{"id":92018,"date":"2023-05-19T05:27:39","date_gmt":"2023-05-19T05:27:39","guid":{"rendered":"https:\/\/www.techrepublic.com\/?p=4094615"},"modified":"2023-05-19T05:27:39","modified_gmt":"2023-05-19T05:27:39","slug":"oktas-security-center-opens-window-to-customer-insights-including-threats-and-friction","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=92018","title":{"rendered":"Okta\u2019s Security Center opens window to customer insights, including threats and friction"},"content":{"rendered":"<figure id=\"attachment_4094617\" aria-describedby=\"caption-attachment-4094617\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-4094617\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/05\/oktas-security-center-opens-window-to-customer-insights-including-threats-and-friction.jpg\" alt=\"A person holding up their phone with the Okta logo on it in front of a page on the Okta website for Authentication\" width=\"1400\" height=\"1050\"><figcaption id=\"caption-attachment-4094617\" class=\"wp-caption-text\">Image: Timon\/Adobe Stock<\/figcaption><\/figure>\n<p>Since acquiring the application team platform Auth0 in 2001, identity management company Okta has pursued a platform-neutral strategy for both internal and external consumer identity authentication that includes delivering insights to IT teams overseeing security and identity-based access protocols.<\/p>\n<p>The 14-year-old company and single sign-on <a href=\"https:\/\/6sense.com\/tech\/single-sign-on-sso\/okta-market-share#:~:text=Okta%20has%20market%20share%20of%2035.87%25%20in%20single-sign-on-sso,10.10%25%2C%20AWS%20Single%20Sign-On%20with%207.40%25%20market%20share.\" target=\"_blank\" rel=\"noopener noreferrer\">market share leader<\/a> announced this month that it is adding a key element of visibility, the <a href=\"https:\/\/auth0.com\/blog\/okta-cic-adds-security-center-to-attack-protection\/\" target=\"_blank\" rel=\"noopener noreferrer\">Security Center<\/a>, to its Auth0-powered Okta Customer Identity Cloud.<\/p>\n<p>Jump to:<\/p>\n<h2 id=\"visibility\">Offering wide visibility of authentication activity<\/h2>\n<p>The Security Center dashboard is designed to give near real-time asset visibility to teams focused on customer identity, user experience and security. The Security Center serves up authentication events, security incidents and user experience at points, particularly where security friction could make or break the consumer interface experience, according to Okta (<strong>Figure A<\/strong>).<\/p>\n<p><strong>Figure A<\/strong><\/p>\n<figure id=\"attachment_4094616\" aria-describedby=\"caption-attachment-4094616\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4094616 size-article\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/05\/oktas-security-center-opens-window-to-customer-insights-including-threats-and-friction-1.jpg\" alt=\"Near real-time telemetry from Okta Customer Identity Cloud Security Center dashboard\" width=\"770\" height=\"855\"><figcaption id=\"caption-attachment-4094616\" class=\"wp-caption-text\">Near real-time telemetry from Okta Customer Identity Cloud Security Center dashboard. Image: Okta<\/figcaption><\/figure>\n<p>Ian Hassard, senior director of project management at Okta, said that, going forward, every Okta enterprise customer will have Security Center access whether they have the company\u2019s attack protection product or not<\/p>\n<h2 id=\"challenges\">Addressing identity and sign-on management challenges<\/h2>\n<p>Hassard explained that, while Okta\u2019s technologies serve both internal employees and external-facing identity interfaces, the latter environment presents special challenges.<\/p>\n<p>\u201cIn the customer identity world, we\u2019re talking about 10 million or 50 million users, which means sorting through a lot of the noise and trying to surface attack insights, which are a little hard for somebody who\u2019s not living and breathing customer identity,\u201d Hassard said.<\/p>\n<p><strong>SEE:<\/strong> How one company is using <a href=\"https:\/\/www.techrepublic.com\/article\/company-that-launched-2fa-pioneering-ai-for-digital-identity\/\">artificial intelligence for two-factor authentication<\/a>&nbsp;(TechRepublic)<\/p>\n<h2 id=\"insights\">Using insights to parse attack veracity<\/h2>\n<aside class=\"pinbox right\">\n<h3 class=\"heading\">Must-read security coverage<\/h3>\n<\/aside>\n<p>The company said the security dashboard grabs data from Okta Customer Identity Cloud to provide a window into real-time authentication events, potential security incidents and threat response efficacy as well as the current state of attack protection and authentication traffic.<\/p>\n<p>\u201cTo understand what is or isn\u2019t an attack, we\u2019re able to analyze the patterns across logins,\u201d said Hassard. \u201cThis means that when we see an attack or when a customer confirms that there\u2019s an attack, we\u2019re able to have the collective shared intelligence of what that actor was doing and what \u2014 in this context \u2014 \u2018bad\u2019 looks like.