3 ways Okta can help you improve your security posture and respect privacy-forward human rights

This is the second in our blog series on trust/security and human rights. You can find our first blog here.

Identity is the connection between people and technology, and it’s the front door to all digital interactions. As the threats we face evolve, Identity has become increasingly important to our communities and workplaces.

Cybercriminals are using generative AI techniques to orchestrate more sophisticated attacks, leveraging its capabilities to create convincing deepfake content, forge identities, and bypass traditional security measures. Today, there’s a 180% increase in attacks versus a year ago, taking organizations on average 290 days to recognize and contain a breach

Identity is security. Identity is the primary enterprise security entry point for all workforce and consumer applications. Securing digital identities can enable respect for human rights such as privacy, freedom from discrimination, safety, and freedom of expression.

Designing with privacy and security at the forefront

At Okta, loving our customers has always been a differentiator in how we operate. Okta helps our customers stay privacy- and security-forward by designing with these principles in mind. A few ways Okta demonstrates these priorities include:

  • Okta will never sell customer data. Being privacy-forward, we believe that customers own their own data; customers have full control over what information is required to operate the service and can add or remove it at any time without requiring support or professional services. We only use customer data to provide our services. Okta will never sell or provide your information to third parties without consent.
  • Okta has made a public commitment to Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. In May 2024, Okta was one of the first enterprise software providers to sign the pledge,
    which asks that enterprise software companies make a good faith effort to meet a set of seven high-level Secure by Design goals within a year. This will drive security improvements across the technology ecosystem with a concerted, multi-vendor effort. Learn more in our midyear progress update.
  • Okta aims to enable privacy by design for all software with Identity. Okta makes it simple for developers to build robust Identity protections and security best practices into their software.
  • Okta supports customers migrating to a more secure, passwordless future. Passwords are prone to be copied, stolen, phished, or cracked. Okta’s passwordless authentication prevents password-based attacks and keeps your organization's data safe.
  • Okta supports vulnerable organizations, like nonprofits, in improving their security posture. Through Okta for Good, eligible nonprofit organizations receive license donations and discounts on essential solutions like single sign-on and adaptive multi-factor authentication. We also recognize that nonprofits need access to expertise to succeed with Okta, which is why we’re committed to offering programs that allow eligible nonprofits to leverage implementation support.

    We believe this can drive meaningful impact. According to Microsoft, the nonprofit sector is the third most targeted, with 41% of non-government organizations (NGOs) reporting having been victims of a cyberattack within the past three years (2020-2023).

    To learn more about how marginalized communities often bear a disproportionate burden of cyber threats and vulnerabilities, including the nonprofits who serve these communities, watch our Oktane24 on Demand session recording.  

Prioritizing safety

Okta’s vision is to free everyone to safely use any technology. As such, safety is at the very core of Okta’s DNA, guiding our decision-making and our outcomes over the long term. A few ways Okta puts safety into practice include:

  • At Okta, we understand our responsibility to protect the digital identities of people,  communities, and organizations worldwide. Leveraging our unique visibility as the world's leading independent Identity provider, Okta has proactively offered support to numerous global events including the 2024 Paris Olympics and the US Presidential Election.
     
  • Okta strives to safely use and develop AI to strengthen the connections between people, technology, and our community. Okta launched its responsible AI principles, tied to our core values such as, “Always secure. Always on,” earning customer trust and applying a rigorous approach to AI innovation focused on security, privacy, and safety. 
  • As we continue to drive innovation, our Engineering, Security, Product, Business Technology, Legal, and Human Rights teams work together to understand and  incorporate respect for human rights like privacy, avoiding bias, and safety through collaboration with internal and external human rights experts.
     
  • Okta Ventures invests in and supports companies creating cutting-edge technologies enabled by Identity, security, and privacy. For example, Okta Ventures has invested in start-up k-ID, which “enables digital youth in a safe, age-appropriate, and empowering way” by delivering compliant age-appropriate gaming built with safety and privacy by design for the digital era. Okta Ventures has also invested in Intrinsic, an enterprise AI content moderation platform with the mission of creating a safer Internet by democratizing safety tooling.

Setting a new industry standard

Earlier this year, we launched the Okta Secure Identity Commitment, a pillar of which is “Raising the bar for our industry.” While this was detailed in the first blog of this series, Okta made a major announcement at Oktane24 in October.

To advance security for the tech sector, Okta is part of an OpenID Foundation working group to establish a new Identity security standard, the Interoperability Profile for Secure Identity in the Enterprise (IPSIE). The vision of this new, open standard is to provide a framework for SaaS companies to enhance the end-to-end security of their products across every touchpoint of their technology stack.

“Okta is focused on elevating the entire technology industry to be better protected from attacks,” Todd McKinnon, Okta’s CEO and Co-Founder, said when introducing OpenID Foundation's IPSIE working group at Oktane24. “The goal with IPSIE is to standardize identity security and help foster an open ecosystem where building and using enterprise applications that are secure by default is easy for everyone.”

Thousands of applications in the cloud today are built without secure Identity. This effort aims to help raise the bar for security, thereby respecting human rights like privacy.

Driving what’s next

It’s both a challenging and exciting time to be at the forefront of Identity. It has never been more important to secure people, communities, their data, and their digital rights. Advancements in technology will help and hinder our efforts in equal measure as we enter 2025. AI tools must be implemented responsibly, within consistent ethical norms, secured and controlled to make good on the promise they’ve shown so far. Criminals and malicious actors have never had such commodity access to advanced technology, and security teams remain stretched, needing to maximize security return on their investments.

In light of today's rapid change of pace, Identity protection and the benefits of what's possible need to be made equally available to everyone. Okta’s vision to free everyone to safely use any technology is more important than ever.