惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
F
Fortinet All Blogs
博客园_首页
The GitHub Blog
The GitHub Blog
V
Visual Studio Blog
D
DataBreaches.Net
aimingoo的专栏
aimingoo的专栏
爱范儿
爱范儿
B
Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
N
Netflix TechBlog - Medium
阮一峰的网络日志
阮一峰的网络日志
P
Proofpoint News Feed
D
Docker
Engineering at Meta
Engineering at Meta
大猫的无限游戏
大猫的无限游戏
The Cloudflare Blog
罗磊的独立博客
云风的 BLOG
云风的 BLOG
Microsoft Azure Blog
Microsoft Azure Blog
T
The Exploit Database - CXSecurity.com
博客园 - 三生石上(FineUI控件)
量子位
The Last Watchdog
The Last Watchdog
MyScale Blog
MyScale Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
The Blog of Author Tim Ferriss
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
小众软件
小众软件
Cloudbric
Cloudbric
博客园 - 司徒正美
H
Help Net Security
人人都是产品经理
人人都是产品经理
Application and Cybersecurity Blog
Application and Cybersecurity Blog
L
LangChain Blog
Latest news
Latest news
M
MIT News - Artificial intelligence
T
Threat Research - Cisco Blogs
博客园 - Franky
S
Security Affairs
W
WeLiveSecurity
F
Full Disclosure
Know Your Adversary
Know Your Adversary
Google DeepMind News
Google DeepMind News
The Hacker News
The Hacker News
Cyberwarzone
Cyberwarzone
美团技术团队
PCI Perspectives
PCI Perspectives
C
Check Point Blog
Spread Privacy
Spread Privacy

