles has helped me to think realistically about which business processes are vulnerable and what countermeasures can be taken.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Are there any existing or emerging threats of particular interest to you?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"I continue to be concerned about phishing attacks. As I mentioned earlier, there are many incidents related to credentials, and phishing using email and SMS is still being used as a way to steal credentials. And, with the development of AI technology, it is becoming more difficult for humans to detect. In addition to system-based measures such as passwordless authentication and DMARC, it is necessary to take a wide range of measures, including user education and reviewing business processes.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Recently, I have also been paying more attention to cyber attacks resulting from geopolitical risks, such as the MirrorFace cyber attack. This year, the Osaka-Kansai Japan Expo 2025 will be held, and such international events increase the risk of being targeted by cyber attacks, so I am also vigilant about threats related to this.\\n\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"From your perspective, what is the impact of cybersecurity awareness in today’s organizations?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"No matter how much you invest in system protection, if the security culture is weak, there will be risk. Of course education and training are important, but it is also important to have a system for evaluating security awareness. In addition, security is often neglected because of concerns that it could put the brakes on business speed. It is necessary for the management team to themselves place importance on security and to propagate it as a corporate culture.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As the methods used in phishing and social engineering become more and more sophisticated, it will also be important to create a relationship where people feel psychologically safe to report any suspicions they may have.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What are your thoughts on automated intelligence, or AI, in cybersecurity?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The democratization of AI technology has lowered the cost of carrying out attacks. It is becoming increasingly difficult to visually determine whether something is fake, such as advanced deep fakes. I believe that defenders also need to use AI technology to create a system that can automatically and timely detect and repair attacks while implementing multilayered defence.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What trends are you seeing in cybersecurity relating to your region?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Japan has a distinctive organizational structure, way of working and underlying way of thinking, and this gives rise to issues and responses that are specific to Japan.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For example, Japan's traditional employment system is known as the ‘membership type’, and rather than honing specific expertise, employees are expected to take on a variety of tasks based on the premise of lifetime employment. In other words, they are committed to the company itself. For this reason, in many cases, security expertise is heavily dependent on external resources such as SIers.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"However, in light of the growing importance of security in recent years, there has been an increase in the number of cases where companies are hiring external security experts as full-time employees. As a result of global business expansion and management integration, many companies are now faced with the common challenge of determining what organizational structure and mechanisms they should use to ensure security across the entire supply chain and implement governance across the entire corporate group, while also having to collaborate with members not only in Japan but also overseas.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Additionally, identity verification using Individual Number cards is becoming increasingly common and is a topic unique to Japan that has been gaining discussion in recent years.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What is the most significant change you’ve seen in the cybersecurity industry in your career to-date?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The concept of Zero Trust has emerged. I think that the emphasis on implicit relationships of trust is also a characteristic of Japan. With the diversification of working styles and the globalization of business, and with reports of actual damage, the idea that attacks are inevitable has gradually become more widespread, and I think it is now gaining considerable support. Many companies have yet to fully consider measures against internal crime, but I think that taking measures will also protect employees, so I would like to focus on this.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How do you employ \",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/04/the-story-behind-oktas-values/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s corporate values\",\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" in your day to day?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In Japan, Okta products are delivered via partners, so I consider that our customers include both end users and partners, and I\",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" “Love our customers.”\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"I feel rewarded by the fact that I can build trusting relationships and communicate with various customer CISOs etc, with the responsibility of being the only Japanese person on the Okta’s security team. My biggest mission is to properly understand what issues Japanese customers have, and to reflect this in the activities of the global security team.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/oktane-2024-announcements/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Oktane24\",\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" brought numerous exciting announcements, which are you most looking forward to?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"I’m looking forward to IPSIE, the Interoperability Profiling for Secure Identity in the Enterprise - improving industry standards is one of the pillars of the Okta Secure Identity Commitment (OSIC.) By promoting standards together with various technology companies, I hope that not only Okta but the entire industry will become a safer society.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"If you could provide a few short cybersecurity words of wisdom to Okta customers, what would they be?\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"I feel it is a shame not to leverage higher assurance options that can be used without requiring much additional cost or effort. For example, since you are already using Okta I recommend for you to make the most of the options that can enhance security, such as FastPass and the migration from Okta Classic to the Okta Identity Engine, or OIE.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\nKeiko was recently interviewed by \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://scan.netsecurity.ne.jp/article/2025/01/20/52186.html\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"ScanNetSecurity\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" on why she joined Okta as Japan’s Regional CSO and her mindset to fulfill her mission. She was also featured by \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://enterprisezine.jp/article/detail/20716\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"EnterpriseZine\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" for a profile piece on her career in Identity management and her vision for its future in the Japan region. Keiko also shared insights as a speaker at the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://fidoalliance.org/content-2024-fido-alliance-seoul-public-seminar-unlocking-a-secure-tomorrow-with-passkeys/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"2024 Fido Alliance Seoul Public Seminar\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", and at the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://authenticatecon.com/event/authenticate-2024-conference/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Authenticate 2024 Conference.\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2025-07-31T03:27:46.018Z","slug":"/articles/2025/02/how-okta-embraces-identity-verification-using-persona","node_locale":"en","date":"2025-02-05T10:00","secAuthor":[{"name":"Liam Dermody","slug":"/hackers/liam-dermody","jobTitle":"Director, Insider Threat","id":"40d9f189-1eb3-54ae-bc99-a3b7b906cb55","bio":{"bio":"Liam is the Director of Insider Threat at Okta, where he works across the company to reduce insider-related risk. A security specialist with over 15 years of diverse experience spanning analytical, technical, and leadership roles, Liam is dedicated to safeguarding critical assets. Working in both public and private sectors, he has successfully defended Government and industry against a broad range of national security threats, including malicious cyber actors, foreign interference, espionage, and politically-motivated violence.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=58&h=58&q=50&fm=png","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=15&h=15&q=50&fm=png 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=29&h=29&q=50&fm=png 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=58&h=58&q=50&fm=png 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/5WuHbOEWREw1vzeG6cOdA7/5d7b13873a4a1c1823a9aac993edc163/ld.png?w=116&h=116&q=50&fm=png 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#d8d8d8","width":58,"height":58}}}],"title":"How Okta Embraces Identity Verification Using Persona","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Given the current geopolitical environment and remote work becoming a norm, it is increasingly common for individuals to use fraudulent, or stolen Identities to apply for employment with highly targeted companies, especially in the cybersecurity industry. This article details how Okta leverages Persona's technology for secure Identity verification."},"body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"With remote work becoming the norm, today’s organizations face a critical challenge: ensuring that users accessing their systems and data are in fact who they claim to be. Given our highly distributed workforce here at Okta, we leverage \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://withpersona.com/contact?utm_term=persona&utm_campaign=RP_Search_Brand_US_CA_UK&utm_source=google&utm_medium=ppc&utm_content=710836266667&hsa_acc=5817921572&hsa_cam=21625765091&hsa_grp=166502542276&hsa_ad=710836266667&hsa_src=g&hsa_tgt=kwd-12277670&hsa_kw=persona&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=Cj0KCQiAkoe9BhDYARIsAH85cDO64it9sNgNowxILci7dLdUvHKVk8PUr2cQetAgj-niK6_B4XEM0oQaAtqHEALw_wcB\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Persona\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" for Identity verification.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The threat landscape\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Given the current geopolitical environment, it is concerningly common for individuals to use fraudulent, or stolen Identities to apply for employment with highly targeted companies, especially in the cybersecurity industry. At best, these individuals do not have the purported skills and capabilities required for the role and can drain company resources. In the most extreme cases, the individuals may be from sanctioned countries and operate for malicious threat actors with the aim of generating income via ransomware attacks or acquiring sensitive, proprietary information with ill-natured intent.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"As part of the \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/secure-identity-commitment/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Okta Secure Identity Commitment\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" (OSIC), our long-term initiative to lead the industry in the fight against Identity attacks, we’re tackling this issue head-on with the introduction of Identity verification using Persona’s trusted technology. Internally, ID verification has been introduced as a compulsory component of our evolving onboarding process and secure account recovery activities.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"What is Persona? \",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Persona’s technology offers a unified Identity platform that provides businesses the building blocks they need to securely collect, verify, manage, and make informed decisions about individuals' and businesses' Identities. Okta leverages Persona’s industry-leading technology to securely protect access to online accounts by verifying government-issued identification and comparing it to live, attention-aware photographs to provide greater assurance that the person behind the access attempt is in fact who they're claiming to be.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In practice, Identity verification inquiries with Persona involve up-to-date, live photography capturing varying angles in addition to government-issued photo identification, where a series of validation activities are then performed to assess the veracity of the access attempt. Only once both the photographs and identification have passed a series of secure checks, will the individual have been deemed to “pass” the verification process and subsequently gain access to the controlled environment. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Positioned highest for \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://withpersona.com/gartner-magic-quadrant?utm_term=persona&utm_campaign=RP_Search_Brand_US_CA_UK&utm_source=google&utm_medium=ppc&utm_content=710836266667&hsa_acc=5817921572&hsa_cam=21625765091&hsa_grp=166502542276&hsa_ad=710836266667&hsa_src=g&hsa_tgt=kwd-12277670&hsa_kw=persona&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gad_source=1&gclid=Cj0KCQiAkoe9BhDYARIsAH85cDO64it9sNgNowxILci7dLdUvHKVk8PUr2cQetAgj-niK6_B4XEM0oQaAtqHEALw_wcB\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Ability to Execute in the 2024 Gartner Magic Quadrant for Identity Verification\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", Persona offers the following capabilities:\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Collection, verification, enrichment and analysis of user information;\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Enablement of decision-making based on user information analysis; \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Integration of third-party data for additional insights; and \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Evaluation of behavioral risk signals and automation of decisions using customizable workflows.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta’s Use Case\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Persona’s technology offers use case customization, allowing configuration for required or non-required validation. In Okta’s case, we’ve customized our Identity verification process to include country verification to ensure legal alignment to relevant restrictions, limiting the access of Okta’s products in jurisdictions where US import controls or economic sanctions laws are in effect.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Persona’s customizable options include enabling indicators of particular interest during an Identity challenge. This is a key capability for insider threat security teams who can for example, flag the face likeness of known malicious threat actors which can provide increased assurance to prevent repeated attempts to gain unauthorized access to critical company resources. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"During initial testing of Persona’s capabilities, we found it to be both very effective at flagging a variety of identity-based attacks, while being nuanced enough to allow for benign inconsistencies which often occur with identifications and selfies, such as variation in the name order e.g. given names and surnames may be interchangeable. This means teams responsible spend less time working through false positives. Our ID proofing implementation journey has been one of ease, with Persona seamlessly integrating with our existing infrastructure and technology stack. Okta has fully-embedded the Persona widget into our workflows, enabling users to verify their identity without ending their Okta session. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"At 2024’s annual \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/oktane/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Oktane\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" conference, we \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/oktane-2024-announcements/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"announced\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" a new ID proofing feature that allows customers to create Identity verification challenges during a workflow, as governed by their \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine/policies/oamp.htm#:~:text=The%20Okta%20account%20management%20policy%20defines%20authentication%20requirements%20when%20users,onboarding%20to%20authentication%20and%20recovery.\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Okta Account Management Policy\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" (OAMP). Through the introduction of this new feature, Okta is leveraging Persona’s technology to address two high-risk use cases where Identity verification is essential: employee onboarding and self-service account recovery.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In line with our efforts to \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\"free everyone to safely use any technology\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\", the introduction of mandatory ID proofing during onboarding increases the integrity, robustness and security of Okta’s new hire process. ID proofing aims to ensure the new hire is who they say they are, and that they are the same individual who has participated throughout the recruiting process.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Post-onboarding, using ID proofing for self-service account recovery offers higher assurance that a legitimate, authorized user is the one unlocking the user account in question. This in turn mitigates and reduces the risk of an impersonation attack. It also allows Okta’s technical support teams to spend less time manually performing account unlock activities for employees who find themselves locked out of their accounts.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"What’s next? \",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Persona is the first ID proofing vendor we’ve integrated with, here at Okta. We continue to prioritize Identity verification and validation for our workforce in addition to prioritized \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/phishing-resistance/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"phishing-resistant authentication\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\".\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"We’re looking forward to exploring additional ID proofing integrations to tackle evolving Identity theft trends in our continued fight against Identity threats. Stay tuned as we continue to evolve our Identity verification capabilities, partnering with industry leaders to prioritize securing your systems and data.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},{"updatedAt":"2025-01-23T21:41:44.376Z","slug":"/articles/2025/01/cso-conversations-matt-immler","node_locale":"en","date":"2025-01-22T00:00","secAuthor":[{"name":"Matt Immler","slug":"/hackers/matt-immler","jobTitle":"Regional Chief Security Officer","id":"c48d5ee4-19d0-5916-b1a9-0edf2a45f611","bio":{"bio":"Matt Immler is the Regional Chief Security Officer for Okta in the Eastern Americas, where he leverages his Identity expertise to drive customer success. Matt’s background includes Auth0 Security and Compliance, in addition to previous roles in information security, network operations and software engineering. His educational achievements include a Bachelor of Computer Science from the University of Maryland Baltimore County and a Masters in Information Technology Management from the University of Maryland Global Campus. In his downtime, Matt enjoys volunteering at a local theatre company in support of his kids.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6Tv1MPNtUrsW9mrykUviAH/ff8a5a5bbeb663905cca908bcafcef25/matt_immler.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#e8b8a8","width":58,"height":58}}}],"title":"CSO Conversations: Matt Immler, Regional CSO of Americas East","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership."},"body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\"CSO Conversations is a blog series interviewing Okta’s Regional CSOs supporting David Bradbury, Okta’s Chief Security Officer in providing the best service for our customers. Okta’s Regional CSOs are integral to Okta’s Security Trust and Culture team, building and strengthening trusted advisor relationships with global security thought leadership.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"What motivated your career pursuit in cybersecurity?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"I originally got my degree in Computer Science and went to work straight out of college at the US DoD. In that world, security is at the forefront of all projects and quickly became more interesting to me than the actual coding I was doing at the time.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"How has your previous experience shaped your approach to cybersecurity today?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"During my time in government, I worked on both offensive and defensive security teams. Having a chance to work on both sides of the aisle gave me a unique perspective from both the attacker and defender’s point of view. This allows me to look at a particular defensive technique and draw upon my own experience in the offensive role to determine if and how I could circumvent the control.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"Are there any existing or emerging threats of particular interest to you?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Modern platforms are providing us with more and more capabilities, and along with that a wealth of settings with near limitless potential for misconfiguration. Many security issues I have encountered in the past have not necessarily been the result of the actual software or platform, but the way in which it is configured. I see the need for a balance in providing the greatest level of freedom to the user, while ensuring the appropriate guardrails are in place to balance risk.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"What trends are you seeing in cybersecurity relating to your region?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The cybersecurity conversation is expanding from what we would conventionally think of being part of that field. The overall resilience of the system is coming up more often in the security context of the conversation than in previous years. More focus is being given to the organization's ability to withstand, recover from, and adapt to security events, and not just merely to prevent them from occurring in the first place.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"If you could provide a few short cybersecurity words of wisdom to Okta customers, what would they be?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Be sure to review and apply any published best practices. While core documentation will make sure you can get the job done, the best practice guides ensure that you’re using it the recommended way, which in Okta’s case, takes a security approach when determining those best practices. The identity landscape is evolving quickly with new capabilities entering the mainstream every year, but those changes take time and many older protocols or methods must be necessarily supported to bridge the gap for adoption. Just because an implementation works, doesn’t always mean it’s the most secure option available.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"What is the most significant change you’ve seen in the cybersecurity industry in your career to-date?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"I hate buzzwords, but this question is going to make me go down that road. I've avoided it until now, but we all know the answer: It starts with ‘A’ and ends with ‘I’ – its new, full capabilities are not well understood, and it poses unknown threats that are testing the efficacy of existing defenses and prompting swift development of new mitigation strategies. I think a bulk of upcoming security initiatives are going to be heavily influenced by the new things we learn every day about AI and what it could be capable of doing, and at the very least will be a frustrating new addition to threat models everywhere. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"From your perspective, what is the impact of cybersecurity awareness in today’s organizations?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Cybersecurity awareness is a critical function in any organization, but has long needed to evolve from simply sending a quarterly mock phishing email and routine annual training to something more comprehensive. Anyone who has ever worked in this field knows that the same 10% of employees are going to click that phishing email every time, and if your numbers are that low, you’re lucky. Intelligent threat actors are going to craft quality phishing emails, and it only takes one click to be successful. Okta has heavily invested in our security awareness program in order to make it more frequent, interesting, and engaging to our employees, e.g., incentivising the identification and reporting of even the most minor security concerns to help employees feel like they are part of the program and not just being lectured. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"How do you employ \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/04/the-story-behind-oktas-values/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"value\":\"Okta’s corporate values\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\" in your day to day?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Personally, in my role as a Regional CSO, I spend a lot of time with Okta’s customers, and am particularly fond of our “Love our Customers” value. Many companies are closed off when it comes to security, and there can be merit to this, because you never want to tip your hand or expose potential areas of weakness publicly before you’re ready. However, this does not mean security should be a black box. When there is information that should be made public, it is best to be loud and on the verge of oversharing. What good is releasing information to mitigate a vulnerability if you bury it deep in the release notes somewhere? When a security team is putting the time and effort into identifying risk and providing mitigations to customers, every effort should be made to be transparent. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/oktane-on-the-road/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"value\":\"Oktane on the Road\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\" brings \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/oktane/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"value\":\"Oktane\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\" to those who couldn’t attend in Las Vegas, can you share some of your experiences?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Having done Oktane on the Road events in the past, I would say it brings tremendous value to our customers. Cost cutting and tight budgets are prevalent right now, and many times, the first thing to go is travel and conference money. The customers I have interacted with at these events are appreciative of the local engagement allowing them to hear about the latest and greatest from Okta and interact with Okta employees, while not having to break the bank on travel. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"In your opinion, what is the best part of your Regional CSO role?\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-4\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Building relationships with our customers. I speak to our customers on a regular basis across the entire US. In my role, I am afforded the ability to have very transparent conversations on issues relevant to their security teams. Having this level of engagement with our customers throughout every industry lets me hear and understand the differences in the experiences and what threats each individual industry might be facing. Retail and Hospitality have different concerns than large banks and financial institutions, but I often find commonalities and am able to bring different perspectives to these conversations by being able to reference an experience or a solution from another industry that might not have been considered otherwise.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Matt Immler was recently featured at \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/oktane/2024/sessions/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Oktane24\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" in Lessons learned from the Okta frontlines in addition to a live news desk session on \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/secure-identity-commitment/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Okta’s Secure Identity Commitment (OSIC)\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\". Matt also participated in a \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/webinars/hub/fireside-chat--security-outcomes-powered-by-identity/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Fireside Chat\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" on Security Outcomes Powered by Identity. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},{"updatedAt":"2025-01-16T14:12:22.279Z","slug":"/articles/2025/01/raising-the-bar-for-the-industry-with-ipsie","node_locale":"en","date":"2025-01-15T10:00","secAuthor":[{"name":"Carmen Girardin","slug":"/hackers/carmen-girardin","jobTitle":"Manager, Security Communications","id":"2f88c41e-3abf-5fcc-9a06-9ed78081f8e2","bio":{"bio":"Carmen Girardin is a Manager, Security Communications at Okta. Backed by over a decade of experience in the fintech sector, Carmen is a proficient technical writer with domain expertise in Identity and Access Management (IAM). She is passionate about delivering engaging, timely customer communications on the cybersecurity ecosystem and the evolving threat landscape, to help our customers gain the most value from Okta. Carmen spends her downtime traveling, thrifting for treasures and reading.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#b8b8b8","width":58,"height":58}}}],"title":"Raising the Bar for our Industry with IPSIE","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"To set the stage and advance the tech sector, the OpenID Foundation (OIDF) recently announced the formation of a new working group with support from Okta, Ping Identity, Microsoft, SGNL, Beyond Identity, and Capital One. The Interoperability Profiling for Secure Identity in the Enterprise, or IPSIE, is the name of the OpenID Foundation working group tasked with establishing this new Identity standard."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s vision of \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"building a world where anyone can safely use any technology,\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" powered by their Identity, continues to be our guiding factor. Today, almost 20,000 customers rely on Okta’s industry-leading Identity solutions worldwide in nearly every industry sector.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Early last year, Okta \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/02/introducing-the-okta-secure-identity-commitment/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"announced\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/secure-identity-commitment/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Secure Identity Commitment (OSIC)\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", a long-term pledge to lead the industry in the fight against Identity attacks. The Commitment consists of four pillars, including \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Raising the bar for our industry.\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" We’re committed to making this a reality.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The rise in Identity-based attacks\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Based on Okta’s internal reporting, \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Okta detects and blocks over 3 billion attacks per month. \",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"We protect over 800 million unique monthly users from cyber threats, ranging from credential stuffing to malicious bots. Enterprise anonymized data confirmed that over a 90-day period, we reduced credential stuffing attempts and malicious bot traffic by more than 90% for some of our largest customers.