Like one domino falling into the next, a system breach at a third-party OKTA support provider can inevitably impact 15,000 organizations using OKTA's identity and access management services. And the weight of the impact is potentially massive.
And if seeing OKTA profiled in the media regarding a security concern wasn’t enough, Microsoft stands by their side by investigating such a breach. A recent blog post of the tech giant confirms suspected intentions of a breach of this nature are motivated by malicious plans to extort data and credentials, potentially for financial collateral. The software leader’s blog stated:
“Microsoft Threat Intelligence Center (MSTIC) assesses that the objective of DEV-0537 is to gain elevated access through stolen credentials that enable data theft and destructive attacks against a targeted organization, often resulting in extortion. Tactics and objectives indicate this is a cybercriminal actor motivated by theft and destruction.”
We can undoubtedly say that IAM systems are mission-critical assets in the enterprise and are a lynchpin to operational business continuity.
Look further down the line of dominos to the employees inside those 15,000 organizations, who are daily active users of SaaS such as Salesforce, Dropbox, Email, Slack, and logging in using OKTA services. And then to the OKTA admins managing the configurations between OKTA and every one of those SaaS solutions. If all that is compromised, there could be a severely profound impact on organizational security, impacting the business-as-usual workflow and the safety of that business' customers.
The question now is, how can these 15,000 organizations safeguard themselves against the domino effect? If a breach happens, they need to have a resiliency plan locked and loaded, ensuring their recovery uptime is hours instead of days.
Fact: In 2021, OKTA research indicated an estimated 50 billion paying digital identities in enterprises worldwide, which showed the average OKTA customer using 155 applications annually, based on numbers evaluated over four years. With app usage of that volume, user account configurations soar to roughly hundreds of thousands of configurations that IT managers must secure in a single organization. As a result, thousands of possibilities manifest for any one of the configured accounts to become the domino that topples the whole system—the single point of failure that will compromise the entire IT network and cloud infrastructure security. Hackers don't hack into systems; they simply log in where vulnerabilities make it most accessible. Organizations with robust cloud infrastructure and a high volume of app users have adopted access control management systems like OKTA to keep Identity Access Management easily under control - but that does not mean it's secured by default.
The fine print: no one told you that digital identity cyber resilience meant taking responsibility to secure mission-critical assets with an IAM backup and recovery solution
What about that teeny tiny bit of fine print that most IT teams don't usually catch, indicating that solutions like OKTA don't generally come with an adequate built-in recovery solution, and certainly not with backup and recovery tools? And all those scurrying mission-critical assets, busily supporting progress for users in diverse departments stored in those 155 applications, and ultimately creating the building blocks for overall business continuity? What happens when any one of the admin digital identities that are the gateway to developing, using, and accessing these mission-critical assets is compromised? In the simplest terms, all hell can break loose, and this could be putting things lightly with breaches that can bring whole OKTA systems to lockout and takeover of all enterprise app accounts. Welcome the unpleasantries of total operational downtime, including breach of privacy and accompanying fines, profit loss, brand damage, and sensitive and vital data leak. Not to mention entire businesses held hostage for the release of data and account access with the stealthy bribery of hackers that install ransomware or inject a bug into a solution that will topple even more dominos into a supply chain attack.
Jumping back to the impetus of this article: on March 22, 2022, OKTA indicated the software provider was mid-investigation of a potential breach. Sources suggest that internal OKTA admin console screenshots were found circulating on the dark web.
Sources from a few years ago indicate that account takeover costs $12.5 billion globally to businesses. How did enterprises in all corners of the world manage to generate such massive and painfully taxing overhead? Cloud vendors are not legally obligated to protect cloud data with the Shared Responsibility Model?
And, when ransomware attacks and account takeovers are increasing by the millisecond, data stored in the cloud presents ever-growing risks to the IT infrastructure security, and companies adopting these solutions must take responsibility.
A solution designed to protect mission-critical assets and enforce cyber resilience
The current tech market has limited solutions developed to backup and restore primary OKTA system data and certainly lacks tools that recreate Identity Access Management configurations within just a few hours following a breach.
The solution should be based on developing a Digital Identity Resilience so organizations can regain control in hours versus weeks of a breach, allowing the enterprise to maintain service levels and compliance requirements while reducing downtime costs with strategic, seamless, and ongoing IAM data backup and recovery abilities.
This is done by connecting to the customer's OKTA instance, importing data to a secure location while archiving every change. The granularity allows organizations to recover their data in mere hours. Compare this to the alternative, where one oversight, human error, or breach can lead to the shutdown of a system and impede operations for days, weeks, or even months in severe cases.
Global IT Manager at Monday.com, Lior Zagury, shared his thoughts saying, "Most organizations think they are protected once everything is on the cloud– that if a cyber, ransomware, malware attack, or even a misconfiguration was to happen, you would have the ability [from your SaaS provider] to recover. This is a misconception. You can only trust yourself and your organization. You need a backup on your side to maintain control of your organization's critical data. This becomes even more important for public companies. Compliance certificates like SOX and ISO require a backup tenant for significant and critical assets like OKTA. Because if OKTA is compromised, it can cause massive damage. That is why having a backup and recovery ability is so vital."
What would these proactive measures mean for business operations? It means business operations will be impervious to the domino effect. When the stakes are high, organizations can rest assured that they will bounce back, land on their feet, and be back to business-as-usual in no time.
Organizations will have peace of mind knowing their OKTA identity infrastructure and configurations are safely backed up and easily recoverable. With a seamless API connection, continuous import of data, secure storage, and every IAM change archived, Digital Identity Resilience solutions are the ideal solution to maintain, providing end-to-end protection for mission-critical assets.
Written by Muli Motola, co-founder, and CEO of accSenSe.