A naukri.com initiative
VentureBeat
1M
333
Image Credit: VentureBeat
What Okta’s failures say about the future of identity security in 2025
- 2025 needs to be a year for identity management providers to improve every aspect of software quality and security, with a focus on red teaming while increasing transparency and becoming objective about outcomes beyond standards.
- Identity management providers, including Okta, need to follow the lead of leading AI companies that have revolutionized their release processes by implementing more extensive red teaming processes.
- Okta, like other identity management vendors, signed the CISA Secure by Design Pledge, but it is still grappling with getting authentication right, as evidenced by its advisory about usernames for over 52 characters.
- Leading vendors, such as Google Cloud and Microsoft, have made MFA mandatory for all users by 2025; Okta should focus on using more red teaming to improve its vulnerability management initiatives.
- Improving security posture should be a priority for identity management vendors; they can learn from Anthropic and OpenAI by focusing on more continuous human-machine collaboration when testing, excelling at adaptive identity testing, prioritizing specific domains for red teaming, automating attack simulations, and integrating real-time threat intelligence.
- Identity management vendors should recognize that standards are valuable frameworks for guiding continuous improvement but should focus on increasing their red team function's intensity.
- Red teaming is essential to stay competitive, catch errors before they ship, and simulate aggressive attacks to stay a pace with adversaries.
Read Full Article
20 Likes
For uninterrupted reading, download the app