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"From year to year, motivated threat actors employ new and innovative techniques in their ongoing efforts to gain unauthorized access. In a 2024 report in which Okta participated, Verizon concluded \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.verizon.com/business/resources/reports/dbir/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"68%\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of breaches involved a human element, and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.verizon.com/business/resources/reports/dbir/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"24%\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" involved the use of stolen credentials.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At Okta, we continue to live our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/04/the-story-behind-oktas-values/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"corporate values\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" by enforcing industry best practices; 100% of Okta employees use phishing-resistant authentication solutions like Okta FastPass with device assurance and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/products/adaptive-multi-factor-authentication/?utm_source=google&utm_campaign=amer_can_can_all_wf-all_dg-ao_a-wf_search_google_text_kw_nonbrand-priority_utm2&utm_medium=cpc&utm_id=aNK4z000000bmPNGAY&gad_source=1&gclid=Cj0KCQiAj9m7BhD1ARIsANsIIvA6Y4i7qKcCTEjS79AJaoH79abvvd0o6olBO0FW2jrNxZMTQ2FWX4MaArpCEALw_wcB\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Adaptive Multi-Factor Authentication (AMFA)\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". To learn more about MFA and phishing-resistant authentication, download our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/resources/whitepaper-the-secure-sign-in-trends-report/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Secure Sign-In Trends Report 2024.\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"A new industry standard\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"To set the stage and advance the tech sector, the OpenID Foundation (OIDF) recently announced the formation of a new \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"working group\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" with support from Okta, Ping Identity, Microsoft, SGNL, Beyond Identity, and Capital One. The Interoperability Profiling for Secure Identity in the Enterprise, or IPSIE, is the name of the OpenID Foundation working group tasked with establishing this new Identity standard.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Last year’s \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/oktane/2024/sessions/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Oktane messaging\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" heavily focused on the theme of possibility. When introducing Okta’s commitment to IPSIE at Oktane24 in Las Vegas, Okta CEO and Co-Founder Todd McKinnon said, “The goal with IPSIE is to standardize identity security and help foster an open ecosystem where building and using enterprise applications that are secure by default is easy for everyone.” \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"To support the integration of critical identity security capabilities in SaaS applications, the IPSIE working group intends to collaboratively focus on:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Single sign-on\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Lifecycle management\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Entitlements, such as Governance and Privileged Access\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Risk signal sharing\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Session termination\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Today, representatives from 25 unique companies are coming together each week to collaborate with meaningful discussion in pursuit of advancing this innovative industry standard. Open and available to all, the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://github.com/openid/ipsie/wiki\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"IPSIE working group\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" has the potential to transform enterprise SaaS security.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Joining forces and coming together\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Andrew Carnegie expressed his belief in collaboration as a powerful force for achieving greater success by famously stating, “Teamwork is the ability to work together toward a common vision. The ability to direct individual accomplishments toward organizational objectives. It is the fuel that allows common people to attain uncommon results.”\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"IPSIE aims at fostering a more open, consistent, flexible SaaS ecosystem by empowering organizations to adhere to a higher level of security, more seamlessly and efficiently integrating amongst tech stacks. It also increases visibility across the Identity threat surface to better help protect against cyber attacks. Okta is excited to support and participate in the working group because we believe that a unifying industry standard is the key to fostering an open ecosystem, where it’s both seamless and efficient to build and use enterprise apps that are secure by default.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We recently published integrations with 50 leading enterprise SaaS applications including Google, Microsoft Office 365, Slack and Salesforce that support modern identity best practices aimed at enhancing security and reducing operational burden. Each integration takes just seconds to set up and requires virtually no ongoing maintenance, giving enterprises instant access to capabilities for their most-used apps such as Universal Logout with the ability to immediately terminate user sessions when a threat is detected. These integrations best meet the tech landscape and customers where they are today, while better protecting systems and data going forward.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We’ll keep you posted\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As we continue to progress on the new IPSIE standard within the OpenID Foundation working group, take comfort in knowing we will continue to keep you updated. Okta is committed to working with third-party standards bodies, Identity providers and SaaS vendors to continue to get you more visibility of evolving threats. The working group aims to have the first set of draft specifications published in early 2025.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/11/help-reshape-identity-security-join-the-ipsie-working-group/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Join us\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" in our fight against Identity-based attacks, and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://openid.net/announcing-ipsie-working-group/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"learn more\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" on how to get involved with the OpenID Foundation working group to tackle key Identity security challenges in today’s enterprise environments.\",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2024-12-19T20:59:07.991Z","slug":"/articles/2024/cyber-safety-over-the-holidays","node_locale":"en","date":"2024-12-18T11:00","secAuthor":[{"name":"Carmen Girardin","slug":"/hackers/carmen-girardin","jobTitle":"Manager, Security Communications","id":"2f88c41e-3abf-5fcc-9a06-9ed78081f8e2","bio":{"bio":"Carmen Girardin is a Manager, Security Communications at Okta. Backed by over a decade of experience in the fintech sector, Carmen is a proficient technical writer with domain expertise in Identity and Access Management (IAM). She is passionate about delivering engaging, timely customer communications on the cybersecurity ecosystem and the evolving threat landscape, to help our customers gain the most value from Okta. Carmen spends her downtime traveling, thrifting for treasures and reading.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#b8b8b8","width":58,"height":58}}},{"name":"Okta Security Culture","slug":"/hackers/security-culture","jobTitle":null,"id":"fe6977e6-3784-5b01-9c68-5198f34e986d","bio":{"bio":"Okta's Security Culture team is responsible for championing a world-class security culture via education, trainings, and awareness to make the internet safer both through and for our global employees and our growing customer base.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#f8f8f8","width":58,"height":58}}}],"title":"Cyber-Safety over the Holidays","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"At Okta, we believe in sharing valuable, actionable security insights because we Love our Customers. Check out our Security Culture team’s cyber-safety checklist to help keep your digital Identity safe this holiday season."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In 2023, consumers worldwide lost over \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.gasa.org/post/global-state-of-scams-report-2024-1-trillion-stolen-in-12-months-gasa-feedzai#:~:text=Based%20on%20responses%20from%2058%2C329,the%20GDP%20of%20some%20nations.\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"$1 trillion\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" to scams with wide-ranging economic and emotional consequences. Despite significant efforts dedicated to combatting scam-based cybercrime, many continue to fall victim to ever-evolving threats.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s market-leading Identity solutions continually evolve as mission-critical security infrastructure to combat Identity-based attacks. Over a 30-day period, Okta has blocked over \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/secure-identity-commitment/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"3 billion attacks\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" including credential stuffing and malicious bots, securing nearly 20,000 customers globally. We invite you to \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/resources/whitepaper-secure-identity-commitment/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"learn more\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" about our long-term initiative to lead the industry in the fight against Identity attacks.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Check out our Security Culture team’s cyber-safety checklist to help keep your digital Identity safe this holiday season.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Cyber-Safety Checklist\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At Okta, we believe in sharing valuable, actionable security insights because we \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Love our Customers\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\". As the holiday season approaches and scams continue to emerge, here are five easy tips from Okta’s Security Culture team to help keep you, your data, and your devices safe and secure.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"1. Monitor your accounts\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Catching suspicious or fraudulent charges early gives you a greater chance of restoring lost funds, preventing further compromise and also halting unauthorized spending.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Check your bank accounts and credit cards regularly to validate intentional transactions and their totals. Most providers allow you to set up alerts and/or multi-factor authentication (MFA) for additional protection. In practicing good credit hygiene, you should also consider:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Requesting a (usually free) copy of your credit report.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Signing up to a credit monitoring service.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"2. Check your tech\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Vulnerabilities in both outdated software applications and operating systems are more likely to be exploited by threat actors in order to gain unauthorized access to your accounts.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We recommend always using up-to-date devices, especially when performing financial transactions such as online banking or making credit card purchases. Some devices and/or applications allow you to turn on automatic updates to avoid having to manually check for software updates in the future.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"3. Click carefully\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Social media ads, emails and text messages can take you to fake websites that look like the real thing. To stay safe, always type the official website URL directly into your browser instead of clicking on links.\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://asqula.com/au/identity-101/social-engineering/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Phishing and smishing\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" are getting increasingly sophisticated and can be hard to tell apart from messages from \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/articles/2024/okta-social-engineering-report-response-and-recommendation\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"trusted sources\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Staying cyber-safe means staying updated; numerous organizations and retailers publish best practices they recommend for leveraging their products, services or tools.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"4. Shop smart\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"When taking advantage of holiday deals, make sure your credit card information gets securely encrypted.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"A good start could be to check the webpage URL, ensuring that it begins with \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/identity-101/http-vs-https/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"HTTPS\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" (and not HTTP) before you checkout and enter your sensitive data. It’s good practice to use reputable sites and create an account, enabling multi-factor authentication (MFA) to authenticate for future purchases. In general, it’s a best practice to not have sites save your credit card information, and when able using session-based payments (such as Apple Pay) can provide additional security.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"5. Protect your accounts\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Instead of traditional passwords, we recommend the use of\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/au/identity-101/password-vs-passphrase/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\" passphrases\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" for additional assurance. An eight-character password can be quickly cracked by a threat actor; a strong 12-character passphrase could take years. Also, consider using a password manager (such as \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/products/okta-personal/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Personal\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\") to safely and securely store your account credentials.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"It is best practice to enable \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/identity-101/why-mfa-is-everywhere/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"multi-factor authentication (MFA)\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" wherever possible. Given \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.verizon.com/business/resources/reports/dbir/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"81%\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of breaches involve stolen or weak credentials, use a\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/au/blog/2023/10/passkeys-101-what-they-are-and-how-they-will-replace-passwords/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"passkey\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" where available. Passkeys are proven to be significantly stronger than standard passwords. We recommend using biometrics such as FaceID or Fingerprint to log in and authenticate to your commonly used sites and services.