In a world where information has become the currency, Identity and Access Management Security are now the single-point-of-failure for most organizations.
In this new landscape, we find Okta, the leading independent identity provider today, has transformed the way millions of people access technology and put identity at the forefront of security.
With hundreds of millions registered users Okta has signaled the beginning of a new era – where information is the currency and we must protect it at all costs.
Okta brings simple and secure access to people and organizations worldwide, promising to protect their customers’ identities, workforce, and users.
On paper, they have created an ideal world, where organizations are safe and secure.
But in reality, there’s one hidden danger to using their identity access management system to protect your organization – but no need to worry. In this article we will be reviewing exactly how to mitigate this issue.
What You Don’t Know Might Hurt You
Okta relies on a shared responsibility model, much like other cloud providers, such as Amazon AWS, Microsoft, and Salesforce.
This shared responsibility model has been organizations’ nightmare, usually discovered in the hour of their most dire need.
The problem is not so much with the model itself, but with how unavailable this information is, and how customers remain unaware of it until it’s too late and they find out they have no way to restore Okta’s configuration.
But let’s rewind for a moment and explain exactly what is the shared responsibility model and how it can affect your organization.
The Shared Responsibility Model
The shared responsibility model is a new way of dividing responsibilities between providers and users.
In a nutshell, it means that the provider, in this case Okta, is responsible for the security of the cloud, while the user is responsible for the security in the cloud.
Namely, you are responsible for the information, configuration, rules, etc. that you define within Okta, while Okta is responsible for securing your cloud.
In Okta’s words:
“Our customers are responsible for securing what they host “in” Okta. This includes, for example, granting the correct permissions to your users, disabling accounts when employees are terminated, enforcing multi-factor authentication, properly configuring and monitoring the authentication policies required to protect your data, reviewing activity data in the system log to ensure users are following your policies, and monitoring your Okta tenants for attacks, such as password spraying, phishing, etc.”
This all sounds fine on paper, but in reality, this means that backing up your Okta data is up to you, and unfortunately, that is not communicated very well to Okta’s customers.
Can You Backup And Recover Okta’s Data & Configurations?
Now you’d imagine that Okta would provide you with an easy backup and recover option to mitigate the possible consequences of their shared responsibility model, but alas, that feature is yet to be made available.
Without Okta scheduled backups, your organization is left to its own devices in case of a breach or human error (possibly the leading cause of Okta issues today).
If any data is missing or misconfigured, you have no way of restoring Okta’s configuration.
This means that disaster recovery can take weeks, in a best-case scenario for a medium-sized organization, and far longer than that for larger organizations.
Cybercrime alone costs US companies over half a billion dollars annually.
But the real daily cost that no one is talking about, is human error.
Whether your new employee just deleted some users, groups, or something else, restoring your information is critical functionality to your most precious system.
Problem is, Okta doesn’t have such a feature.
“We can talk about the importance of firewalls and network segmentation. But really, identity has become the boundary, and we need to start readdressing our infrastructures in that matter.”
– Jay Gazlay, CISA, SolarWinds attack, December 2020
Backup And Recover Your Okta With acsense
“Most organizations think they are protected once everything is on the cloud. That if a cyber, ransomware, malware attack, or even a misconfiguration happen, you will have the ability [from Okta] to recover.
This is a misconception. You can only trust yourself and your organization. You need a backup on your side to maintain control of your organization’s critical data.
This becomes even more important for public companies. Compliance certificates like SOX and ISO require a backup tenant for significant and critical assets like Okta. Because if Okta is compromised, it can cause massive damage.”
– Lior Zagury, Global IT Manager
Monday.com
At acsense we backup your Okta data so you can have full backup and restore capabilities, no matter what type of disaster you are facing.
Whether your organization has been breached or your newest employee accidentally deleted important settings, acsense is here for you with one-click recovery.
acsense was founded after many years of working with Okta and seeing first-hand how devastating were the implications of human error and cyber attacks on organizations that had no backup to bounce back from.
Don’t let your organization’s profits plummet because of an attack or human error – protect yourself today.
Summary
In this article, we reviewed Okta’s shared responsibility model, the dangers of leaving your Okta configuration unprotected, and how you can quickly and easily backup and restore your Okta policies, users, groups, and other information.
p.s 👋
Looking to stay in the loop on the latest IAM trends and updates?
Subscribe to the FiveNines IAM newsletter today and gain access to exclusive insights from industry leaders, groundbreaking companies, and global news outlets. Don’t miss out on the must-read monthly newsletter that delivers the juiciest edition yet of IAM resilience.
Subscribe on Linkedin now and stay ahead of the curve!
