Since acquiring the applications team’s Auth0 platform in 2001, identity management company Okta has pursued a platform-neutral strategy for authenticating both internal and external consumers, which includes providing information to IT teams that oversee security and identity-based access. the records.
The 14-year-old company and single sign-on market share leader announced this month that it is adding a key element of visibility, Security Center, to its Auth0-powered Okta Customer Identity Cloud.
Broad visibility of authentication activity
The Security Center dashboard is designed to provide near-real-time visibility to teams focused on customer identity, user experience and security. Security Center handles authentication events, security incidents and user experiences at points where security-related interactions can make or break a consumer’s UI experience, according to Okta (Figure A).
Ian Hassard, Okta’s senior director of project management, said that every Okta enterprise customer will have access to Security Center, whether they have the company’s attack protection products or not.
Addressing Identity and Access Management Challenges
Hassard explained that while Okta’s technologies serve both internal workers and external identity interfaces, the latter environment presents special challenges.
“In the customer identity world, we’re talking about 10 million or 50 million users, which means sorting through the noise and trying to come up with attack insights is a little difficult for someone who doesn’t live and breathe customer identity,” Hassard said.
SEE. How one company is using artificial intelligence for two-factor authentication (TechRepublic)
Using insights to analyze the veracity of an attack
The security dashboard pulls data from the Okta Customer Identity Cloud to provide a window into real-time authentication events, potential security incidents and threat response effectiveness, as well as attack protection and the current state of authentication traffic, the company says.
“To understand what is or isn’t an attack, we’re able to analyze patterns across all the inputs,” Hassard said. “This means that when we see an attack or when a client confirms that there is an attack, we can have a shared common intelligence of what that actor was doing and what ‘bad’ looks like in this context.”
Platform agnostic, behind the scenes
At the RSA conference earlier this month, Jameeka Aaron, chief information security officer for customer identity at Okta, explained to TechRepublic that the company’s strategic position in the identity ecosystem is to be a platform agnostic and silent partner. “One of the biggest you’ve ever seen.”
Aaron said Okta’s larger strategy is platform agnostic, with a partnership focus on identity management.
“We want to make it easy to connect your apps to Okta, so our neutrality is one of our biggest superpowers,” Aaron said.
“I came from a retail and manufacturing background and one thing we’ve always known is that the customer decides. What we’re trying to do is let enterprises, our customers, decide what tools they want and deploy them,” he added. “So, for example, if you use [Cisco’s] Duo, you can also use Okta for single sign-on, giving you a single sign-in to multiple apps. And if, say, 1Password is your password vault, you can also connect it to Okta.
“We think of other companies in the identity space as partners, so we stay as platform-agnostic as we can, so the choice is still up to the company.”
SEE. Passwords are a thing of the past…almost (TechRepublic)
Finding the Goldilocks Zone for Safety Contact
According to Okta, the Security Center interface lets you fine-tune an enterprise’s attack defense strategy by showing how multi-factor authentication, rate limiting, and CAPTCHA affect their applications.
Hassard says data on customer engagement with sign-in interfaces is an important customer retention insight that allows identity management teams to fine-tune security interactions without compromising protection against identity exploitation.
“There’s a lot of value in providing those insights in real time,” Hassard said. “For example, if you’re a bank and you use our platform, you can increase security exposure because your customers appreciate the importance of security to prevent fraud.
“But if you’re buying something from a retail app that you can buy from five other apps, you’re going to choose the one with the best UX, so that app might want to reverse the friction for convenience.”
A Baymard Institute 2023 study, which reports an average 69.99% shopping cart abandonment rate from 48 e-commerce studies, says 17% of those abandonments are due to an overly complicated, lengthy checkout process.
Hassard says that with the unique nature of the end-user identity and the variable nature of its challenges, depending on the user, the market, the type of application that customers are running; the identity of the client.
“For a lot of those players, it’s a very challenging area,” Hassard said. “So we come and say: “Look, we’re going to give you the insights we think you need to understand what an attack looks like.”
Auth0 for workforce identity
Aaron said that on the workforce side of the business, Okta will release an Auth0-powered tool for the ThreatInsight workforce identity service, offering a longitudinal view of threat surfaces related to identity access management.
“ThreatInsight will essentially provide customers with risk signals that we see and use that help them make critical decisions,” Aaron said.