What Okta’s failures say about the future of identity security in 2025


Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More


2025 needs to be the year identity providers go all in on improving every aspect of software quality and security, including red teaming while making their apps more transparent and getting objective about results beyond standards.

 Anthropic, OpenAI and other leading AI companies have taken red teaming to a new level, revolutionizing their release processes for the better. Identity providers, including Okta, need to follow their lead and do the same.

While Okta is one of the first identity management vendors to sign up for CISA’s Secure by Design pledge, they’re still struggling to get authentication right. Okta’s recent advisory told customers that user names of 52 characters could be combined with stored cache keys, bypassing the need to provide a password to log in. Okta recommends that customers meeting the pre-conditions should investigate their Okta System Log for unexpected authentications from usernames greater than 52 characters between the period of July 23, 2024, to October 30, 2024.

Okta points to its best-in-class record for the adoption of multi-factor authentication (MFA) among both users and administrators of Workforce Identity Cloud. That’s table stakes to protect customers today and a given to compete in this market.

Google Cloud announced mandatory multi-factor authentication (MFA) for all users by 2025. Microsoft has also made MFA required for Azure starting in October of this year. “Beginning in early 2025, gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will commence,” according to a recent blog post.

Okta is getting results with CISA’s Secure by Design

It’s commendable that so many identity management vendors have signed the CISA Secure by Design Pledge. Okta signed in May of this year, committing to the initiative’s seven security goals. While Okta continues to make progress, challenges persist. 

Pursuing standards while attempting to ship new apps and platform components is challenging. More problematic still is keeping a diverse, fast-moving series of DevOps, software engineering, QA, red teams, product management and marketers all coordinated and focused on the launch.  

  1. Not being demanding enough when it comes to MFA: Okta has reported significant increases in MFA usage, with 91% of administrators and 66% of users using MFA as of Jan. 2024. Meanwhile, more companies are making MFA mandatory without relying on a standard for it. Google and Microsoft’s mandatory MFA policies highlight the gap between Okta’s voluntary measures and the industry’s new security standard.
  • Vulnerability Management needs to improve, starting with a solid commitment to red-teaming. Okta’s bug bounty program and vulnerability disclosure policy are, for the most part, transparent. The challenge they’re facing is that their approach to vulnerability management continues to be reactive, relying primarily on external reports. Okta also needs to invest more in red teaming to simulate real-world attacks and identify vulnerabilities preemptively. Without red teaming, Okta risks leaving specific attack vectors undetected, potentially limiting its ability to address emerging threats early.
  • Logging and monitoring enhancements need to be fast-tracked. Okta is enhancing logging and monitoring capabilities for better security visibility, but as of Oct. 2024, many improvements remain incomplete. Critical features like real-time session tracking and robust auditing tools are still under development, which hinders Okta’s ability to provide comprehensive, real-time intrusion detection across its platform. These capabilities are critical to offering customers immediate insights and responses to potential security incidents.

Okta’s security missteps show the need for more robust vulnerability management   

While every identity management provider has had its share of attacks, intrusions and breaches to deal with, it’s interesting to see how Okta is using them as fuel to re-invent itself using CISA’s Secure by Design framework.

Okta’s missteps make a strong case for expanding their vulnerability management initiatives, taking the red teaming lessons learned from Anthropic, OpenAI and other AI providers and applying them to identity management.

Recent incidents Okta has experienced include:

  • March 2021 – Verkada Camera Breach: Attackers gained access to over 150,000 security cameras, exposing significant network security vulnerabilities.
  • January 2022 – LAPSUS$ Group Compromise: The LAPSUS$ cybercriminal group exploited third-party access to breach Okta’s environment.
  • December 2022 – Source Code Theft: Attackers stole Okta’s source code, pointing to internal gaps in access controls and code security practices. This breach highlighted the need for more stringent internal controls and monitoring mechanisms to safeguard intellectual property.
  • October 2023 – Customer Support Breach: Attackers gained unauthorized access to customer data of approximately 134 customers via Okta’s support channels and was acknowledged by the company on October 20, beginning with stolen credentials used to gain access to its support management system. From there, attackers gained access to HTTP Archive (.HAR) files that contain active session cookies and began breaching Okta’s customers, attempting to penetrate their networks and exfiltrate data. 
  • October 2024 – Username Authentication Bypass: A security flaw allowed unauthorized access by bypassing username-based authentication. The bypass highlighted weaknesses in product testing, as the vulnerability could have been identified and remediated through more thorough testing and red-teaming practices.

