Okta Customer Identity Cloud transforms security into a business enabler

Challenges

  • Siloed security efforts from the broader organization
  • Largely manual compliance and governance capabilities
  • Asset tracking and monitoring across software development lifecycle
  • Disparate monitoring and reporting tools across cloud environments

Results

  • Partnership across the organization to make security a business enabler to overall company goals
  • Automated evidence collection and monitoring that detects changes and builds compliance controls into the platform code
  • SBOM-level visibility into the security health and relationships of cloud assets at each stage of the development pipeline
  • Unified cyber insights across assets, vulnerabilities, configurations, and more that streamline reporting and risk assessment activities
  • Partnership between Okta CIC and JupiterOne that continuously supports cross-company innovation

Identity is an integral part of life. We use it to apply for jobs, manage finances, find housing, travel, and form meaningful relationships. Now, it’s even identified as critical infrastructure in some contexts.

The Okta Customer Identity Cloud (CIC), powered by Auth0, harnesses identity and access management (IAM), streamlined customer logins, and customer data to tackle fraud and security threats for consumer and SaaS apps.

Jameeka Green Aaron, CISO at Okta CIC, and her team are on a mission to protect what is most important to people – their identity. To that end, Jameeka has made herself a true partner to the business by embracing the principles of security-by-design. Working hand-in-hand with the Chief Product Officer and the Chief Technical Officer, security has been organized to work like any other engineering team, building security into each step of the software development lifecycle and increasing the pace of innovation, allowing Okta to better protect people’s identities.

“My goal as CISO is to be a business enabler. This is particularly true at a tech company, but I believe anywhere you work you should be thinking about how to be a partner to the business.”

Jameeka Green Aaron
CISO at Okta CIC

Establishing security as a true business partner

At Okta CIC, there is a strong partnership between security, engineering, and product teams. In order to engage with larger enterprise customers and higher trust sectors, CIC understood they needed to embed security into the build pipeline. It was more than just a security initiative – it fueled overall organizational growth. They needed a solution for security automation to multiply the team’s capabilities and improve agility.

By using JupiterOne to automatically map new assets and continuously monitor against their security controls, Okta CIC cut down on manual operations and upgrades with infrastructure-as-code, access controls for root CSP accounts and production, and more. They were even able to reduce the time it took to create a new customer environment from weeks – or for multi or public cloud customers, months – down to a few hours with a single command.

Jameeka states that the possibility and success of her security-by-design initiative comes from the business’ “openness to working together.” Disparate tooling across AWS and Azure environments could potentially cause gaps in visibility and difficulty drawing accurate, informed conclusions about their overall security posture. But with JupiterOne, the team could illuminate blind spots, create software bills of materials (SBOMs), and assess risk with the relevant business context.

“Initially, JupiterOne was just our asset management platform. But, there’s so much more to it. Any time you have data in the platform, JupiterOne is constantly and automatically connecting it to other data. That’s where the power comes in. We’ve been able to offload a lot of our work because of it.”

Becki True
Manager, Security Engineering at Okta CIC

Key Integrations

No items found.

Security-by-design, compliance-by-design, and beyond

The security-by-design approach enables Okta CIC to support a level of security review at each step in the software lifecycle, including threat models in early stages, design reviews, security monitoring, and even continuous monitoring after code is shipped. When a bug is found, software isn’t simply patched with a temporary solution – it is rebuilt and redeployed, every time. Manually verifying security for every single build or pull request is impossible, which is where JupiterOne’s automated asset management, vulnerability insights, and compliance insights capabilities step up.

On the compliance team, the majority of time was spent manually performing account scoping, access management and securing cloud assets to meet compliance requirements, including manual evidence collection. JupiterOne helped power Okta CIC’s compliance-by-design approach by automating evidence collection and alerting on changes that resulted in violations. JupiterOne’s automation allows the team to focus on prioritizing and remediating findings and implementing proactive controls.

The “by-design” approach has become core to Okta CIC, but Jameeka isn’t stopping there. The team is now actively looking at other opportunities to implement improvements and develop partnerships, such as privacy-by-design to protect customer information and privacy in their applications.

“When we track cyber assets, this includes assets across the entire software development pipeline and every infrastructure partner. JupiterOne helps us keep track of every asset in the cloud and alerts us when there are changes so we can assess those changes.”

Jameeka Green Aaron
CISO at Okta CIC

Relationships matter

It’s not just great technology that makes JupiterOne a valuable partner. The JupiterOne culture also sold Okta CIC on the partnership, and this relationship continues to drive JupiterOne as an integral part of Okta’s by-design programs.

Because Okta CIC supports identity and access verification for other organizations to stay secure, it’s imperative that their platform demonstrates a high level of security and risk management. This concept stands at the forefront of the JupiterOne relationship and drives strategy from basic security hygiene to discovery of new use cases and by-design initiatives.

“One of the things that really made me throw my support behind the decision to work with JupiterOne is the connection my team has to the JupiterOne team. JupiterOne is willing to go with us where we’re trying to go. That’s not just technical expertise, that’s culture.”

Jameeka Green Aaron
CISO at Okta CIC

About

Okta is a management platform that secures critical resources from cloud to ground for workforce and customers.

Industries

Identity Management
CRM
Enterprise Software
IT Infrastructure

Employees

5,001-10,000

Headquarters

San Francisco, CA
Okta Customer Identity Cloud transforms security into a business enabler
Download PDF

Keep Reading

Case Study
An American Financial Services Company achieves actionability across vulnerabilities and assets with JupiterOne

An American financial services company achieves collaborative vulnerability management and asset management that actually works, using a risk-based approach to managing its asset ecosystem with a centralized view of its environment.

Case Study
Mercury Financial tackles complexity with a single source of truth

Mercury Financial established complete cyber asset visibility across 130 integrations within one week.

Case Study
Indeed securely transitions to AWS with JupiterOne

With JupiterOne, Indeed gained a holistic view of all its asset relationships and attack surface alongside a broad cloud migration.