3 ways Okta helps you improve your security posture and respect the human right to privacy

Identity is the connection between people and technology, the gateway to every digital interaction. As the threats we face continue to evolve, identity becomes increasingly important to our communities and workplaces.

Cybercriminals are orchestrating more sophisticated attacks using generative AI techniques, leveraging their capabilities to create convincing deepfake content, forge identities, and bypass traditional security measures. Today, attacks are up 180% compared to last year. It takes organizations an average of 290 days to detect and contain a security breach.

Identity is security. Identity is a critical entry point into enterprise security for all employee and consumer applications. Protecting digital identities enables respect for human rights, including privacy, freedom of discrimination, security, and freedom of expression.

Privacy and security are at the forefront of development

At Okta, love for our customers has always been a differentiator in how we work. By designing with these principles in mind, Okta helps customers stay at the forefront of privacy and security. Here’s how Okta demonstrates these priorities:

  • Okta doesn’t sell customer data. We respect privacy and believe that customers own their own data. Customers have full control over the information they need to operate the service and can add or remove information at any time without needing support or professional services. We only use customer data to provide the service. Okta will not sell or share your information with third parties without your consent.
  • Okta has publicly committed to the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design pledge. In May 2024, Okta became one of the first enterprise software providers to sign the pledge.
  • Enterprise software companies are required to make serious efforts to achieve seven high-level Secure by Design goals within one year. This improves security across the technology ecosystem through a coordinated, multi-vendor effort. For more information, see our six-month progress update.
  • Okta aims to enable privacy by design for all software that has identity. Okta makes it easy for developers to build robust identity protection and security best practices into their software.
    Okta helps customers transition to a more secure, passwordless future. Passwords can easily be copied, stolen, phished, or cracked. Okta’s passwordless authentication prevents password-based attacks and protects your organization’s data.
  • Okta helps vulnerable organizations, like nonprofits, improve their security posture. Through Okta for Good, eligible nonprofits receive license donations and discounts on key solutions like single sign-on and adaptive multi-factor authentication. We also know that nonprofits need access to our expertise to succeed with Okta, which is why we offer a program that gives eligible nonprofits the opportunity to get onboarding support.

We believe this could have a significant impact. According to Microsoft, the nonprofit sector is the third most affected sector. 41% of nongovernmental organizations (NGOs) report being victims of a cyberattack in the past three years (2020-2023).

Learn more about how marginalized communities, including the nonprofits that support these communities, often bear a disproportionate burden of cyber threats and vulnerabilities.

Security is a priority

Okta’s vision is to enable everyone to use any technology securely. As a result, security is central to Okta’s DNA and drives our decisions and outcomes over the long term. Okta implements security in the following ways, among others:

  • At Okta, we recognize our responsibility to protect the digital identities of individuals, communities, and organizations around the world. Leveraging our unique recognition as the world’s leading independent identity provider, Okta has actively supported numerous global events, including the 2024 Paris Olympics and the US Presidential election.
  • Okta is committed to securely using and developing AI to strengthen connections between people, technology, and communities. Okta has adopted responsible AI principles that align with our core value of “Always Secure.” Always available to earn customer trust and deliver a rigorous approach to AI innovation with a focus on security and privacy.
  • As we continue to innovate, our engineering, security, product, enterprise technology, legal, and human rights teams work together to understand and integrate respect for human rights, including privacy, anti-bias, and security, through collaboration with internal and external human rights experts.
  • Okta Ventures invests in and supports companies developing cutting-edge technologies based on identity, security, and privacy. For example, Okta Ventures has invested in k-ID, a startup that “empowers youth in safe, age-appropriate, and empowering ways” by providing inherently safe, privacy-conscious, and compliant age-appropriate games for the digital age. Okta Ventures has also invested in Intrinsic, an AI-powered enterprise content moderation platform that aims to make the internet safer by democratizing security tools.

A New Industry Standard

Earlier this year, we launched the Okta Secure Identity Commitment, whose pillar is to “raise the bar in the industry.” As detailed in the first blog in this series, Okta made a major announcement at Oktane24 in October.

To improve security in the technology space, Okta is part of the OpenID Foundation working group developing a new identity security standard, the Interoperability Profile for Secure Identity in the Enterprise (IPSIE). The vision for this new open standard is to provide SaaS companies with a framework to improve the end-to-end security of their products across all touchpoints of the technology stack.

