security

Today security researchers announced they found a vulnerability in some SAML implementations that threat actors could use to bypass primary authentication, potentially elevating permissions or impersonating privileged accounts. We were made aware of the vulnerability before the public disclosure and immediately patched it. Okta is not vulnerable,…

As companies move their infrastructure to the cloud, there are a number of unique challenges with modernizing identity management. At the forefront are concerns about keeping systems secure while still enabling access for end users that need it. With this in mind, we asked a panel of industry leaders to talk about challenges facing enterprise IT…

October is National Cybersecurity Awareness month, but for hackers, every day is spent staying aware of new cybersecurity threats. We were excited to sit down with Matias Brutti, Okta’s senior manager of research and exploitation, whose team spends time hacking to keep Okta’s customers safe from any potential vulnerabilities. Read on to see how…

Passwords are hard. The (what feels like constantly) growing list of security requirements are intended to make passwords secure, but in many cases they’ve had the opposite effect. Complex passwords that meet all the requirements are often difficult to remember, so they’re reused across many sites. Users scribble them on sticky notes. They weave…

Monday, August 28, 2017 marked the first compliance deadline for the New York Department of Financial Services' (NYDFS) cybersecurity regulation 23 NYCRR 500. For those of you in organizations regulated by the DFS, you probably already know 23 NYCRR 500 was first implemented in March last year with the goal of establishing minimum security…

It seems like every other day we see a new headline with the latest security breach or hack. From our favorite television services to the world’s largest banks, security is something we all have to worry about. Why are these breaches so prevalent? It’s simple: the walls we put up to protect our data no longer exist. And the security stack we’ve…

We know that choosing a multi-factor authentication solution can seem daunting. After all, there are multiple competing providers offering cloud-based identity solutions —how can you determine which one best suits your company’s needs? The following checklist includes three critical questions organizations need to ask when selecting a cloud…

Today we’re excited to announce that Okta has received Moderate certification in the Federal Risk and Authorization Management Program (FedRAMP). Okta’s achievement of the FedRAMP certification enables federal agencies to adopt cloud applications that simplify identity management. In addition, the achievement allows Okta customers to inherit the…

This piece is the second in a series of three blog posts on bug bounty programs and what are some considerations to think about when investing in or launching the program. In my last post, I discussed the benefits of experimenting with a private bug bounty program before launching a public bounty. Today I’ll share which teams you should involve in…