Okta Security RSS Feed

OpenSSL HollowByte: A DoS Hiding in 11 Bytes Datadog and Okta Combine for New Customer Detections Detecting OpenClaw at Sign-In Okta Hardening Guide Updated to Secure Non-Human Identities Okta Pooled Security Audits: a One-Year Retrospective Account Recovery, without Password Resets Okta’s Response to React2Shell Uncloaking VoidProxy: a Novel and Evasive Phishing-as-a-Service Framework Attackers Target Hotelier Accounts in Malvertising and Phishing Campaign Using Auth0 Logs for Proactive Threat Detection Controlling Cross-App Data Sprawl in Google Workspace How this ClickFix campaign leads to Redline Stealer Building Confidence in Support Comms with Caller Verify at Okta Enabling ISO/IEC 27001:2022 Compliance with Okta Okta’s Secure by Design Pledge - One Year On Leveraging Okta System Logs for Proactive Threat Detection Enhancing Customer Trust Through a Comprehensive Audit Program Okta's new Security Technical Implementation Guide (STIG) A Guide to DORA Compliance with Okta How AI services power the DPRK’s IT contracting scams Detect and Prevent Cross Device Authentication How Responsible Disclosures are Shaping a Safer Cyberspace Cybersecurity’s Next Gen Next.js CVE-2025-29927 CSO Conversations: Matthew Hansen, Regional CSO of Americas West Empowering Security with Customer Trust Solutions Putting Security First with Secure Development One trick finds the root of any Okta troubles CSO Conversations: Stephen McDermid, Regional CSO of EMEA Content-Security-Policy in a Complex Environment CSO Conversations: Keiko Itakura, Regional CSO of Japan How Okta Embraces Identity Verification Using Persona CSO Conversations: Matt Immler, Regional CSO of Americas East Raising the Bar for our Industry with IPSIE Cyber-Safety over the Holidays Okta Social Engineering Impersonation Report - Response and Recommendation Five Reasons to Upgrade your Org to Okta Identity Engine Okta’s Ongoing Commitment to Secure By Design Unveiling the Essence of the Security Customer Trust Function Security Education Through the Art of Storytelling Seven Ways to Reduce Super Admins in Okta The Case for Zero Standing Privileges FastPass: The battle-hardened authenticator Detecting Cross-Origin Authentication Credential Stuffing Attacks How to Block Anonymizing Services using Okta Why Cyber-heroes need a Zero Trust CAEP! Okta Verify Vulnerability Disclosure Report - Response and Remediation Defensive Domain Registration is a Mug’s Game Protecting Administrative Sessions in Okta How to Secure the SaaS Apps of the Future Okta October 2023 Security Incident Investigation Closure October Customer Support Security Incident - Update and Recommended Actions Unauthorized Access to Okta's Support Case Management System: Root Cause and Remediation Tracking Unauthorized Access to Okta's Support System Go “Secure by Default” With Custom Admin Roles for IT support staff Cross-Tenant Impersonation: Prevention and Detection BYO Telephony and the future of SMS at Okta Saying “No Thanks” to nOAuth Telling More Okta Detection Stories with Google Chronicle An Unexpected Endorsement for WebAuthn Social Engineering is Getting More Extreme, but the Fixes Can Be Simple Study up on Okta Logs for Splunk’s Boss of the SOC! Keeping Phishing Adversaries Out of the Middle Using Workflows to Respond to Anomalous Push Requests Okta and Splunk Combine to Detect Common Attacks Setting the Right Levels of Assurance for Zero Trust Catch-All's and Canary Rules User Sign-in and Recovery Events in the Okta System Log Okta Code Repositories Detecting Real-Time Phishing Attacks Detecting Real-Time Phishing Attacks Okta’s Response to OpenSSL Security Update Monitoring for Abuse of Administrative Privileges System Log: a Window into Supporting the Okta Cloud The Human Factor in Phishing Resistance Auth0 Code Repository Archives From 2020 and Earlier Phishing Resistance and Why it Matters Detecting Scatter Swine: Insights into a Relentless Phishing Campaign Defending against Session Hijacking Unlocking the Mystery of 700+ Okta System Log Events Official Okta Statement on LAPSUS$ Claims Protection, without perimeters We (still) need to talk about RDP Just How Risky is Legacy Authentication?
Paving the Path: Pooled Audits with Okta Security
Lydia Le · 2025-06-25 · via Okta Security RSS Feed

Okta has completed another pooled audit, leading the industry by transforming traditional one-to-one assessments into a collaborative, industry-first approach. This new model not only streamlines the audit experience but delivers impact: 90% of participating customers reported significantly greater confidence in demonstrating compliance. This new, collaborative model builds on the foundation we've detailed in our previous posts of the Customer Trust series, which cover our team's mission, mandate, and more.

Expanding our Program

Routine, individual audits have remained crucial for building customer confidence and fostering strong relationships. In order to address the inherent time and resource demands of the traditional one-on-one model, we've introduced an innovative pooled audit program designed to work alongside it.

Our Customer Audit program directly reflects the Love our Customers core value and is a testament to our long-term commitment to lead the industry in the fight against identity-based attacks.

To support our global customers, we’ve launched region-specific regulatory support, starting with the Digital Operational Resilience Act (DORA) in the European Union and United Kingdom and, more recently, the Australian Prudential Regulation Authority (APRA) in Australia. As regulatory expectations around cloud service providers continue to evolve, these collaborative audit sessions are helping us proactively meet customer needs while setting a new standard for partnership and trust at scale.

Program Benefits

Okta is leading the charge in elevating confidence and clarity across the evolving regulatory landscape. Our program establishes a new industry benchmark, paving a fundamental shift in the collaborative dynamics between critical technology vendors and customers. We bring multiple industry-specific customers into Okta offices for multi-day, hands-on sessions to collectively assess our controls against specific cybersecurity regulations.