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"A Culture of Cybersecurity\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Today’s digital world has evolved tremendously in enabling our online reach, which in turn can expand the potential for impact. Being vigilant to online scams shouldn’t just be a priority over the holiday season. Here at Okta, we promote a culture of cybersecurity all-year-round and recommend building routine habits around our recommendations.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Always Secure, Always On\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/04/the-story-behind-oktas-values/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"corporate value\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" reflects our ongoing commitment to make every employee an owner of security. With \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"68%\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of breaches involving a human element, a strong security culture is more important than ever. Okta’s culture of cybersecurity is a core value; \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/08/how-okta-fosters-a-security-culture/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"learn more\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" about our foundational pillars and how we foster our security culture.\",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2024-12-19T21:22:49.122Z","slug":"/articles/2024/okta-social-engineering-report-response-and-recommendation","node_locale":"en","date":"2024-12-11T11:00","secAuthor":[{"name":"Okta","slug":"okta","jobTitle":"","id":"1e934185-d220-5cf6-915f-afe21369ab6b","bio":{"bio":""},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2mSwf13fQ5aH31DZNddqtd/0855adabe0c07ddc9ceaa460ebd1d935/Okta_Aura_CMYK_Black.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#f8f8f8","width":58,"height":58}}}],"title":"Okta Social Engineering Impersonation Report - Response and Recommendation","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Okta has identified an increase in phishing social engineering attempts. This report provides guidance on what you can expect when getting technical assistance from Okta Support, or contact from Okta."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Summary\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has identified an increase in phishing social engineering attempts claiming to be from Okta Support. This report provides guidance on what you can expect when getting technical assistance from Okta Support, or contact from Okta. If you receive suspicious contact claiming to be Okta, please promptly inform Okta Security at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"mailto:security@asqula.com\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"security@asqula.com\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What can you expect?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In the event a support case is open, Okta Support may contact you by phone or email. The Okta Support call will include an initial validation process for authorized representatives by both phone and email. \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Okta Support will not ask for your password or for an MFA token.\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In the case of a significant security-related concern, Okta customers will receive a rapid communication alert. Rapid alerts will only be received by your organization’s security & privacy contact(s) and primary IT contact(s) via the information in their respective profiles, which must be up-to-date to successfully communicate with you.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta may contact you from the following verified channels:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"1. Email\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Support emails will be from \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"mailto:okta@asqula.com\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"support@asqula.com\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" or \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"mailto:support@auth0.com\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"support@auth0.com\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" and Okta emails will be sent from \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"mailto:noreply@securityalerts.asqula.com\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"noreply@securityalerts.asqula.com\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" or \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"mailto:noreply@asqula.com\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"noreply@asqula.com\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"2. SMS\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Text alerts are sent from SMS numbers or short codes that may vary by country. In the US, they are from 893-61.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"3. Phone\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta and Okta Support may contact you by phone, with numbers ranging by region. Please note incoming calls could potentially be spoofed by threat actors who deliberately falsify the caller ID displayed in order to disguise their Identity. Incoming caller ID alone should not validate the caller as authentic.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What can you do?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Social engineering scams prey on urgency and emotional reaction. When receiving suspicious, unsolicited contact, be vigilant of the following common indicators of social engineering:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Suspicious email address\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"A social engineering sender will often imitate the address of a legitimate business or organization however some characters may vary, be omitted, or misspelled.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Urgency and emotional response\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Recognizable signs of an attempt include urgency and manipulation of an emotional response as tactics. In these cases, social engineering attackers may use time-sensitive situations and/or a narrative to invoke an emotional response with the goal of coercing impulsive decisions.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Spelling, grammar and layout\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"One of the most obvious indicators is a message with poor sentence structure, improper grammar and incorrect spelling. In some cases, the layout including formatting of the message is irregular. It should be noted that with the emergence of AI technology, spelling and grammar errors are not always obvious, or even present.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Suspicious links or attachments\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Unsolicited email or SMS messages including attachments or links should be verified prior to opening, especially if the messaging involves a sense of urgency.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For more information on how to protect yourself, your workforce, your business and your customers, read up on \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/resources/whitepaper-ultimate-guide-to-phishing/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s Ultimate Guide to Phishing Prevention\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How to report Okta Impersonation Attempts?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"If you come across a suspected impersonation attempt of Okta or Okta Support as a customer, please promptly raise a customer support ticket or inform Okta Security by email at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"mailto:security@asqula.com\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"security@asqula.com\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". \",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2025-02-09T23:47:31.380Z","slug":"/articles/2024/five-reasons-to-upgrade-to-oie","node_locale":"en","date":"2024-11-20T10:00","secAuthor":[{"name":"Carmen Girardin","slug":"/hackers/carmen-girardin","jobTitle":"Manager, Security Communications","id":"2f88c41e-3abf-5fcc-9a06-9ed78081f8e2","bio":{"bio":"Carmen Girardin is a Manager, Security Communications at Okta. Backed by over a decade of experience in the fintech sector, Carmen is a proficient technical writer with domain expertise in Identity and Access Management (IAM). She is passionate about delivering engaging, timely customer communications on the cybersecurity ecosystem and the evolving threat landscape, to help our customers gain the most value from Okta. Carmen spends her downtime traveling, thrifting for treasures and reading.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=15&h=15&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=29&h=29&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=58&h=58&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/gBvc42utKRh6jJpgLjxrt/fb5e38cd4c6043a5e888850b4b2c2df4/IMG_8061.jpg?w=116&h=116&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#b8b8b8","width":58,"height":58}}}],"title":"Five Reasons to Upgrade your Org to Okta Identity Engine","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Okta’s Identity Engine offers the most modern way to customize your Okta experience and implement flexible, customized Identity use cases."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Both \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Okta\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Customer Identity \",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"built to support end users’ digital access needs, and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Okta Workforce Identity ,\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" built to secure your internal workforce, are OIE-eligible platforms.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s industry-leading Identity solutions are powered by the same underlying infrastructure. Okta Classic is Okta’s legacy engine and the Okta Identity Engine, or OIE, was introduced for all new customers effective March of 2022.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-1\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What is OIE?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s Identity Engine offers the most modern way to customize your Okta experience and implement flexible, customized Identity use cases. OIE is Okta’s newest improved platform engine, offering a security policy framework designed to align with NIST 80063B and an authentication pipeline that strengthens your identity posture while delivering a superior user experience (UX).\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Identity Engine grants Okta administrators increased control for administrators over how applications and resources are both protected and accessed, while maintaining a seamless experience for end users.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-1\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Why should you upgrade?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"There are numerous security features to configure, customize and leverage in the Okta Identity Engine. Key benefits of upgrading your org include:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"1. Accessibility\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Upgrading an existing Okta org from Okta Classic’s engine to OIE is a \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"free\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"platform upgrade\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\", meaning there is no additional investment required.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Most features and functionality are available immediately post-upgrade to OIE, and the majority of your existing org configurations will seamlessly migrate. Most upgrades only take a few minutes to complete, with \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"no downtime\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" for admins or end users.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta also offers exceptional flexibility for administrators looking to upgrade. Admins can use \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine-upgrade/self-service/self-service-process.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"self-service\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" tools to verify your org’s eligibility, resolve any pending action items, and schedule the upgrade at a time that best suits you. Even better, the upgrade from Okta Classic to OIE can be scheduled for \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"any time during your Okta subscription term\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"2. Enhanced authentication\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Identity Engine is designed to evaluate more granular context during user authentication, but also make authentication policies much easier to manage.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Application-level sign-on policies that were configured on a per-application basis in Okta Classic can instead be configured for multiple applications at once, or according to the assurance level you require from the user to sign-in, using Okta Identity Engine.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In addition, benefits of OIE authentication include the enabling of modern, true multi-factor authentication (MFA) with different factor types and abstraction through assurance level. MFA possession factor constraints are introduced to further secure your org, including phishing-resistant MFA such as \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/products/fastpass/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta FastPass\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", hardware protected MFA, and the exclusion of any authentication method by name, if you choose. We recommend higher assurance factors, specifically \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/10/phishing-resistant-mfa-shows-great-momentum/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"phishing-resistant authentication.\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"3. Passwordless\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In Okta Classic, the default method of sign-in for any policy required the end user to provide a password, unless avoided via factor sequencing which can pose both flexibility and management challenges. To contribute to a Zero Trust security framework, OIE enables password-specific capabilities including no password or optional password authentication conditions. Please note that both Okta Classic and OIE support factor sequencing.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"OIE global session policies, again configurable for an entire org and not only on a per-application basis, can be tailored to require any factor type(s) used to meet the minimum configured authentication policy requirements, which can exclude a password.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For higher assurance, Okta recommends a combination of multiple factor types, specifically biometrics alongside phishing-resistant MFA such as \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/products/fastpass/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta FastPass\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" or \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/en-us/content/topics/security/mfa-webauthn.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"FIDO2\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". An alternative better suited to Customer Identity flows is a configured \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://developer.asqula.com/docs/guides/authenticators-okta-email/-/main/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"email magic link\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" authentication sign-on policy, where end users will receive a URL via email for a click-to-login experience.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"4. Device assurance\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s Identity platforms both support native device assurance capabilities and seamlessly integrate with device management technologies to further secure your data, enforcing a Zero Trust security framework. Device trust contextual access management solutions enable orgs to protect sensitive corporate resources by only allowing end users with managed devices to access Okta-integrated applications. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Benefits of device trust in OIE include advanced security authentication configurations factoring in conditions such as the below, among others in order to increase your device assurance posture:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Device OS and/or type, \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Device password protection and length,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Registration status,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Whether the device is jailbroken or rooted.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"OIE requires the use of Okta Verify to secure your org’s mobile devices. For more on translating device trust from Okta Classic to OIE, visit our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.asqula.com/help/s/article/Setting-Up-Desktop-Device-Trust-in-Okta-OIE-A-Guide-for-those-who-have-it-Implemented-in-Okta-Classic?language=en_US\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"knowledge base\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"5. Improved admin experience\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s Identity solutions consider the user experience which includes both end users authenticating and technical \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/security/administrators-admin-comparison.htm?cshid=ext-administrators-admin-comparison\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"administrators\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of the Okta org. Okta’s administrator console supports efficient, methodical Identity management.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In Okta Classic, the admin console boasts the legacy navigation pane with condensed configuration pages, whereas Okta Identity Engine’s navigation pane introduces additional configuration pages, refined more granularly for ease of administrator use. In addition to the new customizable settings in OIE, certain pages have changed which notably introduce an easy-to-navigate user interface.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As previously highlighted, a key benefit is that application authentication policies in OIE can be configured by administrators and assigned to multiple applications in an Okta org, rather than applications uniquely requiring individual policies.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-1\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Upgrade now\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Ultimately, to best capitalize on Okta’s powerful Identity platforms and improve your security assurance posture, we strongly recommend upgrading your org from Okta Classic to Okta Identity Engine. The key benefits outlined here represent just a fraction of available functionality, ready for you to customize and leverage in your Okta org.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Visit our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.asqula.com/help/s/product-hub/oie/upgrading-to-okta-identity-engine?language=en_US\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"helpful resources\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" to \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine/oie-upgrade-eligibility.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"get started\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" on the platform upgrade from Okta Classic to Okta Identity Engine, joining over 12,000 customers in taking advantage of the updated security features today. For additional support, \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://support.asqula.com/help/s/group/0F94z000000XoN1CAK/okta-identity-engine-office-hours?language=en_US\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"register now\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" for our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"free\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"1-on-1 OIE office hours\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For new or prospective customers interested in OIE, we invite you to check out Okta’s industry-leading Identity solutions by signing up for a \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"free \",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/free-trial/?_gl=1*hqmasd*_gcl_aw*R0NMLjE3MjgzMzM5NjAuQ2owS0NRandqWTY0QmhDYUFSSXNBSWZjN1liU0puXzFYeTZhTjBuOTl6TEQyWkZvWFFwNXlZbXZkMUJUV2VmTGxrZ180MENmZHZRUWpRY2FBc01JRUFMd193Y0I.*_gcl_au*NjQ3Mjc3MzY3LjE3MjQ0MjE5NDI.*_ga*NTE0NTAxODM2LjE3MjQwOTM3NjA.*_ga_QKMSDV5369*MTcyODY1NTk2Ny4xMDcuMS4xNzI4NjU2NzA0LjQwLjAuMA\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"30-day trial\",\"marks\":[{\"type\":\"underline\"},{\"type\":\"bold\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" now! For more on OIE, visit our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine-upgrade/faq.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"frequently asked questions\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2025-02-09T23:53:33.760Z","slug":"/cisasecurebydesign1","node_locale":"en","date":"2024-10-31T00:00","secAuthor":[{"name":"David Bradbury","slug":"david-bradbury","jobTitle":"Chief Security Officer","id":"87a8e5b7-da9e-56f7-95dc-37bd1aaee0d9","bio":{"bio":"David Bradbury is Chief Security Officer at Okta. As CSO, he leads overall security execution for the organization and his team is responsible for navigating the evolving threat landscape to best protect employees and customers. In addition, he is instrumental in helping Okta’s customers continue to adopt and accelerate Zero Trust security strategies.
\n\nPrior to joining Okta, Bradbury was Senior Vice President and Chief Security Officer at Symantec where he led and had global oversight of all cyber security and physical security programs.
\n\nBradbury has built an international reputation for leading and delivering cybersecurity at scale. He has worked across his native Australia, as well as in the United Kingdom and the United States, leading highly-regarded security teams at some of the world’s largest banks, including ABN AMRO, Barclays, Morgan Stanley and the Commonwealth Bank of Australia. He holds a B.S. in Computer Science from the University of Sydney.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=15&h=23&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=29&h=44&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=58&h=87&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=116&h=174&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=58&h=87&fl=progressive&q=50&fm=jpg","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=15&h=23&fl=progressive&q=50&fm=jpg 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=29&h=44&fl=progressive&q=50&fm=jpg 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=58&h=87&fl=progressive&q=50&fm=jpg 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/6TmzH9CPucdERKO5GNXf0y/9be194da88159d15d0faa88d84c5f70b/okta_062624_David_Bradbury_0819.jpg?w=116&h=174&fl=progressive&q=50&fm=jpg 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#e8e8d8","width":58,"height":87}}}],"title":"Okta’s Ongoing Commitment to Secure By Design","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Our progress against the CISA Secure By Design Pledge."},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Introduction\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is determined to raise the bar for cloud security.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In May 2024, Okta was one of the first technology providers to sign the CISA Secure by Design pledge. The pledge commits enterprise software companies to make a “good faith” effort to meet seven high-level Secure by Design goals within the course of a year.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This document assesses Okta’s progress against this pledge. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"To date, we have found it straightforward to demonstrate toward these goals in the vast majority of Okta products. We found it more challenging to be able to commit to achieving these goals in 100% of our products and operations. It has been a valuable exercise to hunt down and engineer solutions to those edge cases that prevent us from being able to state that we meet these goals \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"without exception\",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"table\",\"data\":{},\"content\":[{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Goal\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Status as at October 2024\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Drive Adoption of Multi-Factor Authentication\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"On Track\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Reduce use of default passwords\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Completed\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Reduce common classes of vulnerabilities\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"On Track\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Drive improved customer patching hygiene\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"On Track\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Publish a Vulnerability Disclosure Policy\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Completed\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Provide transparency on vulnerabilities\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Completed\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Deliver improved logging and monitoring for customers\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In Progress\",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"While technically at the midway point of the exercise, I want to stress that Okta’s commitment to security best practices does not end when the one-year mark is up in May 2025. Okta is engaged in a long-term initiative to lead the industry in the fight against Identity-based attacks - what we call the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/au/secure-identity-commitment/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Secure Identity Commitment\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"On that basis, we would not be opposed to CISA expanding its list of goals and making “Secure by Design” a multi-year program. At Okta, we have \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/10/oktas-mission-to-standardize-identity-security/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"big ideas\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" about the security features enterprise applications will need to have in place to handle emerging threats via IPSIE, a new open standard for identity in the enterprise. We stand ready to engage with CISA and our industry partners to shape a more resilient and secure future for cloud services. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"embedded-asset-block\",\"data\":{\"target\":{\"sys\":{\"id\":\"R2QhsAJt5os9D5f5gh37A\",\"type\":\"Link\",\"linkType\":\"Asset\"}}},\"content\":[]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"hr\",\"data\":{},\"content\":[]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"1. Drive Adoption of Multi-Factor Authentication\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\\"Within one year of signing the pledge, demonstrate actions taken to measurably\\nincrease the use of multi-factor authentication across the manufacturer’s products.\\\"\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Multifactor authentication is proven to be one of the most cost-effective and universally applicable security controls. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta boasts a \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.itnews.com.au/news/mfa-took-off-in-the-covid-era-okta-says-596916\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"best-in-class record\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" for adoption of multi-factor authentication among both users and administrators of the Workforce Identity Cloud. We publish statistics about MFA adoption, use, and performance via the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/sites/default/files/2024-10/Secure%20Sign-in%20Trends%20Report%202024.pdf\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Secure Sign-In Trends\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" report. This report records the relative growth and decline in total MFA use and the use of specific authenticators. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"As of January 2024, 91 percent of administrators and 66 percent of users of Okta Workforce Identity signed in to an application using multifactor authentication. This represents close to a doubling of MFA usage since the months prior to the COVID-19 pandemic.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The passwordless, phishing-resistant sign-in methods supported in Okta Workforce Identity (Okta FastPass and FIDO2 WebAuthn) recorded the fastest growth as of January 2024. The growth of Okta FastPass was most impressive: this passwordless method climbed from 2% of users by the end of 2022 to 6.4 percent of users (and 13% of administrative users) in January 2024. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"There are several reasons Okta has historically outperformed the industry in terms of voluntary MFA adoption:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has made MFA accessible to all users:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Several sign-in methods (Okta Verify OTP and Okta FastPass) are available to all customers in the latest version of the Okta Workforce platform, Okta Identity Engine, released in 2022. These MFA methods are available to customers for use as a second factor irrespective of whether a customer is licensed for the Okta MFA solution.\",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is driving adoption of passwordless factors: \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Identity Engine is a policy engine that allows for password-optional authentication flows for secure access to workforce applications. This frees up organizations to optionally phase out the use of passwords for designated user populations on modern devices.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Since February 2024, FIDO2 passkeys have been a first-class factor in the Auth0 platform, providing customers an ability to offer a new primary authenticator to replace passwords in consumer-facing apps and websites.\",\"marks\":[],\"data\":{}}]}]}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Over the past 18 months, Okta has made several commitments that drive strong MFA adoption: \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/articles/2023/08/byo-telephony-and-future-sms-okta\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"no longer offers SMS as a default MFA method\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" in new Okta Platform tenants, in an effort to encourage customers to embrace stronger sign-in flows.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta no longer allows administrators to create single-factor authentication policies for access to the Okta Admin Console or Auth0 Management Console. \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Customer administrators now require MFA for access to the Okta Help Center, a service desk/support application for the Okta Platform.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Target State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s goal is to enforce MFA for all administrative access to internet-facing services within the term of the Secure by Design pledge. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The MFA enforcement program for the Okta Admin Console commenced in September 2024 and is scheduled for completion by March 2025. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This program is complex and staged to support the different mechanisms Okta customers use to access privileged accounts, including the use of federated identity providers and privileged access management solutions.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"table\",\"data\":{},\"content\":[{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Date\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Enforcement\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"August 2024 \\n*\",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"Complete*\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Administrators can no longer create single-factor authentication policies for access to the Okta Admin Console, and have been notified of schedule for MFA enforcement.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"September 2024\\n\",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"*Complete*\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"MFA required for access to the Okta Admin Console on production tenants.