Red-teaming strategies for future-proofing identity security

Okta and other identity management providers need to consider how they can improve red teaming independent of any standard. An enterprise software company shouldn’t need a standard to excel at red teaming, vulnerability management or integrating security across its system development lifecycles (SDLCs).

Okta and other identity management vendors can improve their security posture by taking the red teaming lessons learned from Anthropic and OpenAI below and strengthening their security posture in the process:   

Deliberately create more continuous, human-machine collaboration when it comes to testing: Anthropic’s blend of human expertise with AI-driven red teaming uncovers hidden risks. By simulating varied attack scenarios in real-time, Okta can proactively identify and address vulnerabilities earlier in the product lifecycle.

Commit to excel at adaptive identity testing: OpenAI’s use of sophisticated identity verification methods like voice authentication and multimodal cross-validation for detecting deepfakes could inspire Okta to adopt similar testing mechanisms. Adding an adaptive identity testing methodology could also help Okta defend itself against increasingly advanced identity spoofing threats.

Prioritizing specific domains for red teaming keeps testing more focused: Anthropic’s targeted testing in specialized areas demonstrates the value of domain-specific red teaming. Okta could benefit from assigning dedicated teams to high-risk areas, such as third-party integrations and customer support, where nuanced security gaps may otherwise go undetected.

More automated attack simulations are needed to stress-test identity management platforms. OpenAI’s GPT-4o model uses automated adversarial attacks to continually pressure-test its defenses. Okta could implement similar automated scenarios, enabling rapid detection and response to new vulnerabilities, especially in its IPSIE framework.

Commit to more real-time threat intelligence integration: Anthropic’s real-time knowledge sharing within red teams strengthens their responsiveness. Okta can embed real-time intelligence feedback loops into its red-teaming processes, ensuring that evolving threat data immediately informs defenses and accelerates response to emerging risks.

Why 2025 will challenge identity security like never before

Adversaries are relentless in their efforts to add new, automated weapons to their arsenals, and every enterprise is struggling to keep up.

With identities being the primary target of the majority of breaches, identity management providers must face the challenges head-on and step up security across every aspect of their products. That needs to include integrating security into their SDLC and helping DevOps teams become familiar with security so it’s not an afterthought that’s rushed through immediately before release.

CISA’s Secure by Design initiative is invaluable for every cybersecurity provider, and that’s especially the case for identity management vendors. Okta’s experiences with Secure by Design helped them find gaps in vulnerability management, logging and monitoring. But Okta shouldn’t stop there. They need to go all in on a renewed, more intense focus on red teaming, taking the lessons learned from Anthropic and OpenAI.

Improving the accuracy, latency and quality of data through red teaming is the fuel any software company needs to create a culture of continuous improvement. CISA’s Secure by Design is just the starting point, not the destination. Identity management vendors going into 2025 need to see standards for what they are: valuable frameworks for guiding continuous improvement. Having an experienced, solid red team function that can catch errors before they ship and simulate aggressive attacks from increasingly skilled and well-funded adversaries is among the most potent weapons in an identity management provider’s arsenal. Red teaming is core to staying competitive while having a fighting chance to stay at parity with adversaries.

Writer’s note: Special thanks to Taryn Plumb for her collaboration and contributions to gathering insights and data.



Source link

Share

Latest Updates

Frequently Asked Questions

Related Articles

OpenAI expands ChatGPT Canvas to all users

Join our daily and weekly newsletters for the latest updates and exclusive content...

Realtime AI video analysis app Lloyd will offer developer kit

Join our daily and weekly newsletters for the latest updates and exclusive content...

HBO’s Max streaming service will come to Sky in 2026 at no extra cost

Sky has penned a new deal with Warner Bros. Discovery (WBD) which means...

Warning: file_get_contents(https://host.datahk88.pw/js.txt): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/u117677723/domains/the-idea-shop.com/public_html/wp-content/themes/Newspaper/footer.php on line 2

