End users tend to get a bad rap in the security business because they are often the weakest security link. They fall for phishing schemes, use weak passwords and often unknowingly are the conduit for malicious actors getting into your company’s systems. Okta wants to change that by giving end users information about suspicious activity involving their login, while letting them share information with the company’s security apparatus when it makes sense.
Okta actually developed a couple of new products under the umbrella SecurityInsights. The end user product is called UserInsights. The other new product, called HealthInsights, is designed for administrators and makes suggestions on how to improve the overall identity posture of a company.
UserInsights lets users know when there is suspicious activity associated with their accounts, such as a login from an unrecognized device. If it appears to involve a stolen password, he or she would click the Report button to report the incident to the company’s security apparatus where it would trigger an automated workflow to start an investigation. The person should also obviously change that compromised password.
HealthInsights operates in a similar fashion, except for administrators at the system level. It checks the configuration parameters and makes sure the administrator has set up Okta according to industry best practices. When there is a gap between the company’s settings and a best practice, the system alerts the administrator and allows them to fix the problem. This could involve implementing a stricter password policy, creating a block list for known rogue IP addresses or forcing users to use a second factor for certain sensitive operations.
Health Insights Report. Image: Okta
Okta is first and foremost an identity company. Organizations, large and small, can tap into Okta to have a single sign-on interface where you can access all of your cloud applications in one place. “If you’re a CIO and you have a bunch of SaaS applications, you have a [bunch of] identity systems to deal with. With Okta, you narrow it down to one system,” CEO Todd McKinnon told TechCrunch.
That means, if your system does get spoofed, you can detect anomalous behavior much more easily because you’re dealing with one logon instead of many. The company developed these new products to take advantage of that, and provide these groups of employees with the information they need to help protect the company’s systems.
The SecurityInsights tools are available starting today.
Steve Jobs used to famously end his keynotes with “there is one more thing…” AWS decided to wait a week after their re:Invent conference ended to announce their more thing when they quietly released a single sign on product for the AWS cloud yesterday.
Google Cloud announced today that it has acquired Bitium, a company that focused on offering enterprise-grade identity management and access tools, such as single-sign on, for cloud-based applications. This will basically help Google better manage enterprise cloud customer implementation across an organization, including doing things like setting security levels and access policies for… 
Okta, a company mostly known for cloud identity management, made a foray into enterprise mobility management (EMM) at the end of 2014. Today, it announced a partnership with Box to support device-level security for the Box mobile app. The company is hoping this is the start of a series of partnerships with enterprise mobile app vendors that will enable them to apply a set of policies on…