“Okta is focused on better protecting the entire tech industry from attacks,” Okta CEO and co-founder Todd McKinnon said at the launch of the OpenID Foundation’s IPSIE working group at Oktane24. “IPSIE’s goal is to standardize identity security and drive an open ecosystem where anyone can easily build and use enterprise applications that are secure by default.”

Today, thousands of applications in the cloud are built without secure identity. This effort aims to raise the bar on security while respecting human rights like privacy.

Moving Forward in the Future

It’s a challenging and exciting time to be on the front lines of identity politics. It’s never been more important to protect people, communities, their data, and digital rights. Advances in technology can either help or hinder our journey to 2025. AI tools must be implemented, secured, and controlled responsibly and within consistent ethical standards to deliver on the promise they have made. Criminals and malicious actors have easier access to advanced technology than ever before, and security teams are under constant pressure to achieve the greatest security return on their investment.

Given today’s fast pace, the protection of personal information and the benefits of opportunity must be equally available to everyone. Okta’s vision to empower everyone to use any technology securely is more important than ever.

Beyond compliance: Elevating Okta’s ESG with security and trust

As the gateway to every digital interaction, identity is the connection between people and technology. Over the past 15 years, Okta has built an amazing ecosystem for nearly 19,000 customers. These customers trust Okta to connect their most valuable assets: their employees and their customers, and they trust Okta to do so securely and with privacy. But security and privacy are not just features of Okta products; they form the foundation of these important connections and the foundation of trust with stakeholders.

Security and privacy are core to Okta’s vision: to give everyone the freedom to use any technology securely. “Everyone” means ensuring digital access for everyone. “Secure” means secure access and protecting the right to privacy. In an increasingly digital world, as our lives move online for work, banking, healthcare, education, commerce and more, trusting these connections becomes more important. Security and privacy are prerequisites for building trust.

Given the importance of privacy and security to our business, it’s no surprise that they are two of Okta’s top Environmental, Social, and Governance (ESG) priorities. With an effective ESG strategy, the most important ESG issues are also the most important business issues. The goal of our ESG program is to promote responsible and sustainable business practices across all areas of the company that positively impact society and contribute to Okta’s financial success.

Few people think about the relationship between security, privacy and trust more than Ben King, Okta’s VP of Customer Trust. I recently spoke with King to get a better understanding of Okta’s approach to security and privacy across the company and within its ESG framework.

What does trust mean to you?

“From my days working in cybersecurity and technology strategy, I define trust as a combination of a commitment to behave in a certain way and doing everything possible to meet that expectation. The person or organization must be able to perform as expected – they must be competent, of course – and they must also demonstrate that they will behave in a certain way regardless of external factors.

This can be verified through historical observation or, more tactically, through third-party verification. This raises the issue of integrity: the fact that you have a track record of behaving in a certain way, regardless of what else is going on in the world. Because being trusted when it’s entirely in your own interest is not really a sexy skill. Just your commitment to share potentially difficult news shows that you are truly trustworthy.

At Okta, we are committed to showing our customers what we love, both the features and products we offer, and if we make mistakes, we’re going to share them with you. Our customers expect transparency so they can trust and validate that we’re living our values ​​here.

We also believe that trust is important to Okta, as it is the foundation of our leadership in security and privacy, and of our success in the digital world. Our customers need to be able to trust that our services are trustworthy and secure. Secure digital identities enable people to be productive at work and provide the best user experience for our customers.

Trust leads to better outcomes for our customers, partners, employees and communities, which in turn leads to better business outcomes for Okta. Without trust, the tools and services we rely on as a global community would quickly fall apart.

Why do we work on trust and security?

“We believe there is no aspect of the world we live in more important than protecting our digital identities, and it’s incredibly motivating to know that we can be part of the solution, because we’re really talking about the foundation of the global economy.

If we can’t trust online information or trust that our transactions are secure when we interact with companies, what’s the next step? Would you rather not transact online? Or have a digital identity? When people make these decisions and start to back away from trust exchanges, it’s because they don’t trust that the system that’s supposed to protect them will do so.

Then you have a really big problem. It’s incredibly motivating to work to build and maintain trust, because the alternative is never sustainable or positive.”

What does your team do at Okta? Why does it matter to customers?

“At the beginning of 2022, I launched a team within Okta Security whose sole goal is to improve security outcomes for Okta customers and the communities they support. One way we achieve this is by communicating best practices when using Okta or cybersecurity in general, and incorporating customer feedback to continuously improve our product.

