Skip to main content

Get the Key Takeaways from dev_day(24) + Oktane

Get the Key Takeaways from dev_day(24) + Oktane

Register now

Register now

Get the Key Takeaways from dev_day(24) + Oktane

Free trial
Contact us
Questions? Contact us: 1 (800) 425-1267

We’re committed to taking action

Learn about the definitive steps we’re taking to fight against Identity-based attacks and empower our customers and the industry to identify and mitigate emerging threats.

Investing in market-leading products and services

We invest in keeping our products hardened and secure while also delivering new solutions that protect our customers. At the same time, we consistently invest in services, including 24/7 global support and 99.99% operational uptime.

Hardening our corporate infrastructure

The cyber-threat profile that we use for our customer-facing environment is the same for our internal technologies, people, and processes. We’re accelerating our investment to further harden our corporate infrastructure to stay ahead of threats.

Championing customer best practices

Misconfigured Identity is just another entry point for a bad actor or negligent insider. With 15 years experience and 19,000+ customers, we have the expertise to help ensure our customers have the right Identity configuration. We educate our customers to further strengthen their policies. We are committed to deploying our products with Okta’s security best practices. Our training and certification programs are examples of how we help customers meet these standards.

Raising the bar for our industry

Okta has a responsibility to lead the industry in the fight against Identity-based attacks. We are accelerating our own capabilities and embracing new technology, such as AI. Additionally, with Okta for Good, we help fund the digital transformation of nonprofits and advance inclusive pathways into tech.

We're already securing more than 19,000 customers

And we're continually evolving in the fight against Identity-based attacks.

2 billion

potentially malicious access requests denied over a 30-day period*

90%

reduction in credential stuffing attempts over a 90-day period†

>800M

unique monthly users protected by Okta**

Investing in market-leading products and services

What we recently delivered


Identity Security Posture Management

Proactively reduce your Identity attack surface by identifying and prioritizing risks like excessive permissions, misconfigurations, and MFA gaps across your Identity infrastructure, cloud, and SaaS apps.

(GA in North America.)

Identity Threat Protection with Okta AI

Enhance your Identity's resilience by continuously assessing risks using Okta’s native Identity signals and enriching threat detection within integrated signals from third-party security providers. This enables proactive countering of a broad range of emerging threats post-authentication.

Fourth-generation Bot Detection with Okta AI

Unlock the latest version of our Bot Detection, which incorporates third-party risk signals into fine-tuned models designed to combat fraudulent registrations.

Customer-managed keys

As part of Customer Identity, provide customers with the ability to securely replace and manage their tenant's top-level encryption keys, to bring your key into the HSM to replace Auth0’s default with self-generated keys (Bring Your Own Keys, or BYOK), and to control the lifecycle of the Tenant’s Master Key for incident response and ad-hoc rotation periods (Control Your Own Keys, or CYOK).

What's next


Secure SaaS privileged accounts

Deliver zero standing privileges for shared SaaS accounts, enforce individual accountability to shared accounts, and enable flexibility in policy options like MFA and approvals to balance security with efficiency.

Session management API extensibility

As part of Customer Identity, define custom behaviors based on risk signals to revoke suspicious sessions and set policies to detect and respond to hacking — by leveraging the Session Management API with our Actions Extensibility platform.

Championing customer best practices

What we recently delivered


The ultimate guide to phishing prevention

Learn how to protect yourself, your workforce, your business, and your customers from phishing attacks with this definitive guide.

Identity Threat Level Assessment

Unlock valuable insights into your industry's Identity threat level with Okta's new tool, leveraging real-time data on bot activity to compare your score against other industries, regions, and time frames.

Standards whitepaper

Learn how to align NIST’s Digital Identity Guidelines (800-63B) with Okta’s Secure Identity Commitment, addressing session duration, inactivity, and app classification.

How Okta fosters a security culture

What does it take to make security an intrinsic part of your organization? In this article, Jen Waugh — Okta’s Senior Director, Security Culture — shares an inside look at Okta’s blueprint to foster a security culture that rallies the organization around a common goal: protecting against security threats.

Win over the board: CISO strategies for proving security’s ROI

CISOs need to convince their organizations’ boards of their security strategies — and prove those strategies are working. In this blog, we highlight best practices for demonstrating security ROI to help CISOs tell the story that their investments are paying off without negatively impacting the business metrics the board prioritizes.

What's next


5 tips to enhance security without sacrificing productivity or user experiences

Security can be seen as the enemy of productivity and user experience. But CISOs care deeply about reducing friction for both their workforce and their customers — and they want to find solutions that don’t force tradeoffs between UX, productivity, and security. This article will share insights and tips to help organizations deepen their security posture without compromising other business priorities.

The weakest link: Securing your extended workforce

Organizations lean on third parties to expand their business capabilities, from call centers to vendors and acquired companies. But rarely do these third parties have the same security standards and protocols, making them a target since attackers know they’re the weakest links into the core organization. This blog will share insights and commentary from CISOs around how they’re securing their extended workforce.

Raising the bar for our industry

Okta Security Icon.

Identity maturity model whitepaper

Learn how to assess progress in your organization’s Identity maturity journey and understand how Identity can help achieve business goals.

Okta Admin icon.

Tackling admin sprawl with Okta

Discover how to efficiently manage admin privileges and enhance security — with practical strategies for auditing admin usage and automating monitoring to help ensure compliance.

CISA’s Secure by Design pledge

Okta signed the CISA Secure by Design pledge, along with companies around the globe, to showcase our industry’s commitment to taking meaningful steps in adopting secure-by-design principles.

Okta for Good has committed $4.8M

This contribution goes towards a $50M philanthropy commitment, including two (2) $1M, five-year commitments to long-time partners and known leaders advancing digital transformation for the nonprofit sector.

Hardening our corporate infrastructure

What we recently delivered


Extended phishing resistance for all employees

We’ve long deployed Okta FastPass for phishing-resistant MFA; we have recently implemented phishing resistance via Yubikeys for all employees — for whom the whole employee lifecycle is 100% passwordless, from onboarding to recovery.

Standardized and centralized reporting for security risk management

We deployed a single-vendor solution to centralize risk and issue management related to our governance, risk, and compliance program, including third-party risk management.

Enhanced laptop and mobile protections

We have further limited and restricted how Okta laptops can be used, continuing to emphasize least privilege. We have also improved our overall mobile device management (MDM) security posture.

What's next


Standardized and centralized reporting for vulnerability management, asset management, and CSPM

We will centralize all vulnerability-related information across our production and corporate environments.

Improved logging ingestion and analysis tooling

We will improve our logging capabilities to enable more relevant alerts. This will allow us to investigate an incident across our logging environment in a more timely manner.

Enhanced scanning of open-source software (OSS)

We will make additional improvements to OSS component vulnerability scanning.

We’re committed to sharing results

Check back for quarterly updates to learn what we’ve done and what’s next when it comes to Okta’s commitment.


Explore more resources

CHECKLIST

Identity security checklist

Protect your organization by reviewing the most critical questions to become more resilient against Identity threats.

Get the checklist

*Based on internal reporting over the period of December 5, 2023 to January 4, 2024

**Based on Okta internal reporting from February 2024

†Based on internal reporting of anonymized data from enterprise customers over the period of October 5, 2023 to January 4, 2024


To connect with a product expert today, use our chat box, or email us.
Contact us
Company

Copyright © 2024 Okta. All rights reserved.
  • Legal
  • Privacy Policy
  • Site Terms
  • Security
  • Sitemap