A new standard for Identity security in SaaS
Welcome to our latest edition of Access Granted Newsletter, our monthly roundup of Identity and security news.?
Today’s topic > A new standard for Identity security in SaaS. At Oktane 2024, Okta announced the formation of a new working group within the OpenID Foundation that aims to create the first open-source Identity security standard for Software-as-a-Service (SaaS) providers. Interoperability Profile for Secure Identity in the Enterprise, or IPSIE, will standardize Identity security across the industry. Here, we’ll explore why this matters and what you should know.??
The need for Identity security. Identity-related attacks are up 180% in the past year — over 80% of data breaches now involve compromised Identity. The rise of cloud computing, SaaS, and remote work have forced attackers to adapt, and Identity is their new target. In a recent Fortune article, Okta CEO and Co-Founder Todd McKinnon shared, “Identity is the gateway to all types of technology environments — cloud, on-premises, mobile — you name it. This makes it a perfect target for bad actors looking to break in and cause harm.”
The challenge with fragmentation. Businesses use hundreds — to thousands — of cloud apps, and these apps use many different Identity solutions with a range of security capabilities. The lack of unified structure means apps are harder to integrate, and users may need separate login credentials for each vendor. This makes Identity threats harder to detect and respond to, and increases your organization’s exposure to potential phishing attacks.?
Lack of standardization. Without a unifying industry standard for Identity security that provides full visibility into every part of the technology stack, organizations remain vulnerable. Every SaaS app should speak a common language in order to foster an open ecosystem where enterprise apps are secure by default.
领英推荐
A new standard. IPSIE will be the first unified Identity security standard for enterprise applications, resources, and workloads. The new framework will bring together new and existing standards to cover a wide range of use cases like SSO, risk signal sharing, and session termination. Okta CEO and Co-Founder Todd McKinnon said, “Our goal with IPSIE is to standardize Identity security and help foster an open ecosystem where building and using enterprise applications that are secure by default is easy for everyone.”
How developers can prepare. SaaS developers get customer requests for all types of Identity-related integrations. The standardized guidance set forth by IPSIE will help developers avoid duplicating efforts and stay up to date with the latest security protocols and Identity standards. Learn more about how developers can get their apps IPSIE-ready using Auth0 tools in this developer quickstart guide.?
The bottom line. Reducing data breaches is a lofty goal, and one that will require a cross-industry effort. IPSIE is a step in the right direction — and the proposed protocols are being supported by Microsoft, Google, Ping Identity, BeyondIdentity, and others. Learn more about IPSIE and the future of Identity security.?
This newsletter was curated by Camille Rasmussen , Managing Editor at Okta .
Global Business Growth Strategist | Diverse Industry Expertise & Cross-Cultural Leadership
4 周This is a significant step forward for the industry! Standardizing Identity security with IPSIE has the potential to reduce fragmentation and help SaaS providers implement more consistent, robust security measures. It’s encouraging to see leaders like Okta, Microsoft, and Google collaborating on this initiative to make enterprise applications secure by default. Looking forward to seeing how IPSIE transforms Identity security in the SaaS landscape!
Network Manager | Email Administrator | VoIP Administrator | Cybersecurity
1 个月This sounds like a good idea. If the SaaS companies can easily talk to the Single-sign on / Identity companies securely it should be a lot easier going forward to the IT departments to set up these links. It's a lot of work for the IT department to get a new SaaS working and then when a web page changes you have to start all over again.