Okta Completes Security Action Plan

Chief Security Officer

October 12, 2022

Security and protecting customer data remain Okta’s highest priorities. In April, we released our Security Action Plan, detailing our commitment to security on behalf of our customers. The plan outlines both short and long-term steps to strengthen the security posture of our third-party processors with access to customer support systems, as well as our own enhancements to incident response and customer communication.

The actions we committed to in our Security Action Plan have been completed. We are providing this update to highlight the changes we’ve made and explain the security-related communication you can expect from Okta in the future.

A brief summary of the actions that have been completed:

Third-Party Risk Management: Compliance with our security requirements is complete. In short, the technology environment that our sub-processors who provide support services use must equal our own.
Customer Support Systems Access: Implemented granular access control, required all providers performing work for us to use Okta-owned endpoints.
Incident Response and Customer Communication: While Okta will take every step to prevent security-related incidents, an important part of security posture is preparation. We are investing in customer notification technology, revising our incident response processes, and preparing our teams for rapid responses with stakeholders. For example, in the event of a significant security concern, we will proactively contact an organization’s security & privacy contact(s) and primary IT contact(s) via the information in their profile: email, SMS, phone call. Additionally, we will augment these direct communications with an in-product notification.

To leverage our rapid customer notification technology, we are asking all Super Admins to review and maintain the security and privacy contact(s) and preferred communication methods by following the instructions in our Knowledge Base article.

For more information on customer communication capabilities, please see our Knowledge Base FAQ: Rapid Customer Security Communication Capabilities.

We recognize the fundamental importance of security, and we are committed to taking every step to prevent, prepare, and respond rapidly and transparently whenever needed. Thank you for your continued trust.

David Bradbury

Chief Security Officer

David Bradbury is the Chief Security Officer at Okta. He oversees security execution, and is responsible for a team navigating the evolving threat landscape to best protect employees and customers. He is also at the forefront of helping Okta’s customers adopt and accelerate Zero Trust security strategies.

Prior to Okta, David was the Senior Vice President and Chief Security Officer at Symantec where he oversaw all cyber security and physical security programs. He has an international reputation for leading and delivering cybersecurity at scale. David has worked across the globe from his native Australia to the UK and the US, leading highly regarded security teams at some of the world’s largest banks including ABN, AMRO, Barclays, Morgan Stanley and the Commonwealth Bank of Australia.

David has a Bachelor’s Degree in Computer Science from the University of Sydney.

Okta Completes Security Action Plan

Follow David Bradbury

Okta Workflows Tutorial: Build a Connector for OpenWeather API

What Is single sign-on (SSO)?

What Is an Identity platform?

Extend your passwordless journey to device login

Simple and secure user experiences: The latest on Okta Customer Identity Solution