惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
Netflix TechBlog - Medium
罗磊的独立博客
H
Help Net Security
I
Intezer
G
Google Developers Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Troy Hunt's Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
U
Unit 42
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
J
Java Code Geeks
S
Security Affairs
T
The Blog of Author Tim Ferriss
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
D
Docker
The GitHub Blog
The GitHub Blog
F
Full Disclosure
N
News and Events Feed by Topic
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
腾讯CDC
人人都是产品经理
人人都是产品经理
M
MIT News - Artificial intelligence
Blog — PlanetScale
Blog — PlanetScale
T
Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
MongoDB | Blog
MongoDB | Blog
博客园 - 【当耐特】
L
LINUX DO - 最新话题
Google Online Security Blog
Google Online Security Blog
S
Schneier on Security
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Help Net Security
Help Net Security
P
Proofpoint News Feed
Project Zero
Project Zero
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 叶小钗

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
Enhancing Customer Trust Through a Comprehensive Audit Program
Matthew Hansen · 2025-05-14 · via Okta Security RSS Feed

This is the third iteration in our blog series. In our first blog, we introduced Okta’s Security Customer Trust team, highlighting our commitment to transparency and our mission to strengthen security outcomes for Okta and the communities we serve. In the second blog, we took a closer look at the tools and solutions that power our Customer Trust efforts.

In this blog, we’ll explore how the Okta Security Customer Audit further enhances the Customer Trust function, driving even greater transparency and confidence in our security practices to meet our customers' regulatory and compliance requirements.

The many benefits of Cloud computing come with the challenge of having reduced visibility into the day-to-day operations of the growing number of applications in today’s tech stacks. The adoption of the identity is the cornerstone of a security program and the new perimeter of technology itself.

For most customers, reviewing Okta’s generally available documentation meets their requirements. For highly regulated customers, a more detailed audit and more robust documentation may be necessary.

Introducing the program

As organizations increasingly rely on identity platforms, the need for comprehensive security measures has never been greater. The growing dependence on external vendors, suppliers, and service providers means businesses face a diverse set of supply chain risks that must be carefully managed to maintain a strong security posture.

The Okta Security Customer Audit program enables highly regulated customers to view the policies, procedures, and evidence that Okta provides to its auditors and meet regulatory requirements for observing control implementation evidence. Our program is carefully designed to enable audits to occur in a way that ensures equality and that does not expose customers to undue risk.

Working with us

Through structured assessments, our program provides deep visibility into Okta’s enterprise operations, covering critical areas such as quality control, regulatory compliance, security measures, and performance metrics. These audits are designed to give customers the confidence that Okta’s security practices not only meet, but often exceed, industry standards, empowering them to meet their own regulatory and compliance requirements.

During an Okta Security Customer Audit, you can expect:

Before an Audit

Our team will execute a thorough review of the Okta processes, documentation, and controls. This may include interviews with key personnel, examination of various records, and observation of operational practices. Our audit team possesses expertise in relevant areas such as quality assurance, compliance, and information security across various industries and regions.

During an Audit, Pooled edition

Following the methodical mapping of regulatory controls, we introduced our program's capabilities to a pooled audit function. 

Last December, we piloted our Okta Security Pooled Audit program (more on this in a future blog), which addressed the control requirements defined by the Digital Operational Resiliency Act (DORA). Our pooled audit resulted in equipping dozens of our EMEA/UK financial services customers with an open-door look into our security program, much like we would share with our own third-party audit functions. Ultimately, we demonstrated the Okta controls meeting customer and regulator requirements, in addition to fostering community. Our attendees had peer-to-peer opportunities to discuss similar industry-related challenges they face in their respective organizations regarding compliance regulations.

After the Audit

Post-audit closing activities are crucial for the program's effectiveness. These activities involve following up on the implementation of corrective actions and verifying that Okta has made the necessary improvements to keep both Okta and our customers secure. 

More on our Audit programs

While we’re not subjected to every global regulation, we will work closely with our customers to understand their requirements, support them in their efforts to achieve and maintain compliance, and reinforce trust in Okta. For more information on accessing Okta's Security Trust Center, visit our Okta Docs.

Later this month, we’re expanding our pooled audit program to help Okta’s Australian customers address new regulations under Australian Prudential Regulatory Authority (APRA) CPS 230, and the existing CPS 234 requirements, which will follow the same program structure. To learn more about our audit programs and how to get involved, contact your account team.

Matthew Hansen is a Regional CSO for Okta’s Americas West region. As a leader in security risk management, his accolades include MBA, CISA, and CCSK. Backed by over 15 years of experience in consulting, internal audit, IT governance and risk management, Matthew provides security program support to Okta’s customers. During his downtime, he enjoys travelling the world, experiencing new cultures, and attending Formula 1 races.