What Is SAML and How Does It Work?

SAML stands for Security Assertion Markup Language, an open standard that passes authorization credentials from identity providers (IdPs) to service providers (SPs). Put simply, it enables secure communication between applications and allows users to gain access with a single set of credentials. Before we can dive too deeply into what SAML is used…

What Is SOC Compliance?

SOC is a set of standards that allow companies to demonstrate they are managing and regulating information properly. SOC stands for “service and organization controls;” developed by the American Institute of Certified Public Accountants (AICPA), these regulations exist to give companies peace of mind when exchanging customer data with third-party…

What Is Privileged Access Management?

Privileged access management (PAM) is a way of authorizing, managing, and monitoring account access with a high degree of administrative permissions. This is done to protect an organization’s most critical systems and resources. These “super user” accounts are isolated within an encrypted repository or vault. The access of these systems is…

Apple Joins FIDO Alliance: Why this Matters for the Future of Passwords

Earlier this week, Apple joined the likes of Amazon, Facebook, and Google on the list of board members at the FIDO alliance. An acronym for “Fast IDentity Online”, FIDO is committed to eliminating the need for passwords, strongly endorsing the adoption of trusted devices via standards like WebAuthn as a password alternative. But what could Apple’s…

What is an Offensive Security Team?

In 2018, hackers stole half a billion records—an increase of 126% on the year prior, which translates to 3.8 million records per day. Ransomware is an ever-increasing threat, geopolitical tensions are being played out online, and corporate and government security systems are struggling to compete with the sophisticated modern cybercriminal. To…

How to Boost User Retention with Risk-Based Authentication

Today consumer-facing service providers have a stark choice—to offer robust security or an easy user experience. But for many organizations, missing the mark on either of these elements can seriously damage their user engagement and retention rates—and by extension, their bottom line. To address this, we have now made Risk-Based Authentication…

CSA Summit Panelists Talk Disruptive Technologies at RSA19

At RSAC19, The Cloud Security Alliance hosted a discussion titled, “The Approaching Decade of Disruptive Technologies,” featuring security leaders from Duo, Centrify, Onapsis, and Okta’s own Executive Director of Cybersecurity Strategy, Marc Rogers. IOActive CEO Jennifer Steffens led the session with the intent of discussing what disruptive…

What is WebAuthn?

In March 2019, the World Wide Web Consortium (W3C) announced that WebAuthn is now the official web standard for password-free login. With support from a broad set of applications (Microsoft Edge, Chrome, Firefox, Mobile), widespread adoption of WebAuthn is expected in coming years. In this post, we will explore the shortcomings of current…

5 Ways to Continuously Mitigate Risk at Your Organization

We’re living in a landscape where risks are prolific, diverse, and often unanticipated. Organizations are under immense pressure to implement strong security measures and avoid cyber attacks from highly specialized threat actors looking to capitalize on the smallest oversight. In this post, we’ll look at some strategies you can leverage to manage…

How to Use Feedback Loops to Find the Gaps in your Security Strategy

Organizations are under ever-greater pressure to leverage new app technologies to drive competitive advantage and growth. Yet these ambitious plans all come crashing down if they can’t guarantee that modern IT systems are built on a secure foundation. Security analytics that incorporate data from access control systems are a crucial tool in the…