Five Nines Newsletter - Volume 23
Hey there ??,
In this edition of the Five Nines Newsletter, we're exploring the latest IAM news from Oktane -from the new IPSIE standard to the finalist of Okta's inaugural SaaS startup competition.?
We're also exploring the crucial role of IAM in an organization's cybersecurity plan as well as emerging cyber threats. Lastly, we've rounded up the latest news, podcasts, and webinars to ensure you stay up to date on all things IAM.?
?We hope you enjoy and, as always, stay resilient. ??
Trending IAM News: ??
Service Desks: The New Frontier In Social Engineering Attacks
Threat actors are targeting front-line support staff to gain unauthorized access to critical systems and sensitive data. A notable example, cited by the U.S. Department of Health, involved an attacker successfully enrolling a new device in MFA by providing sensitive information (likely gained from data breaches or public sources) to a front desk employee. Once enrolled in MFA, the threat actor established unauthorized access to payer websites and initiated fraudulent fund transfers. This incident and others highlight the vulnerabilities in knowledge-based authentication (KBA) and multi-factor authentication (MFA) systems. Such incidents underscore the need for more robust authentication methods, with identity-based authentication emerging as a promising alternative. The U.S. government has already established standards for identity proofing through NIST Special Publication 800-63A. This publication outlines three levels of identity assurance based on organizational sensitivity, with a fourth level in development.
Half of Organizations Have Unmanaged Long-Lived Cloud Credentials
Long-lived credentials—authentication keys or tokens with extended or no expiration period? — are a leading cause of cloud breaches. These credentials provide hackers with plenty of time to attempt to compromise the credentials. A recent Datadog report highlights just how widespread these credentials are across major cloud providers, including Google Cloud, Amazon Web Services (AWS), and Microsoft Entra. Shockingly, 60% of Google Cloud service accounts and AWS IAM users have access keys that are over a year old. Andrew Krug, Head of Security Advocacy at Datadog, advises organizations to adopt modern authentication methods, use short-lived credentials, and closely monitor API changes to reduce risks. Alongside the issue of long-lived credentials, the Data Dog report also highlights the prevalence of risky cloud permissions. For instance, one-third of Google Cloud VMs have sensitive project permissions, which could allow hackers to steal credentials or infiltrate the cloud environment. On a positive note, cloud guardrail adoption is increasing, though much of this growth stems from providers enabling guardrails by default rather than customers taking proactive measures.
#CyberMonth: The Importance of Identity and Access Management in Safeguarding Your Enterprise
October is CyberMonth, making it the perfect time to analyze all things cybersecurity, such as Identity and Access Management's (IAM) role in the fight against cyber threats. Gartner has identified IAM as a top cybersecurity trend for 2024, emphasizing the need for evolved practices that focus on fundamental hygiene and system hardening. Gartner also predicts the scope of IAM will increase, with 25% of IAM leaders balancing cybersecurity and business outcomes by 2026. Within the realm of IAM, Gartner highlights a few tools and strategies such as privileged access management, evolving IAM architecture, IAm program management, and GenAI in IAM. Gartner predicts that 35% of organizations will incorporate GenAI into their identity fabric functions by 2025. Despite these advancements, challenges persist, such as the proliferation of privileges and the potential for human error in using permissions. As IAM continues to evolve, leaders must adapt to new technologies and strategies to effectively manage identities across increasingly complex cloud and hybrid environments.
Permiso State of Identity Security 2024: A Shake-up in Identity Security Is Looming Large
Identity security has become a pressing concern following recent breaches at major companies like Microsoft and Okta. A Permiso Security report reveals that while 93% of organizations can inventory identities across environments, 45% remain worried about their tools' effectiveness against identity attacks. Despite high confidence levels, nearly half of the surveyed organizations experienced an identity security incident last year, primarily due to impersonation attacks targeting sensitive data. Human identities are seen as the most vulnerable, highlighting the need for a shift from traditional access provisioning to a more comprehensive strategy that addresses the complexities of hybrid and multi-cloud environments.
Okta’s new security standard to be adopted by Google, Microsoft
At Oktane, Okta unveiled the Interoperability Profile for Secure Identity in the Enterprise (IPSIE). This framework is an open-source identity security standard designed to enhance "end-to-end security" for SaaS-based identities. It will be adopted by such major tech players as Microsoft, Google, and Ping Identity. IPSIE aims to strengthen existing security controls such as single sign-on, lifecycle management, and risk signal sharing, while also providing added visibility across identity threat surfaces. To facilitate adoption, Okta has developed over 125 integrations with popular enterprise applications. Additionally, Okta announced Extended Device SSO, set to launch in Q1 2025, which will reduce multi-factor authentication challenges to once per device login, simplifying user experience.
Trending Okta News: ??
