Customer success is our number one company value at Okta. For my security team, that translates directly to customer security and assurance: continually demonstrating to customers how we keep their data safe and secure. Today, we announced another big step in how we protect our customers’ data with the launch of a public bug bounty program with Bugcrowd. Through the program, we are able to mobilize Bugcrowd’s crowd of more than 40,000 cybersecurity researchers to further enhance the security of the Okta Identity Cloud.
Bugcrowd connects organizations to tens of thousands of security researchers from around the world to identify and address vulnerabilities in applications, devices and code. We started working with Bugcrowd through a private bug bounty program, which we used to validate the security work we were doing internally. Bugcrowd quickly became an integral part of our overall security program, and we were able leverage “the crowd” to quickly scale up our team and work, improving response time and increasing transparency. By moving to a public program, we can now take advantage of the full talent and resources of Bugcrowd’s curated group of researchers, enabling my team to further focus their assessments on the critical early stages of product design and development.
Ultimately, we believe vulnerability discovery is a crucial step all software vendors should be taking. As a cloud service, Okta is inherently a security service, and we’ve striven to obtain the most rigorous security standards: last year, we achieved ISO 27001 certification, and we were the first and only IDaaS company to achieve the Cloud Security Alliance (CSA) Security, Trust, & Assurance Registry (STAR) Level 2 Attestation. Companies trust us with their data, and we provide them — as well as their employees, partners, contractors and customers — with the ability to access it seamlessly and securely. Without this trust, we can’t do what we do, so it is essential we take that data and protect it with the utmost means necessary. Bugcrowd is another powerful tool in our toolbelt that helps us do that.