惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
V
V2EX
G
Google Developers Blog
F
Full Disclosure
Martin Fowler
Martin Fowler
宝玉的分享
宝玉的分享
H
Hacker News: Front Page
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
NISL@THU
NISL@THU
G
GRAHAM CLULEY
V
Vulnerabilities – Threatpost
Hacker News - Newest:
Hacker News - Newest: "LLM"
A
About on SuperTechFans
The Cloudflare Blog
C
Cisco Blogs
D
DataBreaches.Net
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Vercel News
Vercel News
P
Privacy International News Feed
Microsoft Security Blog
Microsoft Security Blog
Help Net Security
Help Net Security
Recorded Future
Recorded Future
PCI Perspectives
PCI Perspectives
S
Schneier on Security
AI
AI
N
News | PayPal Newsroom
雷峰网
雷峰网
C
Cyber Attacks, Cyber Crime and Cyber Security
P
Proofpoint News Feed
The Last Watchdog
The Last Watchdog
L
LINUX DO - 最新话题
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
Schneier on Security
Schneier on Security
S
Securelist
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
博客园_首页
AWS News Blog
AWS News Blog
TaoSecurity Blog
TaoSecurity Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 三生石上(FineUI控件)
C
CXSECURITY Database RSS Feed - CXSecurity.com
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Cloudbric
Cloudbric
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
Check Point Blog
S
Security Affairs

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Paving the Path: Pooled Audits with Okta Security Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
Okta Pooled Security Audits: a One-Year Retrospective
Okta Customer Audit · 2026-01-12 · via Okta Security RSS Feed

Customer audit is evolving beyond the traditional one-to-one audit model. When Okta's Customer Audit team first published Paving the Path: Pooled Audits with Okta Security last year, we shared our vision for moving beyond the limitations of siloed assessments. Today, as successive SaaS supply chain attacks continue to ring alarm bells across the industry, that strategic vision is now a reality.

This year-in-review retrospective demonstrates how our pooled audit methodology has become a powerful mechanism for collaborative peer discussion - raising the bar for supply chain security for both Okta and our customers. 

The Rationale: Designed to be Different 

Traditional audit models create a heavy, linear burden: each customer audit request requires Okta's security team to provide a tailored evidence package in response. Our pooled audit program was designed to break the status quo. 

We measure success based on the program's ability to minimize redundant effort for our internal teams, while offering customers something a traditional audit cannot: context and community. By shifting to this model, we deliver assurance faster, but also provide a forum for peer-to-peer exchange that turns a compliance checkbox into a strategic value-add . 

Quantifying Success: The Metrics Validating the 1:Many Shift

Our results validate the success of the pooled audit program. We track several KPIs that demonstrate a consistent, positive shift in our compliance efficiency and translate to business impact for customers.

Most notably, participant feedback highlights the quality and effectiveness of the new model. In our post-audit survey, customers indicated:

  • 94% reported feeling supported in achieving their organizational compliance and assurance goals, and

  • 98% reported a high level of confidence in Okta as a security partner.

Our KPIs demonstrate program efficiency across the following strategic priorities;

Key Performance Indicator (KPI)

Trend (1-Year Retrospective)

Business Impact

Individual Audit Request Burden

As more customers participate in the pooled audit program, Okta's security team has been able to assist additional customers with unique requirements. 

Demonstrates the successful transition from a 1:1 service model to a scalable, sustainable 1:Many approach, freeing up the team to support new audits.

Pooled Audit Participation Rate

Increase in the number of customers participating in a single pooled session.

Proves the scalability and value of the program, resulting in a higher number of customers supported.

Customer Audit Days Saved

Significant reduction in total FTE-days required from Okta Security supporting 1:1 audits. 

Cost avoidance, allowing the team to focus on other value-add work. 

Time-to-Assurance (TTA)

Consistent decrease in the average time required for a participating customer to receive full audit assurance.

Accelerated compliance: Enables customers to meet their regulatory deadlines faster.

Supply Chain Assurance

Beyond compliance, the validation of the pooled audit program is its role in educating customers about current threats, and Okta’s best practice guidance to defend identities. 

Audit sessions deep-dive into the controls that close the gaps exploited in the recent compromises of Salesloft and Gainsight, specifically validating our adherence to the five pillars of SaaS hygiene: 

  1. Strong authentication,

  2. Strong identity governance,

  3. Interactive session security,

  4. Non-interactive session security, and

  5. Strong auditability.

By aligning these technical verifications against global regulatory expectations (e.g. for financial services: DORA, APRA or NYDFS), the program does more than prove compliance; it provides customers with high-assurance evidence that their critical identity vendor is built to withstand and recover from major supply chain disruptions.

Deep-Dive Assurance at Scale

The strategic value of the pooled audit program extends beyond efficiency; it redefines the depth of assurance. We move beyond static document exchanges, and instead host multiple industry-specific customers for multi-day, hands-on sessions to collectively assess our controls against their regulatory expectations. We encourage peer challenge, and this peer review makes us stronger. 

Our recent engagements with financial services customers prove out this model. These were detailed, collective assessments across nine critical domains key to operational resilience and security.

The result is genuine assurance in a peer setting, offering value exceeding a compliance checkmark. By delivering granular, domain-specific coverage for specific regulations, we reduce reliance on bespoke, time-consuming customer audits in favor of a better outcome. Okta’s pooled audit methodology is increasing the depth of scrutiny our controls receive. Good for customers, and good for Okta. 

Conclusion: A Call for a New Industry Norm

We have transitioned from "paving" to "practice". The pooled audit program is no longer just an efficiency initiative; it is the assurance mechanism that informs our customers’ supply chain security posture and offers Okta valuable customer insight in a peer-to-peer forum. 

However, this success shouldn't be unique to Okta. This is our call to action for the wider SaaS industry in making the Pooled Audit model the norm, and not the exception. 

We invite Okta customers to be part of this evolution: reach out to your account team today to join our next pooled audit cohort for your industry. By adopting this shared assurance approach, we can collectively reduce the compliance burden on customers, eliminate redundancy, and focus our resources on what truly matters — securing the ecosystem against evolving threats.