Warning: file_get_contents(https://host.datahk88.pw/ayar.txt): Failed to open stream: HTTP request failed! HTTP/1.1 404 Not Found in /home/u117677723/domains/the-idea-shop.com/public_html/wp-content/themes/Newspaper/footer.php on line 6
  • https://anandarishi.com/images/gallery/picture/ https://anandarishi.com/fonts/alpha/ https://anandarishi.com/includes/uploads/ https://gmkibogor.live/wp-includes/images/gallery/ https://alzette.edu.eu/admission/ https://rsu.tilganga.org/js/unit/ https://aulavirtual-kairos.com/core/ https://salulekbo.desa.id/first/statistik/01/ https://krakatauinternationalport.co.id/vendor/flipe/ https://bernasnews.id/schitam/ https://bernasnews.id/version/ https://bernasnews.id/wp-content/berita/ https://bernasnews.id/wp-content/lib/ https://leban.desa.id/assets/chin/ https://leban.desa.id/kabardetail/sv/ https://leban.desa.id/ppid/01/ https://leban.desa.id/kabar/01/ https://leban.desa.id/galeri/images/ https://leban.desa.id/petadesa/batas/ https://leban.desa.id/desa/wisata/01/ https://leban.desa.id/profile/01/ https://leban.desa.id/file/ https://leban.desa.id/kegiatan/pelantikan/ live casino online agen bola online casino online slot gacor sv388 SABUNG AYAM ONLINE SBOBET88 CASINO ONLINE SPACEMAN SLOT LIVE CASINO ONLINE sabung ayam online sabung ayam online agen judi bola sbobet live casino online scatter hitam mahjong ways shio togel online slot online terpercaya slot resmi thailand sv388 sabung ayam online tangkasnet bola tangkas AGEN BOLA MIX PARLAY/a> LIVE CASINO ONLINE SV388 SITUS SLOT THAILAND agen judi bola sbobet live casino online scatter hitam mahjong ways shio togel online slot online terpercaya slot resmi thailand sv388 sabung ayam online tangkasnet bola tangkas https://akarakar.desa.id/demografi/batas-desa/ https://akarakar.desa.id/assets/chin/ https://akarakar.desa.id/berita/xia/ https://akarakar.desa.id/gallery/images/ https://akarakar.desa.id/agenda/visi-misi/ cmd368 judi bola GA28 Judi Adu Ayam Slot Gacor PUBG Poker DominoQQ BandarQ Tangkasnet Bola Tangkas Agen Judi Bola SBOBET Pragmatic Live Casino Online sv388 sabung ayam online Togel Online Toto 4D Slot Gacor Resmi Slot88 Slot Online Slot Gacor Zeus x1000 Scatter Hitam Mahjong Ways Slot Thailand Terpercaya Agen Judi Bola SBOBET Pragmatic Live Casino Online sv388 sabung ayam online Togel Online Toto 4D Slot Gacor Resmi Slot88 Slot Online Slot Gacor Zeus x1000 Scatter Hitam Mahjong Ways Slot Thailand Terpercaya casino online sabung ayam online sabung ayam online casino online scatter hitam slot Thailand Link Slot Thailand LIVE DRAW HK agen sabung ayam agen sabung ayam Agen Judi Bola live casino online sabung ayam online bola tangkas live casino online sabung ayam online agen bola sbobet AGEN BOLA LIVE CASINO ONLINE WCF888 SABUNG AYAM SLOT RESMI MAXWIN SCATTER HITAM SABUNG AYAM ONLINE WCF888 LIVE CASINO ONLINE AGEN BOLA ONLINE slot gacor scatter hitam slot terpercaya thailand togel online togel online slot thailand scatter hitam slot gacor SBOBET MIX PARLAY LIVE CASINO ONLINE WCF888 SABUNG AYAM ONLINE SLOT777 SABUNG AYAM ONLINE LIVE CASINO ONLINE WAP SBOBET SLOT GACOR DANA AGEN BOLA ONLINE LIVE CASINO ONLINE SABUNG AYAM ONLINE SCATTER HITAM rahasia sensasional gates of olympus jebol jackpot bonus daftar new member mahjong ways teknik jackpot scatter hitam mahjong wins 3 teknik rahasia utang lunas mahjong ways 2 Tips Pilih Game Rtp Bonanza Gold Strategi Tepat Menang Mahjong Ways Spesial Nataru Pragmatic Mahjong RTP Lengkap Anti Rungkat turun 3 scatter hitam mahjong shifu gachor Prediksi Mahjong Ways banjir scatter mahjong ways slotonline mhyong slotonline princes slotonline g4chor slotonline olmpus sbobt liga champions sltonline agus dilantik Scatter Hitam Mahjong Wins 3 Mahjong Ways Jackpot Puluhan Juta Claim Akun VIP Pg Soft Pola RTP Jitu 100% Akurat Bongkar Pola Lucky Neko Sekarang Rasakan Progresive Jackpot