9 Steps to Create a Security Program on a Budget

In today’s threat landscape, a good security posture is needed to protect your business and your customers from potential cyberattacks. But when you’re on a shoestring budget, that’s easier said than done. So how can you get a good security posture without having to dedicate much of your already limited resources? Here are a few points to consider…

How Okta Lifecycle Management Can Help with Audit and Compliance

At Okta, we run compliance differently. Most organizations place compliance under either the legal or finance team, who don’t work with their security team to ensure those controls are implemented effectively. At Okta, we use security to drive compliance. Compliance is complex and regulations are a moving target, with GDPR and other privacy…

Okta Releases FIPS 140-2 Validated Encryption in Okta Verify

Credential phishing is a real and growing threat, and multi-factor authentication (MFA) is an effective protection against it. The strength of MFA lies in its requirement to present additional valid factors, beyond a password, to gain access, thwarting would-be attackers. But not all factors are created equal. Some factors, like security questions…

How Okta Helps You Comply with PCI-DSS 3.2

As organizations continue to move critical services into the cloud, having strong, centralized identity becomes the foundation of a holistic security strategy. Continuing our efforts to support customers who use Okta to protect Cardholder Data Environments, we are pleased to announce that Okta has released a PCI-DSS Attestation of Compliance (AOC)…

Is Your Organization Ready for NIST/DFARS?

As the clock winds down on 2017, there are only a few weeks left for organizations to become compliant with the United States Department of Defense’s Defense Federal Acquisition Regulation Supplement (DFARS) regulation. In this post, we’ll walk through this new regulation and what your IT teams need to implement for your organization to achieve…

Advice for US-based IT Managers on GDPR Impact and Compliance

The General Data Protection Regulation (“GDPR”) is a European Union (“EU”) law, but it’s going to have a big impact on American businesses that collect and process personal data of EU individuals. While American companies may be familiar with its predecessor, the Data Protection Directive through the Privacy Shield and Model Clause programs, the…

4 Tips to Make Security Compliance Not Suck

Do you trust your employees? You should! After all, they are your first line of defense. We can have all the fancy tools, but without employee support, we’re going to lose every time against the conniving hackers and phishing scams out there. Security compliance training is the best way to help educate employees on the real world vulnerabilities…