In our most recent pooled audit, we thoroughly covered Australian Prudential Regulation Authority (APRA) expectations with our Financial Services Industry (FSI) customers in the region. The nine key domains that were covered included:

  1. BCP and Operational Resilience,

  2. Datacenter Security,

  3. Third Party Risk Management,

  4. Enterprise Risk Management,

  5. Physical Security and Identity Access,

  6. Change Control and Configuration,

  7. Cryptography,

  8. Vulnerability Management, and

  9. Security Incident Management. 

The result wasn't just a compliance checkmark — based on the feedback captured, 90% of participating customers left with significantly higher confidence in their ability to demonstrate their organization’s compliance to the APRA regulation. Since launch, we’ve realized the following program benefits:

Fostering Trust 

This one-to-many model eradicates the heavy resource strain of one-to-one, repetitive audits. Our customers are at the heart of everything we do. It is important to highlight how Okta builds trust by demonstrating our robust security. As Okta continues to grow and is now considered a critical outsource provider, this pooled audit model is helping more customers meet regulatory obligations. 

Deeper collaboration and shared insights

Our program introduces a change from the standard private audit model by introducing opportunities to engage with industry peers and share learnings. Okta’s in-person audit setting helps support the fostering of new connections and strengthening existing relationships, enabling a forum to share best practices and gain invaluable insights from both Okta and pooled audit participants.

Proactivity versus reactivity

While these new regulations don't directly impact Okta, we take a proactive approach by engaging our customers directly when new regulations emerge. By helping them understand how Okta's security controls apply and effectively address new requirements, we can support them in their compliance adherence efforts.

Measuring What Matters

Measuring the success of pooled audit programs not only gives our security team and leadership insight into what is driving concerns for customers, but also how we can improve future sessions.

Most recently, 90% of APRA pooled audit participants reported high program effectiveness, and 94% reported increased confidence in Okta as a security partner. Our program’s mandate is to build lasting trust and strengthen partnerships. Here’s what our customers are saying about us:

  • “I like the concept of the pooled audit. It was good to have the Okta team outline the control environment to help us to complete our obligation requirements. It was good to connect with other customers that are in similar positions.” - Senior Manager at a global financial services company

  • “The information sharing was open and questions were answered well and comprehensively.” - Technology Risk Manager at a globally recognized financial services company

  • “Okta/Auth0 is a key service provider for our business services. It was good to understand the security controls and evidence shown in the pooled audit which demonstrates the security posture and maturity across Okta/Auth0.” - Head of Security Strategy and Architecture at a global retail payment company

  • “The openness of Okta in sharing information has supported our compliance journey. The session allowed us to get better insights and comfort around how a key partner is ensuring the security and continuity of services to its customers. Opening discussion and being able to gain clarification directly from senior leaders.” - Senior Operational Risk Manager at a global retail payment company

  • “The face-to-face engagement was excellent, and Okta's collaborative approach was a significant benefit. We feel it's truly important to foster this trusted relationship and to continue growing more secure together" – EU Customer 

Our Future Vision

We’re focused on continuing to expand our Customer Audit program across new industries and regions, opening the program benefits to additional customers outside of Financial Services. We believe a world-leading SaaS identity service can support their success. We’re committed to supporting our customers through the evolving and complex regulatory landscape they face.

This journey toward scalable assurance is bigger than Okta. We’re calling on our peers in the security SaaS community to join in on these efforts. Are you exploring pooled audits or similar collaborative models? Reach out at customeraudit@okta.com to collaborate on audit-based insights and accelerate the industry's progress for all customers. 

By openly sharing our collective expertise and challenges, we can create a more trusted, secure ecosystem for everyone. We welcome your feedback and partnership as we build this new standard, together.

Lydia Le is an Associate Analyst at Okta, providing Assurance support to the Security Customer Trust team. Her commitment to continuous learning and keen attention to detail supports Okta’s mission by securing digital Identities and strengthening customer trust. Outside of work, Lydia enjoys reading, traveling, and exploring new cuisines - always eager to broaden her horizons and learn differing perspectives.