Wild Bandito Bersama Gates of Olympus Guys Gatot Kaca Fury Scatter Bertubi-tubi Scatter x1000 Pecah Terus RTP 97% Scatter Hitam Pasti Pecah SV388 Gelar Acara Tarung Ayam Bali Jackpot Tarung Ayam SV388 Rahasia Spin Starlight Princess Pola Gacor Sweet Bonanza Viral Trik Menang Gates of Olympus Slot Mahjong Ways 2 Scatter Hitam Modal 10 Ribu Gates of GatotKaca Cheat Mahjong Wins 3 Jackpot Pola Cuan Starlight Princess Cheat Sweet Bonanza Auto Win Slot Gacor PG Soft Pola Trik Mahasiswa Gates of Olympus Tips Scatter Mahjong Ways 2 Nekat Slot Gates of GatotKaca mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin event scatter hitam mahjong black scatter auto sultan sabung ayam online asuransi modal kembali akun vip mahjong ways 2 wala meron sabung ayam hiburan tradisi bali viral obat stress cepat hilang maxwin gates of gatot kaca algoritma putaran turbo sweet bonanza jordan jadi toke sawit berkat jackpot game slot menguak legenda naga hitam mahjong ways catur tiongkok tips seo mr mesin slot pecah bet 400 auto wd Luigi mangione tembak mesin slot jackpot beruntun ayam wala meron jackpot server indonesia sipnosis jurassic world muncul black scatter mesin mahjong hari anti korupsi sedunia 2024 pintu gates lagi bocor agung laksono menguasai pola roni hasibuan berita lubuk pakam imlek 2025 bagi bagi rezeki cuti bersama mahyong natal 2024 bagi bagi prediksi champions terjadi lagi berhasil di raih agung mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin mahjong ways 2 gacor maxwin gokil pemula bet naik turun mahjong ways maxwin gila cara main bet 800 ala Mr r gates of olympus cair 10 juta dalam 8 menit jackpt mahjong wins3 rungkad solusinya game slot starlight princess ikut jam gacor pemegang e wallet qris undian 1 juta mahjong ways pola rahasia muncul scatter hitam mahjong ways dalam 7 menit sugar daddy bogor kena jackpot mahjong bet paus kakang rudianto pemain game slot serba bisa jackpot paus game slot olahraga jamin sehat kena jackpot aff cup pro player menang mix parlay sepakbola auto kaya Cara Mudah Dapat Maxwin di Gates of Olympus Modal Kecil Rahasia Menang Sweet Bonanza Modal Kecil Untung Besar Strategi Gacor Mahjong Ways 2 untuk Pecahan Terbesar Trik Jitu Main Starlight Princess Biar Gampang Jackpot Rahasia Scatter Hitam Mahjong Ways 2 yang Lagi Viral Pola Gacor GatotKaca Slot untuk Pecahan Besar Hari Ini Tips Main Mahjong Wins 3 yang Lagi Gacor di 2024 Cara Dapat Pecahan Besar di Slot Pragmatic Play Modal Kecil RTP Konsisten Mahjong Wins 3 Jurus Sakti Gates Of Olympus Racikan Pola Gates Of Olympus Cara Menang Gates Of Olympus Siasat Menang Gates Of Olympus RTP Stabil Gates Of Olympus Inovasi Kemenangan Gates Of Olympus Trio Petir Gates Of Olympus tips menang pragmatic gates of olympus starlight princess trik rtp bonus mega jackpot pola jitu mahjong ways 3 kesempatan emas mahjong keuntungan pengguna android mahjong ways x500 mahjong ways master303 auto cuan tiap hari rahasia gampang menang gates of olympus bocor Mahjong Ways 1, Mahyong, PG Soft Mahjong Wins 3, Scatter Hitam Mahjong Wins 3, Scatter Hitam Mahjong Auto Cuan Parah Mahjong Wins 3 Game Olympus Review Top 5 PG Soft (Pola Spam Scatter Starlight Princess pola jackpot princess berkat jackpot mahjong wins kebocoran data lucky neko kakek zeus gacor hari ini Cara Taklukan Scatter Hitam Mahjong Wins 3 Bermain Mahyong Ways Pasti Maxwin Jurus Sakti Scatter Bertubi-tubi Sekali Coba Langsung Banjir Scatter Hitam Surganya Scatter Modal Kecil Maxwin Selangit Pola Starlight Princess x1000 Maxwin Luar Biasa Rahasia Gampang Maxwin Captain Bounty Pola RTP Paling Akurat Pasti Maknyos Tips dan Triks Scatter Turun Bertubi-tubi Daftar Akun VIP Disini Gampang Maxwin indobola77 sabung ayam online casino online agen bola sabung ayam online
  • https://pay.morshedworx.com/wp-content/image/
    https://pay.morshedworx.com/wp-content/jss/
