Why Ownership Questions Reveal Governance Gaps Sarah was preparing documentation for an upcoming compliance review…
Your identity management platform may be at risk, whether your organization is big or small
It was an eye opener to find out the security of the world’s most critical companies is more fragile than we thought due to the breach of a widely used identity management platform.
Just recently there was a potential breach of extensive source code of a big and secure organization like Microsoft -Bing search engine (Bing Maps and Cortana virtual assistant software) and Twitter meltdown in 2020’s where attackers included 17-year-old Minecraft scammer taking over an administrative account. However, this case is even more alarming and really, really bad…according to WIRED “Lapsus$ Extortion Group Claims Okta Hack, Microsoft Source Code Leak“.
On Monday, March 21st, a recently emerged hacking group by the name of Lapsus$ Gang claimed that it took control of an Okta administrative or “super user” account on January 21. It shared an online screenshot to back up its claim.
Established in 2009, Okta is an independent provider of an identity management platform. The Okta Identity Cloud is intended all organizations to both secure and manage their extended enterprise and used by thousands of large organizations to log in without juggling a dozen passwords.
The company’s stock price fell by 6 percent on Tuesday morning following the news. Lapsus$ has been stealing source code and valuable data from prominent companies like Nvidia, Samsung and Ubisoft.
Now for your reality check.
Is your organization’s identity management platform secure enough?
What can we learn from this incident?
- Establish strict access controls
- Establish multiple layers of security
- Do not let your system administrator’s access get compromised
How can RegDOX help with above areas and beyond?
End-to-End Protection
- Two-factor authentication and access permission
- Document and Email encryption
- Traceable delivery of documents
Collaboration with External parties
- Collaboration Center provides direct access to messages, tasks, and other items
- Integrated publishing allows approval and publishing of documents
Compliant with government regulations
- Secure Document viewer eliminates the risk of unauthorized downloads
- Operator shielding protects access by internal and external IT administrators
- Integrated two-person approval process
- Tamper-Proof Audit Trail allows time-stamped and recorded trail
- Watermarks provides additional protection against unauthorized forwarding
- Brainmark Management simplifies a secure distribution of Brainmark documents
If the features above had been implemented, Okta’s administrative access would not have been compromised. In addition, Okta’s reputation would not have been hurt so badly with lost trust in the company, which is supposed to be ‘secure’ platform.
Click to rate this post!
[Total: 0 Average: 0]

This Post Has 0 Comments