Hey there 👋,
Welcome back to volume #12 of Five Nines, your trusted guide through the ever-evolving maze of Identity and Access Management (IAM).
In this edition, we’re still uncovering the details of the MGM breach and lessons learned.
Can the TSA’s approach be used to mitigate data breaches?
We’ve also rounded up the latest events, podcasts, and industry news to help you stay up to date on all things IAM!
Stay Resilient 💪
—
Trending (IAM) News 📈
Identity Alone Won’t Save Us: The TSA Paradigm and MGM’s Hack
Back in October, Scattered Spider’s breach of MGM caught the attention of the industry and organizations everywhere concerned with security. A few months removed from this incident, there are still lessons to be learned and new theories for mitigating other such breaches. In this article, Paul Martini, Co-founder, CEO, and Co-Chair of iboss, notes that increased identity verification may not be the solution to mitigating such breaches. Instead, Martini suggests utilizing security concepts similar to the TSA. The TSA utilizes a three-step process involving identity verification, baggage scans, and repeat verification. Translating these concepts to the digital world, Martini recommends user authentication, device integrity checks, and continuous verification to mitigate data breaches such as the one MGM recently experienced.
October Customer Support Security Incident – Update and Recommended Actions
After Okta’s October security incident, the company has performed an initial analysis and re-examination of the event. Through this inspection, Okta discovered the threat actor ran and downloaded a report containing names and email addresses of all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers. Customers in the FedRamp High and DoD IL4 environments were not impacted by the event. While most fields in the report were blank, and those that were not did not contain sensitive personal data, Okta still warns customers to be aware of phishing and social engineering attacks. The company is recommending all customers implement Multi-Factor Authentication (MFA), admin session binding, admin session timeout, and increased phishing awareness.
SailPoint Non-Employee Risk Management reduces third-party risk
SailPoint Technologies has introduced a new non-employee risk management feature. This feature builds on its January 2023 acquisition of SecZetta and is an add-on to the SailPoint Identity Security Cloud. Customers can use this feature to implement risk-based identity access and lifecycle strategies for non-employees such as contractors, third-party partners, suppliers, and non-human bots. Using AI-driven identity security features, this solution ensures access is granted to the right identities at the right time, whether those identities are a part of the organization or not. With an increased need to manage complex relationships with non-employees, this new feature enables SailPoint customers to improve governance, increase security, and comply with regulatory requirements.
Trending Okta News 📢
Okta named a Leader in Gartner® Access Management Magic Quadrant™ for the 7th consecutive year
For the eighth year in a row, Okta ranks as a leader in Garner’s 2023 Magic Quadrant for Access Management. This achievement is a testament to Okta’s commitment to providing secure digital experiences to over 18,000 customers. But Okta’s ranking as Leader is not the only cause for celebration. Okta also ranked highest along the Ability to Execute axis, marking the third year in a row the company achieved this accolade. While Okta released many new innovations this year, one of the most notable was Identity Threat Protection with Okta AI. This feature enables users to detect and quickly respond to identity threats and is one of the many features that helped Okta secure such high ratings in this year’s Magic Quadrant.
Okta Says Hackers Stole Data for All Customer Support Users
Two months ago, Okta experienced a data breach involving its customer support system. Originally, only 1% of Okta customers were estimated to have been affected. However, after Okta performed an audit of the attack, they disclosed that data for all customer support users was affected. This data includes customer user names, company names, and mobile phone numbers. Fortunately, most data fields were blank and did not contain any credentials of sensitive personal data. More information regarding this breach and its impact will be disclosed at Okta’s report earnings released November 29th.
Introducing Secrets Management in Okta Privileged Access
A new feature of Okta Privileged Access was launched this month, a vault for securely storing credentials and secrets. This feature is based on Amazon WebServices Nitro Enclaves and has two critical use cases: Generic Secrets Management and Securing Privileged Accounts. Generic Secrets Management is a vault configured to control access and secret management. Securing Privileged Accounts is a feature controlling and managing shared admin account credentials on servers. Ultimately, these new features enable Okta customers to easily delegate administration capabilities for securing and managing access to secrets in their organization.
Okta joins the CNCF to shape the future of cloud computing
In a blog post released earlier this month, Okta announced they will be joining the Cloud Native Computing Foundation (CNCF). As a member of CNCF, Okta joins a thriving community of over 700 members, contributing to the development and adoption of key cloud-native technologies and open-source projects. Some of the projects Okta utilizes include Kubernetes, Prometheus, Envoy, Containerd, and Argos. Using these and other technologies, Okta has created several tools, such as OpenFGA, which Okta donated to the CNCF in June 2022. OpenFGA was designed to provide a reliable, flexible, and low-latency authorization system for use at scale. As part of their new membership, Okta is excited to continue progressing with cloud-native technologies.
Podcasts 🎙️
E40 – Forrester SRM Washington/ Ping Youniverse London/ Okta Breach
Returning from a multi-week break, hosts Simon and David return to This Week in Identity for an hour-long special. In this episode, the hosts discuss their trip to the Security and Risk Management conference held in Washington, DC. At this conference, the intersection of identity and convergence was a main talking point. The duo also discuss the recent Okta breach and its impact on software supply chain attacks, the growth of identity security, ITDR, and identity security posture management. Closing out the episode, Simon and David cover the Ping Identity Youniverse’s London conference.