\\n\\nTemporary exemptions for tenants that: (a) do not allow inline MFA enrolment, (b) Use inbound federation or (c) Use PAM solutions to access the Okta Admin Console\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"November 2024\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"MFA required for access to the Okta Admin Console on production tenants, removing exemptions for tenants that do not allow inline MFA enrolment.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"January 2025\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"MFA required for access to the Okta Admin Console in developer tenants used for building third-party integrations.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"March 2025\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"MFA required for all access to the Okta Admin Console, using AMR claims mapping to account for federated use cases and PAM solutions.\",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s longer term goal is to drive adoption of passwordless, phishing-resistant authentication for all administrative access. This method of sign-in dramatically reduces exposure to the most common forms of identity-based attacks. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current initiatives include:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In-app notifications that nudge administrators signed in to the Okta Admin Console to enrol in phishing resistant factors.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Dashboards in the Admin Console that help customers track adoption of phishing resistant authentication. \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Updates to the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/resources/whitepaper-the-secure-sign-in-trends-report/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Secure SignIn Trends report\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", which tracks the rate of phishing resistant adoption for administrators and end users.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Our other major initiative is the launch of additional features that extend phishing resistance across the user lifecycle, from enrolment through to authentication and recovery. These include \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine/authenticators/onboard-with-preenrolled-yubikey.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"pre-enrolled FIDO2 security keys\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" to secure user onboarding as well as \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/security/idp-idv.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Identity Verification integrations\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" that can be used to verify user identities using government-issued documents. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"2. Reduce the use of default passwords\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate measurable progress towards\\nreducing default passwords across the manufacturers’ products.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current State\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Default passwords present avoidable security risks.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All secrets generated in Okta cloud services are randomly generated. This includes customer tenant encryption keys, client secrets or JWK key pairs for application integrations, temporary user passwords and API keys. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Where on-premise appliances, clients or agents require default credentials at installation, Okta enforces rotation of these credentials at first sign-in to the administrative console. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Target State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"There are no immediate changes required.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"3. Reduce common classes of vulnerabilities\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate actions taken towards enabling a significant measurable reduction in the prevalence of one or more vulnerability classes across the manufacturer’s products.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta’s Product Security team performs security testing on all Okta products and triages vulnerability reports submitted by third parties.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In the interests of continual improvement, the team conducts large-scale studies of vulnerabilities reported across the Workforce and Customer Identity Clouds. Our latest study normalized this data against the Bugcrowd \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://bugcrowd.com/vulnerability-rating-taxonomy\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Vulnerability Rating Taxonomy (VRT)\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" to generate trending metrics on critical and high vulnerabilities reported over time.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Okta Product Security team uses the output from this analysis to make decisions about the tools, processes and campaigns required to address the most common root causes of vulnerabilities. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Okta Security Education capability within this team uses the findings, for example, to develop focus areas in training and awareness campaigns. The Okta Security Reviews team, meanwhile, are intermittently tasked with a “deep review” of a recurring bug class and make recommendations on how to prevent its occurrence across large numbers of development teams. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This feedback loop has resulted in near eradication of a number of classes of vulnerabilities in Okta products. One example is \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://owasp.org/www-community/attacks/Server_Side_Request_Forgery\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Server Side Request Forgery\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". After multiple deep reviews, Okta’s Security Engineering function re-wrote an SSRF protection mechanism in 2020. Over the three years since, the number of SSRF bugs discovered has declined by an annual average of 47%. We have not (knock on wood) discovered or responded to any SSRF bugs in the Workforce Identity Cloud in 2024.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Target State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Security now hopes to repeat this success with other vulnerabilities in the same category. Okta Product Security plans to initiate a campaign to drive down exposure to all vulnerabilities classed as Server Security Misconfigurations in the Bugcrowd VRT. The Server Security Misconfigurations category refers to 70+ vulnerability types. Many are troublesome because they tend to be difficult to discover or test for. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We are currently in the planning phase, which will result in a target metric, development of a dashboard, and a range of actions, such as:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Standardizing vulnerability categorization across product units, \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Deep Reviews to discover any additional evidence of this vulnerability across Okta’s product portfolio,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Updating Okta’s Secure Coding Guidelines to focus on this class of vulnerability,\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Education campaigns and champions program initiatives that target specific engineering teams, \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Hunting for repetitive patterns that could be automatically detected using scanners, and\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Development and advocacy for preferred libraries or recommended “secure by default” values.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We will provide an update on our results at the end of year one of the pledge.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"4. Drive improved customer patching hygiene\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate actions taken to measurably\\nincrease the installation of security patches by customers.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is committed to making it easy for customers to maintain up-to-date versions of client software, where it is required. We facilitate and encourage the ability for customers to automatically update client software without human intervention. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Workforce Identity Cloud customers can configure automatic installation of updates for Active Directory Agents and LDAP Agents that synchronize with on-premise identity services. The Okta Verify client on Windows can also be configured for automatic updates. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Automatic updates remain optional, as many enterprise organizations prefer to test updates before they are applied in production. We offer customers the option of \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine/devices/ov-autoupdate-windows.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"deferring or disabling automatic Okta Verify updates\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Even in cases where customers have chosen to defer or disable automatic updates of clients, Okta notifies customers where a version of a client they are running is found to be vulnerable to a new attack. Okta registers vulnerability information with the national vulnerability database as a CVE and proactively identifies and contacts potentially impacted customers.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators can check whether they are running the latest version of any given agent via notifications in the Admin Console. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Okta Verify client can be configured by administrators to automatically update on Android, iOS or MacOS using solutions from Okta’s \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/identity-engine/devices/managed-main.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Device Management partners\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\". Users can auto-update the Okta Verify client or the Auth0 Guardian client downloaded from the Apple or Google app stores. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Target State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is committed to delivering automatic updates on supported platforms. Our next goal is to ensure that no customer is left behind due to a lack of information or context about what software needs to be updated. We are exploring ways to elevate reminders about pending updates to more prominent positions in our administrative consoles - such as creating new task list items or “inbox” notifications.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"5. Publish a Vulnerability Disclosure Policy\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, publish a vulnerability disclosure policy (VDP) that authorizes testing by members of the public on products offered by the manufacturer, commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP, provides a clear channel to report vulnerabilities, and allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure best practices and international standards. \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is committed to providing opportunities for independent security researchers, customer red teams and other interested parties to discover and responsibly disclose vulnerabilities in our platforms.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has a long-standing \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/vulnerability-reporting-policy\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"published Vulnerability Disclosure Policy\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" and has maintained public bug bounty programs since 2016. Today Okta’s public bug bounty program includes the Auth0 platform, and most products in the Okta platform (including Okta Privileged Access, Okta Workflows, Okta Access Requests, Okta Device Access, Advanced Server Access, the Okta support portal as well as client software including Okta Verify clients, Okta directory agents and the Okta browser plugin). \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has provided financial rewards for over 400 issues submitted to the public bug bounty program since its inception, and paid out over US$440,000 in rewards.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Target State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta aims to maintain 100% coverage of all Okta products in our bug bounty programs. To achieve this goal, Okta recently added Okta Access Gateway and Okta Personal to a private bug bounty program, and promoted the Auth0 Platform from the private program into Okta’s public bug bounty program. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is committed to adding new products to these bug bounty programs into the future.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"6. Provide transparency on vulnerabilities\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate transparency in vulnerability\\nreporting by including accurate Common Weakness Enumeration (CWE) and Common\\nPlatform Enumeration (CPE) fields in every Common Vulnerabilities and Exposures (CVE)\\nrecord for the manufacturer’s products. Additionally, issue CVEs in a timely manner for, at\\nminimum, all critical or high impact vulnerabilities that either require actions by a customer to patch or have evidence of active exploitation.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta addresses vulnerabilities discovered in Okta software and services in accordance with the contractual terms entered into with customers.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Further, Okta has published CVEs when a vulnerability discovered in an Okta component requires action on the part of an Okta customer. Okta is a CVE Numbering Authority (CNA) authorized by CISA and MITRE to publish vulnerability information as CVE (Common Vulnerabilities and Exposures) bulletins. CVE bulletins for customer-installed Okta clients and agents are published at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"http://trust.asqula.com/security-advisories/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"trust.asqula.com/security-advisories/\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Target State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta commits to also publishing CVE bulletins for vulnerabilities where they meet the following conditions:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta customers are required to apply a security update to mitigate the risk, or\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In the absence of a security update, Okta Security is aware of reliable workarounds or other mitigating actions a customer could take using third-party tools to address the risk posed by a vulnerability, or\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The vulnerability is subject to active exploitation in attacks on one or more Okta customers.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This approach balances the legitimate interests of Okta customers in understanding their exposure to risk, while protecting them from unnecessary risks and reducing the “ticket fatigue” burden that would be imposed if customer teams were held to account for risks they have no agency to mitigate. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We recognize that this approach will result in some vulnerabilities never reaching the public domain, limiting opportunities for other parties to derive lessons from these bugs. With this in mind, Okta commits to providing greater transparency about vulnerabilities addressed in Okta services, where those methods of disclosure no longer impose risks for our customers. Okta recently published, for example, \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://sec.asqula.com/fastpasshardening\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"this short history\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of research into abuse of the Okta FastPass client as one approach to demonstrating this transparency, and presented on the same subject at Oktane 2024 in Las Vegas.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What is more important, in the eyes of many customers, is how we get the right security information into the hands of the right customer stakeholders in a timely fashion. Okta is committed to improving our methods of disclosing security-relevant information to customers. If you’re an Okta customer and haven’t provided your CISO/CIO and Security contacts to your Okta account representative, there is no time like the present!