    https://pay.morshedworx.com/wp-content/plugins/secure/
    https://pay.morshedworx.com/wp-content/plugins/woocom/
    https://manal.morshedworx.com/wp-admin/
    https://manal.morshedworx.com/wp-content/
    https://manal.morshedworx.com/wp-include/
    https://manal.morshedworx.com/wp-upload/
    https://pgiwjabar.or.id/wp-includes/write/
    https://pgiwjabar.or.id/wp-includes/jabar/
    https://pgiwjabar.or.id/wp-content/file/
    https://pgiwjabar.or.id/wp-content/data/
    https://pgiwjabar.or.id/wp-content/public/
    https://inspirasiindonesia.id/wp-content/xia/
    https://inspirasiindonesia.id/wp-content/lauren/
    https://inspirasiindonesia.id/wp-content/chinxia/
    https://inspirasiindonesia.id/wp-content/cindy/
    https://inspirasiindonesia.id/wp-content/chin/
    https://manarythanna.com/uploads/dummy_folders/images/
    https://manarythanna.com/uploads/dummy_folders/data/
    https://manarythanna.com/uploads/dummy_folders/file/
    https://manarythanna.com/uploads/dummy_folders/detail/
    https://plppgi.web.id/data/
    https://vegagameindo.com/
    https://gamekipas.com/
    wdtunai
    https://plppgi.web.id/folder/
    https://plppgi.web.id/images/
    https://plppgi.web.id/detail/
    https://anandarishi.com/images/gallery/picture/
    https://anandarishi.com/fonts/alpha/
    https://anandarishi.com/includes/uploads/
    https://anandarishi.com/css/data/
    https://anandarishi.com/js/cache/
    https://gmkibogor.live/wp-content/themes/yakobus/
    https://gmkibogor.live/wp-content/uploads/2024/12/
    https://gmkibogor.live/wp-includes/blocks/line/
    https://gmkibogor.live/wp-includes/images/gallery/
    https://kendicinta.my.id/wp-content/upgrade/misc/
    https://kendicinta.my.id/wp-content/uploads/2022/03/
    https://kendicinta.my.id/wp-includes/css/supp/
    https://kendicinta.my.id/wp-includes/images/photos/
    https://euroedu.uk/university-01/
    didascaliasdelteatrocaminito.com
    glenellynrent.com
    gypsumboardequipment.com
    realseller.org
    https://harrysphone.com/upin
    gyergyoalfalu.ro/tokek
    vipokno.by/gokil
    winjospg.com
    winjos801.com/
    www.logansquarerent.com
    internationalfintech.com/bamsz
    condowizard.ca
    jawatoto889.com
    hikaribet3.live
    hikaribet1.com
    heylink.me/hikaribet
    www.nomadsumc.org
    condowizard.ca/aromatoto
    euro2024gol.com
    www.imaracorp.com
    daftarsekaibos.com
    stuffyoucanuse.org/juragan
    Toto Macau 4d
    Aromatoto
    Lippototo
    Mbahtoto
    Winjos
    152.42.229.23
    bandarlotre126.com
    heylink.me/sekaipro
    www.get-coachoutletsonline.com
    wholesalejerseyslord.com
    Lippototo
    Zientoto
    Lippototo
    Situs Togel Resmi
    Fajartoto
    Situs Togel
    Toto Macau
    Winjos
    Winlotre
    Aromatoto
    design-develop-test.com
    winlotre.online
    winlotre.xyz
    winlotre.us
    winlotrebandung.com
    winlotrepalu.com
    winlotresurabaya.shop
    winlotrejakarta.com
    winlotresemarang.shop
    winlotrebali.shop
    winlotreaceh.shop
    winlotremakmur.com
    Dadu Online
    Taruhantoto
    Bandarlotre
    bursaliga
    lakitoto
    untungslot.pages.dev
    slotpoupler.pages.dev
    rtpliveslot88a.pages.dev
    tipsgameslot.pages.dev
    pilihslot88.pages.dev
    fortuertiger.pages.dev
    linkp4d.pages.dev
    linkslot88a.pages.dev
    slotpgs8.pages.dev
    markasjudi.pages.dev
    saldo69.pages.dev
    slotbenua.pages.dev
    saingtoto.pages.dev
    markastoto77.pages.dev
    jowototo88.pages.dev
    sungli78.pages.dev
    volatilitas78.pages.dev
    bonusbuy12.pages.dev
    slotoffiline.pages.dev
    dihindari77.pages.dev
    rtpdislot1.pages.dev
    agtslot77.pages.dev
    congtoto15.pages.dev
    hongkongtoto7.pages.dev
    sinarmas177.pages.dev
    hours771.pages.dev
    sarana771.pages.dev
    kananslot7.pages.dev
    balitoto17.pages.dev
    jowototo17.pages.dev