security

There’s a certain kind of satisfaction you get when you turn on your phone, tablet and computer, open an application and find it just works. Like when you select an icon and a cab appears at your location right when you need it. Or when you push a button and that photo of your brother’s graduation is instantly shared with all of your friends. Such…

You’ve likely read about the Heartbleed vulnerability that has affected much of the Internet. The short version: Heartbleed is a bug that affects the way online services encrypt connections between their service and their users, and if not corrected can lead to sensitive information being revealed. Most services and sites on the Internet use…

Transparency is a great way for cloud providers to demonstrate and prove good security practices to their customers. Often times, however, the transparency stops when outages or service hiccups occur. During an incident, how a cloud provider communicates to its customers says a lot. In a guest post for the Cloud Security Alliance, I discuss why…

RSA can be intimidating for first-time attendees – and this year’s event was no different. Walking the exhibit floor (all 700,000 square feet of it) is nearly a full-day experience on its own. And when you consider the bright oversized logos and crowded aisles, loud conversations, booth crawls and tchotchkes galore, it can be overwhelming for the…

Happy Valentine's Day from the Okta team! We've had some fun thinking about chocolate, flowers and all things Enterprise Identity Management and came up with the Top 10 11 reasons valentines are like passwords. Enjoy! You get in trouble if you use the wrong name Sharing isn't advisable Neither should be your dog If you break up, you lose access…

Building and maintaining Okta’s security program is an interesting job, to say the least. The stakes are high: Not only is identity management core to IT, it is central to an enterprise’s security. Plus, Okta delivers IDM from the cloud, so between mobile devices, third-party partners and the inherent security concerns associated with user habits,…

The New York Times recently ran an interesting profile of Peter Neumann, one of the preeminent computer scientists in the world. The story, “Killing the Computer to Save it,” details Neumann’s ideas for how to solve the inherent security vulnerabilities in computer systems that have been repeated again and again for the past 50+ years. Neumann’s…

Last week, Ars Technica’s Dan Goodin published a story detailing how downloaded Android applications have the potential to expose the sensitive personal data of more than 185 million users. Vulnerabilities due to inadequate or incorrect use of SSL/TLS protocol libraries expose everything from online banking and social networking credentials to e…

During the past few weeks, I’ve written about what it takes to build a cloud service that’s ready for the enterprise. Essentially, there are three characteristics that set true enterprise cloud services apart from their consumer counterparts: Security. Reliability. Trust. When evaluating an enterprise cloud service for those characteristics, there…

Verification has been making the news lately. Earlier this month, Box announced that it was adding a two-step login verification, just weeks after Dropbox added two-step verification. And it was Wired journalist Mat Honan’s devastating personal identity hack in August that inspired my blog series on what it takes to build secure cloud services for…