\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"7. Deliver improved logging and monitoring for customers\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"blockquote\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Within one year of signing the pledge, demonstrate a measurable increase in the\\nability for customers to gather evidence of cybersecurity intrusions affecting the\\nmanufacturer’s products.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Current State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All Okta products provide mechanisms for administrators to troubleshoot access issues and for security teams to monitor for suspicious activity. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At minimum, logged events include authentication and application access events, administrator and user actions, session context, and information on the source and target of an action. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Logged events are typically available in administrative consoles and programmatically via APIs and log streaming (see table below). \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"table\",\"data\":{},\"content\":[{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\n\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Okta Platform \",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Auth0 Platform\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Access Gateway\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-header-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Fine-Grained Authorization (new)\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Logged events\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"All user, administrator and support events for Okta Identity Engine, Okta Privileged Access, Okta Identity Governance, Identity Threat Protection, Okta Device Access\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"User authentication and administrator events\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"User authentication, access, authorization and administrative events. Administrators can \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oag/en-us/content/topics/access-gateway/admin-settings-logging-log-level.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"manage the type and verbosity\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of logged events.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Modify events\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta Log File Retention\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"90 days\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Aligned with subscription level.\\n\\n30 days for Enterprise licensed customers \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"30 days\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"N/A\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrator access to logs\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Events can be \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/en/prod/Content/Topics/Reports/syslog-filters.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"browsed, searched or filtered\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" directly in the Okta Admin Console. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"\\n\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Events can be \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/docs/deploy-monitor/logs/view-log-events\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"browsed, searched or filtered\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" directly in the Auth0 Dashboard. \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Events can be browsed, \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oag/en-us/content/topics/access-gateway/admin-settings-log-download.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"downloaded\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" in the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oag/en-us/content/topics/access-gateway/about-logging.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"management console\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of the Okta Access Gateway, downloaded \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"N/A\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"table-row\",\"data\":{},\"content\":[{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Programmatic access to log events\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Log events can be \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oie/en-us/content/topics/reports/log-streaming/about-log-streams.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"streamed to security tools in near real-time\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", and can also be queried and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://developer.asqula.com/docs/reference/api/system-log/#filtering-results\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"filtered\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" using the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://developer.asqula.com/docs/reference/api/system-log/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"System Log API\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Log events can be \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/docs/customize/log-streams\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"streamed to security tools in near real-time\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\", be can also be queried and \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/docs/deploy-monitor/logs/retrieve-log-events-using-mgmt-api\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"filtered\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" programmatically using the Auth0 Management API\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Administrators can \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://help.asqula.com/oag/en-us/content/topics/access-gateway/admin-settings-logging.htm\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"configure log forwarders\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" to push Okta Access Gateway logs to security tools.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"table-cell\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Modify events can be queried using the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://docs.fga.dev/integration/advanced/read-tuple-changes\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Read Changes API\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\".\",\"marks\":[],\"data\":{}}]}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta is continually aiming to make log events more meaningful for security use cases. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In August 2024 alone:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta provided new ways to correlate events by session or by token in the Okta Platform. A new \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"rootSessionId \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"field was added to a range of user events to help security teams correlate all actions performed within the context of a user session. A new \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"rootTokenId \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"field to a range of management API events to help customer security teams correlate all API calls that use a specific token.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta provided administrators of the Auth0 Platform the ability to \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/docs/secure/security-center/prioritized-log-streams\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"prioritize the streaming performance\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of security or risk-relevant event types (such as those relevant to detection and response) over other event types.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-4\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Target State\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta has identified a range of additional improvements that can help customer security teams respond more effectively to suspicious events. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The roadmap for the Okta Platform includes:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta will take Log investigator with Okta AI, currently in beta, to General Availability. Log Investigator provides customer admins an ability to construct System Log queries using natural language prompts. This aims to lower the bar for the domain knowledge required to work with System Log events.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta will add a new \",\"marks\":[],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"changedDetails \",\"marks\":[{\"type\":\"italic\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\"field to a range of configuration events to help customer security teams quickly identify the delta between former and current state after a configuration event.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta will deliver optional System Log events for Workflows executions.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The roadmap for the Auth0 Platform includes:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta will deliver \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://auth0.com/changelog#3ZqzIY4EVn7T0OiwbKoLxC\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"alerts\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" and visual indicators for deviations from customer-defined thresholds set in the Auth0 Security Center.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta will deliver Team-specific audit dashboards for configuration changes, administrative grants and current valid sessions. \",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta will deliver a visual session management dashboard for the Auth0 Management Console, along with the ability to revoke sessions. \",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The roadmap for the Okta Fine-Grained Authorization includes:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"unordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta will deliver log streaming for the new FGA product in the first half of 2025.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Conclusion\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Okta applauds and thanks the US Cybersecurity and Infrastructure Security Agency’s efforts to promote Secure by Design among technology manufacturers.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We look forward to working with our customers, partners, peers and CISA to contribute further to achieving a stronger default level of security for all users. \",\"marks\":[],\"data\":{}}]}]}"}},{"updatedAt":"2026-05-18T01:26:07.071Z","slug":"/articles/2024/09/unveiling-essence-security-customer-trust","node_locale":"en","date":"2024-09-17T12:14","secAuthor":[{"name":"Okta Customer Audit","slug":"/hackers/oktacustomeraudit","jobTitle":null,"id":"cda4b113-e204-5b8f-bd78-617b6866cf06","bio":{"bio":""},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=15&h=17&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=29&h=33&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=58&h=65&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=116&h=130&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=58&h=65&q=50&fm=png","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=15&h=17&q=50&fm=png 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=29&h=33&q=50&fm=png 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=58&h=65&q=50&fm=png 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2sw7bxHuVZmGGWj970q4A8/f9e81c2a065cfc7534840644492bdddd/Okta_Aura_CMYK.png?w=116&h=130&q=50&fm=png 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#080808","width":58,"height":65}}}],"title":"Unveiling the Essence of the Security Customer Trust Function","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"Trust plays a pivotal role in getting new prospects interested and retaining current customers. Earning and maintaining customer trust isn't just a goal; it's a commitment guiding every decision."},"body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"There was a time when only a handful of enterprise SaaS vendors possessed SOC 2 or ISO 27001 certifications. However, in today’s market, vendors are scrutinized based on the data they handle, regardless of their size. Small B2B SaaS companies must now provide compliance certifications, penetration testing results, and answers to extensive security questionnaires to finalize deals, and larger SaaS vendors can find themselves responding to dozens (or even hundreds) of security questionnaires.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Trust plays a pivotal role in getting new prospects interested and retaining current customers. Earning and maintaining customer trust isn't just a goal; it's a commitment guiding every decision. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"As part of \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/secure-identity-commitment/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Okta’s Secure Identity Commitment\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", we've taken a proactive approach to this challenge by launching a new consolidated Trust Center. This centralized, seamless, and secure repository allows customers and partners to self-service access key compliance documents to validate our security posture and stay informed on our latest updates. Explore our new Trust Center and learn more about our transparency and security practices at\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://security.asqula.com\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\" \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"security.asqula.com\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\".\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Security Customer Trust Team at Okta\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"In Okta's ecosystem, the Security Customer Trust team is essential for maintaining platform security and continued integrity. This team proactively communicates Okta's security strategy, responds to customer inquiries, and builds trust through consistent outreach. By working closely with internal security teams, product, sales, privacy, and customer support, we ensure security is integrated across all aspects of Okta’s operations. This dedication to transparency, accountability, and customer-centricity helps Okta earn and maintain the trust of its global customer base.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Trust is more than just a buzzword; it’s a core principle woven into every facet of our organization. As a provider of identity management solutions, Okta understands that trust and identity are foundational to customer relationships. With the ever-growing complexity of identity attacks, protecting against these threats is critical. Okta remains committed to prioritizing features that safeguard users under the \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://www.asqula.com/secure-identity-commitment/\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Okta Secure Identity Commitment\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", ensuring ongoing protection as technology evolves.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The Security Customer Trust team operates with a clear mission: \",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\"to bolster security outcomes for Okta customers and the communities we serve\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\". The team is dedicated to advocating best practices and championing zero trust principles when leveraging Okta. Actively seeking feedback from customers and prospects, the team continually helps to enhance Okta's products and services, ensuring they remain at the forefront of security innovation.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Trust is the glue that binds Okta’s external relationships with customers, partners, vendors, and communities. Okta's vision, “\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\"to free everyone to safely use any technology”,\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\" underscores its commitment to providing a secure and reliable digital identity service. Rooted in the principle of \\\"love our customers,\\\" the team is dedicated to ensuring Okta’s services remain both available and secure.