We're Hiring:

Author Archives: David Baker

David Baker

David Baker

As Okta’s Chief Security Officer, David Baker is responsible for the security of Okta’s service, helping the company focus on customer success by solving the security challenges enterprises face. Prior to Okta, David was the vice president of services at IOActive, oversaw the development of security products at Vantos and directed Security Architecture at Webex Communications. Read David’s full bio here.

Update from Okta – Heartbleed

You’ve likely read about the Heartbleed vulnerability that has affected much of the Internet. The short version: Heartbleed is a bug that affects the way online services encrypt connections between their service and their users, and if not corrected can … Continue reading

Building Trust and Security Through Transparency of Service

Transparency is a great way for cloud providers to demonstrate and prove good security practices to their customers. Often times, however, the transparency stops when outages or service hiccups occur. During an incident, how a cloud provider communicates to its … Continue reading

Securing Layer 7 – Part 2: Application Vulnerability Management

I recently kicked off a blog series about the importance of securing Layer 7, otherwise known as the application layer in the OSI model. It’s a critical part of Okta’s security program because Layer 7 is closest to our users, … Continue reading

Securing Layer 7: The Closest Point to the End User

Building and maintaining Okta’s security program is an interesting job, to say the least. The stakes are high: Not only is identity management core to IT, it is central to an enterprise’s security. Plus, Okta delivers IDM from the cloud, … Continue reading

Forget Disaster Recovery, Let’s Talk Disaster Avoidance

“What’s your disaster recovery plan?” It’s a question I’ve been getting from customers quite a bit lately. And it caught me off guard the first time I heard it. Typically, inquiries on disaster recovery come from someone on an audit … Continue reading

Keeping it Simple to Keep it Secure

The New York Times recently ran an interesting profile of Peter Neumann, one of the preeminent computer scientists in the world. The story, “Killing the Computer to Save it,” details Neumann’s ideas for how to solve the inherent security vulnerabilities … Continue reading

Encryption in the Spotlight due to Vulnerable Android Apps

Last week, Ars Technica’s Dan Goodin published a story detailing how downloaded Android applications have the potential to expose the sensitive personal data of more than 185 million users.  Vulnerabilities due to inadequate or incorrect use of SSL/TLS protocol libraries … Continue reading

Defining the Enterprise Cloud Service – Part 6: Strong Encryption Throughout

During the past few weeks, I’ve written about what it takes to build a cloud service that’s ready for the enterprise. Essentially, there are three characteristics that set true enterprise cloud services apart from their consumer counterparts: Security. Reliability. Trust. … Continue reading

Recognizing the Password Problem: Two-Factor Authentication in the Spotlight

Verification has been making the news lately. Earlier this month, Box announced that it was adding a two-step login verification, just weeks after Dropbox added two-step verification. And it was Wired journalist Mat Honan’s devastating personal identity hack in August … Continue reading

Defining the Enterprise Cloud Service – Part 5: Singular Focus on the Customer

Last week, I posted the fourth installment in a six-part blog series about what it takes to have an enterprise-ready cloud service and the three characteristics (security, reliability and trust) that differentiate an enterprise cloud service from a typical consumer … Continue reading

← Older posts