\u201d<\/p>\n<h2 id=\"agnostic\">Platform agnostic, behind the scenes<\/h2>\n<p>At the RSA conference earlier this month Jameeka Aaron, chief information security officer of customer identity at Okta, explained to TechRepublic that the company\u2019s strategic position in the identity ecosystem is to be platform agnostic and a silent partner. \u201cOne of the biggest you\u2019ve never seen.\u201d<\/p>\n<p>Aaron said Okta\u2019s larger strategy is platform agnostic, with a partnership focus on identity management.<\/p>\n<p>\u201cWe want to make it really easy to connect your applications to Okta, so our neutrality is one of our biggest superpowers,\u201d Aaron said.<\/p>\n<p>\u201cI came from the retail and manufacturing space, and one thing we always knew is that the customer decides. What we are trying to do is allow businesses, our customers, to decide what tools they want and deploy them,\u201d she added. \u201cSo, for example, if you use [Cisco\u2019s] Duo, you can also use Okta for single sign-on, enabling one login to access many applications. And, if, say, 1Password is your password vault, you can plug that into Okta as well.<\/p>\n<p>\u201cWe think of other companies in the identity space as partners, so we remain platform-agnostic as much as we can, so the choice is still with the company.\u201d<\/p>\n<p><strong>SEE:<\/strong> Passwords are a <a href=\"https:\/\/www.techrepublic.com\/article\/world-password-day-not-for-long\/\">thing of the past<\/a> \u2026 almost (TechRepublic)<\/p>\n<h2 id=\"friction\">Finding the Goldilocks zone for security friction<\/h2>\n<p>According to Okta, the Security Center interface allows for fine-tuning of an enterprise\u2019s attack protection strategy by showing how multifactor authentication, rate limiting and CAPTCHA affect their applications.<\/p>\n<p>Hassard said data on customer engagement with sign-on interfaces is an important customer retention insight that allows identity management teams to tweak security friction without compromising protections against identity exploits.<\/p>\n<p>\u201cBeing able to provide those insights in real time has a lot of value,\u201d said Hassard. \u201cFor example, if you\u2019re a bank and you\u2019re using our platform, you may well increase security friction because your customers appreciate the importance of security for preventing fraud.<\/p>\n<p>\u201cBut if you\u2019re buying something at a retail app that you can purchase from five other apps, you are going to pick the one that has the best UX, so that app may want to dial back friction toward convenience.\u201d<\/p>\n<p>A 2023 <a href=\"https:\/\/baymard.com\/lists\/cart-abandonment-rate\" target=\"_blank\" rel=\"noopener noreferrer\">study by the Baymard Institute<\/a>, reporting an average 69.99% shopping cart abandonment rate derived from 48 e-commerce studies, said 17% of those abandonments were due to an overly complicated, lengthy checkout process.<\/p>\n<p>Hassard said with the unique nature of end-user identity and the variable nature of its challenges \u2014 depending on the user, the market, the type of application customers are running \u2014 there is no one-stop-shop in the conventional tools domain for visualizing customer identity.<\/p>\n<p>\u201cIt\u2019s too niche of a problem space for most of those players,\u201d said Hassard. \u201cSo, that\u2019s where we\u2019re coming in and saying, \u2018Look, we\u2019re going to give you the insights that we think are necessary to understand what an attack looks like.&#8217;\u201d<\/p>\n<h2 id=\"auth0\">Auth0 for workforce identity<\/h2>\n<p>Aaron said that, on the workforce side of the business, Okta will release an Auth0-powered tool for its ThreatInsight workforce identity service, offering a longitudinal view of threat surfaces associated with identity access management.<\/p>\n<p>\u201cThreatInsight will essentially give customers the risk signals that we see and use, which helps them make critical decisions,\u201d said Aaron.<\/p>\n<p> <!-- default newsletter at the end --> <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Image: Timon\/Adobe Stock Since acquiring the application team platform Auth0 in 2001, identity management company Okta has pursued a platform-neutral strategy for both internal and external consumer identity authentication that includes delivering insights to IT teams overseeing security and identity-based access protocols. The 14-year-old company and single sign-on market share leader announced this month that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":92019,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40,783,56,287],"tags":[],"class_list":["post-92018","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-cloudsync","category-cybersecurity","category-security"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92018","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=92018"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/92018\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/92019"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=92018"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=92018"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=92018"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}