I call this service “customer trust.” From the outside, whether it’s customers, partners, supply chain, or community, that trust is the glue that gives Okta its operational cohesion.

Okta’s vision is “to give everyone the freedom to use any technology securely,” and we achieve this by providing the world’s leading digital identity service. But we know our customers love Okta because we provide a service they can trust not just for its technical delivery of digital identity, but for its availability and security.”

How is security connected to ESG at Okta?

“Okta demonstrates its commitment to social and environmental well-being through its ESG program, where security and trust play key roles alongside risk, data protection, ethics, and broader ecological and societal goals.

Historically, Okta has demonstrated security fundamentals in its ESG program by demonstrating compliance with security and privacy regulations and supporting a variety of international, industry-recognized systems, such as ISO certification and FedRAMP authorization.

In addition to reporting compliance, we have also committed our customers to the Secure Identity Commitment, designed to enable better security outcomes for Okta’s customers, their communities, and the technology industry as a whole.”

How does Okta make the world safer?

“Okta is on the front lines of the fight against identity-based attacks. Okta ThreatInsights detected and stopped over 2 billion malicious requests in the last 30 days alone. In the last 90 days alone, we’ve reduced credential stuffing attempts and malicious bot traffic by over 90% for some of our largest customers.

At Okta, we believe strong identity is a prerequisite for a secure digital future. Three initiatives are enabling this future:

  • Joining the Zero Trust framework: Our products don’t assume trust in the system, but establish trust with each access request in a process that takes into account the asset, user context, and access requested.
  • Providing phishing-resistant authentication: Okta offers a selection of authentication systems that meet the NIST definition of phishing-resistant, including FIDO2 WebAuthn, Okta Verify FastPass, and smart cards, providing Okta and its customers with a strong defense against this growing attack vector.
  • Driving the industry transition to passwordless authentication: Modern authentication with secure elements like FIDO2 WebAuthn and Okta Verify FastPass support biometrics, which are the perfect enabler for businesses looking to go passwordless. These secure factors, combined with login context (user, device, location, etc.), can eliminate the requirement for passwords in the authentication process in a Zero Trust-compliant decision based on access risk and the strength of authentication required. A passwordless future can simultaneously improve security and improve user experience.”

How is Okta contributing to the broader security landscape?

“Okta recently made a commitment to Secure Identity to lead the industry in the fight against identity attacks. We have already protected over 19,000 customers and are constantly evolving to combat identity-based attacks.

We announced the final steps we are taking to combat identity-based attacks and help our customers and the industry detect and mitigate emerging threats. Our efforts include:

  • Investing in market-leading products and services
  • Protecting enterprise infrastructure
  • Driving customer best practices
  • Raising the industry standard

Designing Okta’s security controls to meet our own high standards helps us meet our customers’ demands. It also improves the playing field for all customers who use Okta and the broader ecosystem. This network effect is critical for you to trust Okta to build secure connections, foster a vibrant ecosystem, and achieve our vision of empowering everyone to use any technology securely.

Example:

  • Since its launch in 2021, Okta has been part of the Minimum Viable Secure Product (MVSP), providing a vendor-neutral application security baseline designed to eliminate overhead, complexity, and confusion in the end-to-end process of onboarding products and services to third parties.
  • Okta has developed solutions with partners such as Google and Splunk to support the export of Okta data to third-party solutions, improving overall security.
  • Okta participates in and contributes to the OpenID Foundation, a non-profit open standards organization that develops identity and security specifications that serve billions of consumers across millions of applications.
  • Okta participates in global standards organizations such as the Cloud Security Alliance (CSA), a non-profit organization whose mission is to “promote the use of best practices to secure cloud computing and provide education on the use of cloud computing.”

Best Trading Platforms and Apps in the US for Beginners

It’s clear that trust is becoming increasingly important in the digital space. This means that validating trust as a form of governance will remain a key focus for the next decade. At Okta, we believe building trust contributes to societal outcomes, so we value transparency and use it as a way to keep our customers informed.

And while we protect many of the world’s largest organizations and governments, it’s just as essential that we protect those who don’t have the same access to security expertise, like nonprofits and groups that make up local communities.

Read Building a Safer World: Okta for Good’s $50M, 5-Year Commitment to learn about what’s next in our work to make any technology safe for everyone.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top