security

Passwords are hard. The (what feels like constantly) growing list of security requirements are intended to make passwords secure, but in many cases they’ve had the opposite effect. Complex passwords that meet all the requirements are often difficult to remember, so they’re reused across many sites. Users scribble them on sticky notes. They weave…

Monday, August 28, 2017 marked the first compliance deadline for the New York Department of Financial Services' (NYDFS) cybersecurity regulation 23 NYCRR 500. For those of you in organizations regulated by the DFS, you probably already know 23 NYCRR 500 was first implemented in March last year with the goal of establishing minimum security…

It seems like every other day we see a new headline with the latest security breach or hack. From our favorite television services to the world’s largest banks, security is something we all have to worry about. Why are these breaches so prevalent? It’s simple: the walls we put up to protect our data no longer exist. And the security stack we’ve…

We know that choosing a multi-factor authentication solution can seem daunting. After all, there are multiple competing providers offering cloud-based identity solutions —how can you determine which one best suits your company’s needs? The following checklist includes three critical questions organizations need to ask when selecting a cloud…

Today we’re excited to announce that Okta has received Moderate certification in the Federal Risk and Authorization Management Program (FedRAMP). Okta’s achievement of the FedRAMP certification enables federal agencies to adopt cloud applications that simplify identity management. In addition, the achievement allows Okta customers to inherit the…

This piece is the second in a series of three blog posts on bug bounty programs and what are some considerations to think about when investing in or launching the program. In my last post, I discussed the benefits of experimenting with a private bug bounty program before launching a public bounty. Today I’ll share which teams you should involve in…

This piece is the first in a series of three blog posts on bug bounty programs and what are some considerations to think about when investing in or launching the program. Bug bounty program delivery models range from self-managed input channels for receiving vulnerabilities, platform managed private programs with a small curated list of…

Customer success is our number one company value at Okta. For my security team, that translates directly to customer security and assurance: continually demonstrating to customers how we keep their data safe and secure. Today, we announced another big step in how we protect our customers’ data with the launch of a public bug bounty program with…

In all consumer-facing enterprises, ensuring the security of customer accounts and personal information are paramount. In many cases, consumer profiles and credentials are among the most sensitive and proprietary information in your possession. Yet, achieving adequate infrastructure and protection for this data can pose challenges that many…

Facebook has long been one of the top apps in the Okta Application Network, so it came as no surprise that Okta customers would want to leverage the powerful networking service to improve productivity and collaboration within their organizations. Workplace by Facebook (formerly known as Facebook for Work) was unveiled on Monday and we’re proud to…