Okta Customer Identity Cloud transforms security into a business enabler

Identity is an integral part of life. We use it to apply for jobs, manage finances, find housing, travel, and form meaningful relationships. Now, it’s even identified as critical infrastructure in some contexts.

‍The Okta Customer Identity Cloud (CIC), powered by Auth0, harnesses identity and access management (IAM), streamlined customer logins, and customer data to tackle fraud and security threats for consumer and SaaS apps.

‍‍Jameeka Green Aaron, CISO at Okta CIC, and her team are on a mission to protect what is most important to people – their identity. To that end, Jameeka has made herself a true partner to the business by embracing the principles of security-by-design. Working hand-in-hand with the Chief Product Officer and the Chief Technical Officer, security has been organized to work like any other engineering team, building security into each step of the software development lifecycle and increasing the pace of innovation, allowing Okta to better protect people’s identities.

Establishing security as a true business partner

At Okta CIC, there is a strong partnership between security, engineering, and product teams. In order to engage with larger enterprise customers and higher trust sectors, CIC understood they needed to embed security into the build pipeline. It was more than just a security initiative – it fueled overall organizational growth. They needed a solution for security automation to multiply the team’s capabilities and improve agility.

By using JupiterOne to automatically map new assets and continuously monitor against their security controls, Okta CIC cut down on manual operations and upgrades with infrastructure-as-code, access controls for root CSP accounts and production, and more. They were even able to reduce the time it took to create a new customer environment from weeks – or for multi or public cloud customers, months – down to a few hours with a single command.

Jameeka states that the possibility and success of her security-by-design initiative comes from the business’ “openness to working together.” Disparate tooling across AWS and Azure environments could potentially cause gaps in visibility and difficulty drawing accurate, informed conclusions about their overall security posture. But with JupiterOne, the team could illuminate blind spots, create software bills of materials (SBOMs), and assess risk with the relevant business context.

Security-by-design, compliance-by-design, and beyond

The security-by-design approach enables Okta CIC to support a level of security review at each step in the software lifecycle, including threat models in early stages, design reviews, security monitoring, and even continuous monitoring after code is shipped. When a bug is found, software isn’t simply patched with a temporary solution – it is rebuilt and redeployed, every time. Manually verifying security for every single build or pull request is impossible, which is where JupiterOne’s automated asset management, vulnerability insights, and compliance insights capabilities step up.

On the compliance team, the majority of time was spent manually performing account scoping, access management and securing cloud assets to meet compliance requirements, including manual evidence collection. JupiterOne helped power Okta CIC’s compliance-by-design approach by automating evidence collection and alerting on changes that resulted in violations. JupiterOne’s automation allows the team to focus on prioritizing and remediating findings and implementing proactive controls.

The “by-design” approach has become core to Okta CIC, but Jameeka isn’t stopping there. The team is now actively looking at other opportunities to implement improvements and develop partnerships, such as privacy-by-design to protect customer information and privacy in their applications.

Relationships matter

It’s not just great technology that makes JupiterOne a valuable partner. The JupiterOne culture also sold Okta CIC on the partnership, and this relationship continues to drive JupiterOne as an integral part of Okta’s by-design programs.

Because Okta CIC supports identity and access verification for other organizations to stay secure, it’s imperative that their platform demonstrates a high level of security and risk management. This concept stands at the forefront of the JupiterOne relationship and drives strategy from basic security hygiene to discovery of new use cases and by-design initiatives.