Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

Try Okta
Sign In

SECURITY AND RELIABILITY


Always On, by design

We understand that identity is mission critical. Our customers depend on Okta to manage and protect access to applications and data. That trust requires our service to be highly available and secure.

Secure, Audited Infrastructure and Processes

 

 

We take a comprehensive approach to security

 

It spans our hiring practices, the architecture and development of the software that powers Okta, and the data center strategies and operations that enable the company to deliver a world-class service.

Secure Personnel

Security awareness is an ongoing educational process throughout employment with Okta. Our security team performs progressive social engineering tests and awareness campaigns to mitigate phishing attacks and build security into the culture of the company. We actively reduce the attack surface by limiting the number of personnel with access to production. Additionally, Okta's Chief Security Officer reports directly to the CEO to ensure top-down prioritization of security throughout the company and service.

Highlights

  • We conduct yearly exercises to train employees on how to mitigate spear phishing
  • We limit users with highly secure access to production to maintain a small attack surface

Secure Development Lifecycle

We practice security by default by baking security best practices into every step of our development lifecycle. Security is built into checkpoints from when a developer begins design and checks in code to when a build is validated and deployed. Okta works with both independent external security researchers as well as its own internal security team to regularly validate the security of its design and service implementation.

Highlights

  • All developers are trained annually on secure coding practices as well as secure code review techniques
  • All code is peer-reviewed and inspected by in-house security researchers as well as independent third-party security assessors
  • The Okta build includes weekly automated web application assessments

Secure Customer Data

We employ the the state of the art encryption key management to secure customer data. Using our next-generation cell technology, all Okta customer data is encrypted at the data field level. Moreover, data is encrypted in transit from the user's browser down to interactions with an AD Agent. Protection of customer data is audited in accordance with FedRAMP and NIST 800-53, HIPAA, and ISO 27001 requirements.

Highlights

  • All customer data is encrypted at data field level
  • All customer instances have unique encryption keys
  • Okta leverages AWS' highly secure key management service

Okta Technical Security Whitepaper

Download now

How we work with AWS to improve security

Watch the video

Our people make the difference

Our security team comes from leading SaaS companies and is doing cutting-edge, world-class research that is incorporated back into Okta’s service.

Read our latest security blog posts

A partnership based on trust

Transparency in how we operate is a critical part of being an enterprise-grade partner. We believe in a customer's right to conduct an audit on Okta. We provide independent third-party penetration test reports and will set up environments for customers to conduct their own penetration testing.

All customers receive a weekly update from Okta giving them visibility into new functionality that is added to the service, and we do quarterly updates on the overall service roadmap. Detailed information on any outages is also provided to our customers and we publicly post our past availability statistics on okta.com/trust.

 

Okta has demonstrated, not just to us, but to industry analysts and security experts that they take security very seriously, and that it's a service that we'll be able to trust.

Den Jones, Senior Manager IT Services, Adobe