221: Your Data, Your Rules: Exploring Self-Sovereign Identities – Verida
In this episode of Data Protection Gumbo, Chris Were, the CEO and Co-Founder of Verida, sheds light on the significance of self-sovereign identities. These identities are crucial in maintaining control over personal data amid the surge in cyber incidents. With an emphasis on security, Were outlines how self-sovereign identities empower individuals to autonomously manage and safeguard their information. In a time of escalating cyber threats, the adoption of such decentralized identity solutions is essential, offering users resilience and control over their digital identities and sensitive data.
#245 – Taking IAM to the Bank with Dave Middleton of Bank of America
This episode of Identity at the Center features David Middleton, the Senior Vice President at Bank of America. Dave discusses his professional journey, from getting started in the field of identity to becoming a product manager and his current position. After discussing his current position, Dave reflects on the recent IAM conferences and why it is crucial to balance security and usability when creating IAM solutions. Hosts Jim and Jeff chime in to cover the differences between digital identity and IAM and how Identity and Governance and Administration (IGA) is advancing. To end the episode, the hosts pose a question to Dave, “Which universe would you rather live in, The Walking Dead, Game of Thrones, or The Matrix?”
Acsense Blog 🗞️
3-2-1 Backup Strategy: A Roadmap for IT & Security Professionals
The 3-2-1 backup strategy is a crucial tool for maintaining data security and integrity. In this blog post, we break down the details of the 3-2-1 framework to help key players protect their organization’s data. The basic principle of the 3-2-1 framework can be summarized as three copies of data, using two different storage formats, and one copy stored off-site. Together, these principles support robust data protection, efficient recovery planning, and cost optimization. When implementing this strategy, be sure to keep these best practices in mind: multiple copies, quality storage media, regular backup tests, secure off-site storage, and diverse internal storage.
Upcoming Events📅
Oktane on the road
If you missed Oktane 2023 (or think it ended too soon) the event is hitting the road, visiting several cities across North America and London. At these events, Okta will be holding some of the top presentations from Oktan where participants can learn about Okta AI as well as other exciting products. There will also be demo stations where participants can see the latest product releases in action and chat with Okta experts to receive one-on-one support. Each event will be held in an exciting location, from Top Golf to tasty dining experiences, to Arrowhead Stadium and provides an excellent networking opportunity. Plus, there will be prices! Check out the list of events and their details below:
Foxborough, MA – December 12th
Kansas City, MO – December 13th
Acsense on Demand ▶️
Redefining Enterprise Resilience: Acsense Leaders Discuss Post-Breach Recovery and IAM Strategies
In this episode of Acsense on demand, Danial Naftchy and Muli Motola discuss the need for enterprises to prioritize business continuity in the aftermath of security breaches. This need is made especially evident after the recent MGM hacks. Naftchy and Motola’s conversation highlights a common misconception in the cloud era: that SaaS providers ensure business continuity. Instead, it is the customer’s responsibility for data management and recovery. The dialogue underscores the importance of proactivity, including regular data backups, robust processes for disaster recovery, and the secure storage of backups to prevent exploitation by attackers. Training and organizational change are also identified as crucial components for effective responses to future incidents, particularly in addressing vulnerabilities stemming from human error.
For more video content like this Go To Our Youtube Channel
Company Corner 💬
Ping Identity and ForgeRock Named as Leaders in 2023 Gartner® Magic Quadrant™ for Access Management
Okta is not the only company to receive high marks from Gartner’s Magic Quadrant for Access Management. Both Ping Identity and ForeRock Identity Cloud were recognized as Leaders. This distinction follows their independent evaluation before joining forces on August 23, 2023. This year marks the seventh consecutive year Ping Identity was recognized as a Leader. Additionally, Ping Identity scored the highest in Completeness of Vision, product strategy and innovation, market responsiveness, and track record.ForgeRock Identity Cloud was noted for its B2B and B2C Customer Access Management features, authorization, adaptive access, and received one of the highest scores for its business model.
Defending Your Organization Against Session Cookie Replay Attacks
The threat of session cookie replay attacks is (and should be) a concern of any cyber security program. These attacks bypass the need for credentials by maliciously replaying a session cookie to impersonate a user on a targeted website. To acquire these session cookies, this type of attack utilizes malware, Man-in-the-Middle attacks, or compromising technical support systems. Once obtained, attackers can hijack user accounts, potentially accessing sensitive data and compromising the targeted Access Management solution. To defend against these attacks, OneLogin Access Management recommends several actions, such as avoiding privilege assignment to standard user accounts, automating the allocation of security policies to separate admin accounts, and configuring short session lifetimes for high-value admin accounts.
MEME Of The Month: 😆
Thank You For Reading!
We hope you enjoyed the November edition of the Five Nines newsletter!
Share with colleagues or follow us on LinkedIn for more IAM resilient insights and trends.