Okta Classic Could be Vulnerable to Sign-On Bypass Flaw
Earlier this month, a vulnerability in Okta Classic was discovered, potentially allowing attackers with valid credentials, application-specific sign-on policies, and "unknown" user agents to access applications without proper authorization. Okta advises all Okta Classic users to review their System Logs from July 17 to October 4 for signs of exploitation. Indicators include failed authentication attempts followed by successful ones, as well as any unusual or suspicious activity. Okta also recommends checking applications that use non-customer-configurable policy rules, like Microsoft Office 365. In light of this resolved vulnerability, Okta recommends users strengthen account defenses and tighten authentication requirements for sign-on policies in Okta Classic.
Okta Announces Finalists for SaaS Startup Competition to Build Identity Security Applications
The finalists for Okta’s inaugural SaaS Startup Competition have been announced! These finalists include Block Party, RunReveal, and Validia. Block Party offers a one-click solution for deep cleaning social media, settings, and notifications. RunReveal is rethinking SIEM and developing a new solution "from the ground up". Validia focuses on protecting workforces from AI-related threats in real-time. These innovative solutions were presented at Oktane24. According to Okta Ventures’ Senior Director, “This competition reflects Okta’s dedication to driving innovation in identity and access management. The finalists have demonstrated remarkable creativity and technical expertise in developing identity-enabled applications.”
Oktane 2024: Okta bets big on AI and security industry collaboration
In addition to Okta's IPSIE announcement, the organization's annual Oktan conference in Las Vegas featured several other significant announcements aimed at reshaping the identity management landscape. Okta also unveiled AI-focused updates to its Customer Identity Cloud, integrating with popular AI frameworks to enhance security and performance for automated tasks. Additionally, Okta announced new features for its Workforce Identity Cloud (WIC) platform, focusing on device security and management to address gaps in SaaS vendor data transfer across various security protocols. In addition to these advancements, Okta also shared solutions for addressing the shortcomings of MFA and methods for taking a proactive stance against threat actors.
Podcasts ???
#312 - Authenticate 2024 - Kim Cameron Award Winner Grace?
This episode of The Identity at the Center Podcast kicks off with hosts Jeff and Jim McDonald broadcasting from San Diego at the Authenticate 2024 conference. The episode features Grace Klutke , the Kim Cameron Award winner, discussing her transition from law to digital identity. Additionally, Ian Glazer and Arynn Crow from the Digital Identity Advancement Foundation (DIAF) share insights on the organization's mission, mentorship programs, and legacy awards. The discussion covers interdisciplinary approaches to digital identity, AI's role, data governance, and the unique culture of the digital identity community, while also touching on lighter topics like conference experiences and industry swag.
Quantum Realities: The Rise of Next-Gen Computing with Karl Holmsqvist
This episode of the Identity Jedi Show features an in-depth discussion on quantum computing with guest Karl Holmqvist, a computer science expert. The conversation covers the origins, potential, and implications of quantum computing, including its revolutionary impact on technology and the challenges it poses to current encryption methods. Host David Lee and co-host Samir explore the evolution of computing, applications of quantum-resilient algorithms, and practical steps organizations can take to prepare for a quantum future. This episode offers valuable insights for tech enthusiasts and security professionals, highlighting both the opportunities and threats associated with this emerging technology.
Acsense Blog ??
Unpacking IPSIE: How Okta is Redefining Identity Security for Enterprises
Okta's new Identity Security Standard (IPSIE) is revolutionizing enterprise digital identity protection by creating a unified security framework for applications, resources, and workloads. Developed with the OpenID Foundation, IPSIE integrates advanced security features into cloud applications from inception. Complementing this, Acsense enhances IAM system resilience by offering continuous backups, one-click recovery, and seamless disaster recovery for Okta environments. This combination of Okta's identity security innovations and Acsense's IAM resilience solutions provides organizations with comprehensive protection against disruptions and ensures business continuity in the face of evolving cyber threats.
领英推荐
Acsense On Demand ??
Achieving Resilient Business Operations with Okta & Acsense
In this exclusive Acsense on Demand webinar we explore how to achieve uninterrupted business operations using Okta and Acsense . Tailored for IT managers, CSOs, security professionals, and business continuity planners, this session features Aakash Chandhoke from Okta and Muli Motola from Acsense. They delve into building resilient Okta deployments, discussing Okta's approach to identity security, disaster recovery options, and how Acsense complements Okta's approach with critical capabilities. Real-world cyber attack scenarios and the importance of IAM resilience are examined, showcasing how Acsense's solutions protect Okta tenants, ensure compliance, and maintain business continuity. Don't miss this opportunity to enhance your identity security and disaster recovery strategies, and learn about Acsense's exclusive Recycle Bin promotion for webinar viewers.
Events ??
