Oktane 2024 arrived as security professionals found themselves facing a number of pressing issues. Over the course of the conference, Okta executives sat down with the CyberRisk TV team to discuss what they see as some of the biggest issues and what possible solutions might be on offer.
Building a security culture
For Charlotte Wylie, deputy CISO at Okta, helping companies change their security culture and posture is a key part of Okta’s strategy, and the company is not afraid to put itself forward as an example to customers and partners.
“It has been a huge part of the fabric that we’ve built into our security program at Okta,” Wylie said, noting that in Okta’s case, responsibility for security runs to the highest levels of the corporate structure. “It starts at the top -- getting the executives to be your biggest advocates with the rest of the organization about why your security program is of importance.”
Shoring up SaaS apps
Other Okta execs spoke on the need to arrive at a standard for identity security, particularly in regard to SaaS applications. Arnab Bose, Chief Product Officer, Workforce Identity Cloud, told CRA that with companies often running hundreds or thousands of different apps and services at any given time, getting vendors on the same page in regards to handling and securing identity information is paramount.
“If you take a look at the identity security capability built into these applications that are in use, a lot of them support single sign-on,” explained Bose, “but few of them support capabilities like provisioning which would help ensure that the right person gets the right level of access, and even fewer of them support sharing risk signals so in case there is something risky that happens inside an application, other applications can take action.”
Targeting the skills gap
One area where executives saw cause for concern is a widening skills gap between what many budding security professionals are equipped to handle and what the reality of the enterprise cybersecurity market really is.
Erin Baudo Felter, Okta VP for Social Impact & Sustainability, says that SMBs and non-profit groups are particularly at risk due to their limited size and resources when it comes to data and network security.
“They are so much more vulnerable to threats for a variety of factors including resource gaps, skills gaps, and knowledge gaps,” she said.