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The evolution of the CISO role highlights the growing importance of security in business strategy. Modern CISO’s are not only security practitioners, but also the strategic leaders responsible for integrating security across business operations, managing risks, and fostering a collective cybersecurity culture.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Implementing and Maintaining Trust\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Building customer trust is integral, especially given Identity Providers (IdP) like Okta face constant threats from well-funded adversaries. Cyber threats are persistent, highlighting the need for strong security measures. As Johan Thorbecke said, \\\"Trust arrives on foot and leaves on horseback.\\\" Trust can be fragile, so it's imperative to maintain through continuous and comprehensive security efforts to maintain confidence in cloud services.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"Security-First Approach\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta places security at the heart of everything, from product development to customer support. By sticking to strict security standards, Okta customers are reassured that their identities and data are safe. \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://sec.asqula.com/articles\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Okta Security\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\" articles help build trust and transparency with regular updates on security measures, product features, and potential vulnerabilities in alignment with our vision to\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[{\"type\":\"italic\"}],\"value\":\" free everyone to safely use any technology.\",\"nodeType\":\"text\"},{\"data\":{},\"marks\":[],\"value\":\" \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"Communication and Transparency\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Clear communication is pivotal to building trust. Okta has simplified accessing security information by uploading third-party attestations, industry-standard questionnaires, and current policies to our \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"http://security.asqula.com\"},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"underline\"}],\"value\":\"Trust Center\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\", reducing the need for formal security reviews and lengthy questionnaires.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The effectiveness of any Trust Center hinges on the quality of its content. In Okta’s, you’ll find: \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Policies covering all aspects of security\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Information addressing common questions and standard questionnaires\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Roadmaps outlining upcoming security improvements\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Certifications, privacy policies, and whitepapers\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"list-item\"}],\"nodeType\":\"unordered-list\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Centralizing these documents creates a secure hub for security information, ensuring only authorized individuals have access. For more information on accessing Okta's Security Trust Center, visit our \",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://support.asqula.com/help/s/article/accessing-okta-s-security-trust-center?language=en_US\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta Docs\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\".\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[{\"type\":\"bold\"}],\"value\":\"Customer-Centricity and Continuous Improvement\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"At Okta, customer-centricity and continuous improvement are priorities. Okta’s solutions are tailored to meet the evolving needs and preferences of our customers. We demonstrate our commitment to both trust and customer satisfaction by listening to customer feedback and addressing concerns. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"We also understand that trust is earned through consistent performance and continuous enhancement, Okta invests in research and innovation to stay ahead of emerging threats. Continuous improvement is key, and every employee plays a part in maintaining customer trust by fostering a culture of security awareness.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The Future of Customer Trust\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-2\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Advances in technology and cyber threats will continue to grow in sophistication, and as such organizations must remain dedicated to building trust, viewing new challenges as opportunities for growth and innovation. I’m confident that Okta will continue to set high standards in both trust-building and identity management, while staying committed to strong core values including integrity, security, and customer-centricity.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"}},{"updatedAt":"2024-09-05T16:28:27.869Z","slug":"/articles/security-education-storytelling","node_locale":"en","date":"2024-09-05T08:00","secAuthor":[{"name":"Ann Wallace","slug":"/hackers/ann-wallace","jobTitle":"Director of Product Security","id":"a21c5c8e-d13f-5468-9761-0986a3394d27","bio":{"bio":"
Ann Wallace is the Director of Product Security Education at Okta. She shares her journey of transforming security education through the art of storytelling. Prior to Okta, Ann held security leadership roles at Google, Nike, and Shopify. She is also on the Board of Directors for WiCyS Oregon. Ann has spoken globally at conferences on Security Education, Women in Tech, and Cloud and Container Security. Ann can also be found trail running around the PNW with her dog Cedar.
"},"image":{"gatsbyImageData":{"images":{"sources":[{"srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=15&h=15&q=50&fm=webp 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=29&h=29&q=50&fm=webp 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=58&h=58&q=50&fm=webp 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=116&h=116&q=50&fm=webp 116w","sizes":"(min-width: 58px) 58px, 100vw","type":"image/webp"}],"fallback":{"src":"https://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=58&h=58&q=50&fm=png","srcSet":"https://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=15&h=15&q=50&fm=png 15w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=29&h=29&q=50&fm=png 29w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=58&h=58&q=50&fm=png 58w,\nhttps://images.ctfassets.net/kbkgmx9upatd/2qR594svVD13Nv9d5GRkCe/720d8746d5a87c62f24e4c53c5eff4e8/Screenshot_2024-09-03_at_1.50.39_PM.png?w=116&h=116&q=50&fm=png 116w","sizes":"(min-width: 58px) 58px, 100vw"}},"layout":"constrained","backgroundColor":"#f8f8f8","width":58,"height":58}}}],"title":"Security Education Through the Art of Storytelling","sys":{"contentType":{"sys":{"id":"secBlogpost","linkType":"ContentType","type":"Link"}},"type":"Entry"},"summary":{"summary":"In today's digital world, cybersecurity isn't just a technical issue, it's a human one. "},"body":{"raw":"{\"nodeType\":\"document\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"In today's digital world, cybersecurity isn't just a technical issue, it's a human one. At Okta, we've taken a fresh approach to security education by leveraging a tool as old as humanity itself - storytelling. We aim to make security education effective, engaging, and memorable by weaving narratives into our training sessions.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"What is Storytelling?\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Storytelling is more than just a method of communication; it is a profound way to connect with people, share experiences, and influence thoughts and emotions. As Jimmy Neil Smith, Director of the International Storytelling Center, puts it: “We are all storytellers. We all live in a network of stories. There isn’t a stronger connection between people than storytelling.”\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"This connection is why storytelling is such a powerful tool in education. We aren't just relaying information when we tell a story - we create an emotional experience. This emotional investment helps people better remember the lessons long after the session is over.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Elements of a Good Story\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"A compelling story has several key elements:\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"ordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Characters:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" Every story needs a hero and, often, a villain. In the context of cybersecurity, the hero could be the employee who spots a vulnerability during a code review. At the same time, the villain might be the adversary trying to breach the system.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Hero’s Journey:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" This is the narrative arc where the hero faces a challenge, overcomes obstacles, and emerges victorious (or learns a valuable lesson in defeat).\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Conflict and Resolution:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" At the core of any good story is conflict. It might be a breach attempt, a security flaw, or risky behavior that needs correcting. The resolution is how the characters (or the audience) learn to address and resolve these issues.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Lessons Learned:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" What should the audience take away from the story? This could be practical advice, a change in perspective, or a call to action.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"At Okta, we apply these elements to our security education by crafting relatable scenarios that resonate with our audience. We don’t just list the Open Source Foundation for Application Security (OWASP) Top 10 vulnerabilities; we tell the story of the \\\"Okta Top 10” – the Top 10 vulnerabilities we see through code reviews and other methods. We weave in real-world examples and metaphors that bring these abstract concepts to life.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"How to Tell a Story in Security Training\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"ordered-list\",\"data\":{},\"content\":[{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Know Your Audience:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" Understanding your audience's background, expertise, and interests is crucial. At Okta, we avoid generic examples that don’t resonate with our employees. Instead, we use examples found in our codebase to make security concepts relatable.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Pull Them in with Emotional Connections:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" Start with a relatable scenario. Use personal stories, show empathy for their challenges, and highlight how security issues impact them directly.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Make Them Care:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" To drive the point home, it’s essential to illustrate the real-world consequences of security lapses. Show both the adverse outcomes of ignoring best practices and the positive results of adhering to them.\",\"marks\":[],\"data\":{}}]}]},{\"nodeType\":\"list-item\",\"data\":{},\"content\":[{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Give Them Something to Remember:\",\"marks\":[{\"type\":\"bold\"}],\"data\":{}},{\"nodeType\":\"text\",\"value\":\" Whether it’s a humorous anecdote, a dramatic story arc, or a surprising twist, the goal is to leave the audience with a memorable takeaway. This helps reinforce the lessons learned and encourages better security practices.\",\"marks\":[],\"data\":{}}]}]}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Storytelling in Action at Okta\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"When I joined Okta, one of my first tasks was overhauling our secure code training. We decided to shift our focus from traditional lectures to storytelling, using elements from gaming, sci-fi, and fantasy to create a narrative that would resonate with our tech audience.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We created fictional characters, like \\\"The Devs,\\\" representing our product development team members and placing them in scenarios that mimic real-world security challenges. These diverse characters and grounded-in-reality scenarios made them more relatable and effective in conveying the importance of security practices.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For instance, one of our training modules depicted a hacker attempting to infiltrate a secure area, like trying to gain unauthorized access to a club. Using this metaphor, we could visually demonstrate authentication issues and privilege escalation in an engaging and educational way.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Why Storytelling Works\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Good stories surprise us, make us think and feel, and stick in our minds long after we've heard them. In cybersecurity training, this means our employees are more likely to remember the lessons we teach and apply them in their daily work.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"We are continuously building on this approach, integrating storytelling deeper into our security culture, making our educational materials informative, and reflecting our unique culture at Okta.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"By embracing storytelling, we transform our security training from a mundane task into a memorable experience that fosters a culture of security awareness throughout the organization.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Conclusion\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Storytelling is a powerful tool in security education. It makes training more engaging, relatable, and memorable, helping employees not just learn about security best practices but also internalize them. At Okta, we have heard from our employees that they find the training relatable and enjoyable. We are also seeing a higher level of on-time completion rates than we did with previous trainings. We're committed to using storytelling to create a stronger security culture - one that empowers every team member to live our \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/blog/2024/04/the-story-behind-oktas-values/\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"company value\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" of Aways Secure, Always On.\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"heading-3\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"Learn More\",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"The Security Education team will present at \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/oktane\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Oktane\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" on “\",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://www.asqula.com/oktane/sessions/?tab.allsessionsfilter=1722375948750001fBW3&search=Building%20a%20Robust%20Security%20Education%20Program#/session/1722960641157001RDbO\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"Building a Robust Security Education Program\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\"” in October. \",\"marks\":[],\"data\":{}}]},{\"nodeType\":\"paragraph\",\"data\":{},\"content\":[{\"nodeType\":\"text\",\"value\":\"For more on storytelling, please watch my \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://youtu.be/KJ920WIpHHU\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"keynote\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" address at the CloudNative SecurityCon in July. I will also be leading two sessions on Security Education Through the Art of Storytelling at the \",\"marks\":[],\"data\":{}},{\"nodeType\":\"hyperlink\",\"data\":{\"uri\":\"https://conference.ewf-usa.com/event/c76cd0b2-f7f7-4e49-8ca2-dbded0406e07/summary\"},\"content\":[{\"nodeType\":\"text\",\"value\":\"EWF (Executive Women's Forum) Annual Conference\",\"marks\":[{\"type\":\"underline\"}],\"data\":{}}]},{\"nodeType\":\"text\",\"value\":\" on October 23, 2024.\",\"marks\":[],\"data\":{}}]}]}"}}]}},"pageContext":{"limit":10,"skip":30,"numBlogPages":9,"currentPage":4}}, "staticQueryHashes": []}