The Okta breach
When identity access management system Okta was breached in January 2022, it was initially reported that 366 companies had their data compromised.
For those companies, a single point of failure put their data, and business, at risk.
Because of the nature of Okta and similar systems, it wasn’t clear what, if any, changes had been made. That meant their disaster recovery process was more complicated than expected.
But there are things that any company using identity access management systems can do right now to make their disaster recovery plan stronger and protect themselves in case of a major breach.
Gain better control over admin changes
In order to protect your data going forward, the first thing you should do is implement a better alert system for admin changes.
Having visibility into what changes were made and when lets you take control over your recovery process.
“They need to have better control over admin changes into the system,” said Muli Motola, co-founder and CEO of acSenSe, an Okta integration company that provides automated backup and recovery of identity access management systems.
“They need to monitor them. They need to alert them. They need to connect them to a SIM. They need to have good alerts, if changed, on each change.”
There are two parts of the sandwich to make sure your data is secure. One is to prevent access. The other is to ensure you have a good backup to the system in case of a breach.
That backup should be segregated from the main system and should be able to recover small pieces in case of minor changes and a different tenant in case of a big disaster.
“A bit similar to what we knew from the past when we had multiple data centers that were able to recover in case of a disaster in one of them,” he said. “So it’s kind of a new era where SaaS also needs to be able to be recovered because cyber attacks are so abundant.”
Look at your business from a disaster recovery perspective
Okta’s customer statistics say that, on average, a customer uses 155 applications annually.
That may seem like it would increase their vulnerability, but Muli says that’s not true because only a few of those are necessary for recovery.
From a data perspective, 155 applications seems really big, but from a disaster and recovery perspective, things narrow down. Just like if your house were on fire, you’d have time to pick the five most important things to save to survive and start over.
That would look like your family, your pet, your passports, maybe. It probably wouldn’t include things like your refrigerator or other somewhat important things you collected throughout your life. In a breach, you’d do the same with your business.
“Some articles say that, in general, in order to bring the business back to life, you probably need something like 10% of your applications to go back to life,” he said.
Businesses should write down the top 10 applications they need for their company to run and think of how that recovery process would go.
Protect your own data
One of the most crucial things businesses need to understand is that SaaS products do not come with disaster recovery capabilities. Every company is responsible for their own data protection.
Many people believe that major SaaS tools like Salesforce will be able to recover themselves, but it’s not true.
“It’s actually responsible for the resilience of the infrastructure, the security, the performance, scalability, et cetera, but not for the data and the configuration,” Muli said.
Even if you could export your data every day with all of the changes, that doesn’t mean you’d be able to return that data to the SaaS product in case of a breach. It doesn’t mean that the integrity of the data would match what was required by the database.
Also, it is part of the vendor’s responsibility to not touch your data or even see it as part of privacy and data protection rules.
“That means that data protection for cloud is something that’s going to be a huge thing in the future because everybody understands that it’s their own responsibility,” he said.
Have an identity access management system backup
If you don’t have a dedicated disaster recovery platform, there are a couple of things you can do, but it won’t be a full-scale solution.
The best option is to use a company like acSenSe that can provide disaster and recovery for your identity access management system and bring you fully back online.
“If you’re working in the cloud, not in a hybrid situation, when you have ability to backup a server, you probably don’t have a, not only for identity management, you probably don’t have any cloud data backed up,” Muli said.
Google Drive and your email allow you to keep versions to recover, and even Salesforce can offer some recovery assistance if you ask them, but these don’t bring back everything you need.
“You do not have this capability for your SaaS infrastructure, which means the IT of your cloud environment, the identity management network management, all your ‘as a service’ tools probably don’t have backup capabilities,” he said.
“And for sure, they don’t have ability to recover themselves in case that you really lost access to the tenant,” Muli said.
Run disaster recovery drills
For companies that want to be better prepared for the next breach, running disaster recovery drills is a good way to make sure you’ve thought through everything.
“What happens today with our customers that they’re doing what we call DR drills,” Muli said.
The customers are taking a couple of hours where they act as if Okta is down. An attacker has compromised it, and they have to fail to the secondary system.
This type of drill requires critical thinking and answering necessary questions about their DR plan.
“What are my priorities for applications? Who am I bringing first? What am I telling to my users? What is the risk for the organization? What am I doing with the other business applications in the meantime?” he said.
“Tons of questions you ask yourself and having a secondary tenant to practice on this allows you to actually think it over, doing actual hands-on workshop and actual drill.”
Working through these drills can change your mindset about managing your cloud environment and the type of control you want to have over your data.
You no longer think of calling support first thing and waiting for directions. It becomes your own decision and process because protecting your data is up to you.
Protection And Recovery For Okta Starts Here
Discover the FULL acSenSe business and access continuity platform FREE for 30-days.
No pressure, no conversations with a salesperson. We also provide a fully functional demo environment should you prefer.
It takes only minutes to gain access: ui.acsense.com/onboard/tenant
After exploring the demo environment, if you want to take the next step with us and learn if acSenSe is right for you, you can schedule a call directly here.