Gartner Identity & Access Management Summit
The Gartner Identity and Access Management Summit 2024 is scheduled for December 9-10 in Grapevine Texas. This event is the go-to conference for IAM and security leaders looking to protect digital identities and boost business agility. Conference attendees will learn about practical insights and cutting-edge research to help tackle today’s security challenges while integrating cool tech like generative AI and cloud solutions. Connect with industry experts, share ideas, and discover how to streamline your IAM strategies to keep your organization secure and ready for whatever comes next!
?? When: December 9-10
?? Where: Grapevine, TX
Oktane on the Road
If you missed Oktane (or just didn’t get enough), there is still a chance to experience this event. Oktan is hitting the road for Oktane events in New York City, Boston, DMV, Atlanta, Seattle, Mexico City, Sydney, Melbourne, Chicago, S?o Paulo, Singapore, and Toronto. These events provide attendees with the opportunity to meet Okta experts, connect with peers, and explore unique venues in each city.?
?? When: Date varies by location
?? Where: Various
Company Corner ??
Your Okta Tenant Just got More Resilient
At Oktane, MightyID unveiled new features for Okta backup and recovery, addressing critical gaps in identity management resilience. One of the new features was Okta Workflow backup and recovery. This feature is a significant advancement given the lack of API support for Okta Workflows, making it challenging for customers to backup these essential components. Additionally, MightyID showcased attribute-level restores, allowing for granular recovery of specific user information fields. These new capabilities complement MightyID's existing suite of solutions, including continuous backups for point-in-time restores, Change360 for cybersecurity investigations, and migration tools supporting transitions between identity providers like PingOne and Okta.
Stolen Access Tokens Lead to New Internet Archive Breach
Hours after recovering from a series of cyber-attacks, the Internet Archive faced new security challenges. Users reported receiving an email, seemingly from the Internet Archive Team, containing a stolen access token for their Zendesk account. The email claimed the organization failed to rotate exposed API keys from their GitLab secrets, potentially compromising over 800,000 support tickets.? The breach reportedly originated from an exposed GitLab configuration file on a development server, allowing the attacker to download source code containing API tokens. Security experts suggest this indicates persistent unauthorized access, highlighting the importance of thorough post-attack audits.
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft has implemented an innovative deception strategy to combat phishing attacks by creating realistic honeypot tenants with Azure access. This tactic, revealed by Ross Bevington, Microsoft's "Head of Deception," at the BSides Exeter conference, involves actively feeding credentials from these fake tenants to identified phishing sites. The approach allows Microsoft to collect valuable threat intelligence, including attacker tactics, techniques, and procedures. By monitoring roughly 25,000 phishing sites daily and populating about 20% with honeypot credentials, Microsoft gathers data on IP addresses, browsers, locations, and phishing kits used by attackers. This deception network, creating around two tenants per month with 20,000 user accounts each, has contributed to over 40,000 malicious connections and significantly improved Microsoft's ability to detect and prevent email-based threats.
Amazon says 175 million customers now use passkeys to log in
Amazon has reported significant adoption of passkeys, with over 175 million customers enabling this feature since its rollout a year ago. The company highlighted that passkeys allow users to sign in six times faster than traditional methods, enhancing the convenience of passwordless authentication. Passkeys are digital credentials linked to biometric controls or PINs, utilizing cryptographic keys for secure logins. While Amazon has successfully integrated passkeys across its services, including AWS and Audible, the recent FIDO alliance announcement aims to make these credentials portable across different password managers and platforms, addressing a key limitation of current passkey technology.
Marriott settles with FTC, to pay $52 million over data breaches
Marriott International and its subsidiary Starwood Hotels have agreed to a $52 million settlement and the implementation of a comprehensive information security program following data breaches that affected over 344 million customers. The settlement requires Marriott to enhance its security measures and allow U.S. customers to request personal data deletions. The breaches which occurred between 2014 and 2018, exposed customer information such as payment card data and passport numbers. Some of the breaches were not detected until years after the initial incident. As part of the agreement, Marriott must establish a robust security program, undergo regular third-party assessments, limit data retention, and provide customers with options to review unauthorized activity and restore stolen loyalty points.?
Meme Of The Month ??
Thank You For Reading!
We hope you enjoyed this edition of the Five Nines newsletter!
Share with colleagues or follow us on LinkedIn for more IAM resilient insights and trends.
About Acsense:
Hailing out of Tel Aviv, Israel, the team at acsense, former EMC veterans have been exposed to the most challenging IT and security ecosystems in the world.
Our mission is to help security and risk management leaders eliminate IAM as a single point of failure from threats like ransomware, insider threats and misconfigurations caused by human error. We deliver a state-of-the-art platform for access and business continuity, serving both workforce and customer IAM needs with one seamless solution.
Our platform features one-click recovery, constant data verification, periodic testing, and the ability to identify changes between Points in Time, making your IAM system resilient.
Acsense is backed by Joule Ventures, Gefen Capital, Fusion and independent investors.
To learn more, click here to visit our site.