IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

Okta works with OpenID for new enterprise identity security standard

Mon, 25th Nov 2024

A new working group within the OpenID Foundation, led by Okta alongside industry partners, is set to develop the first unified identity security standard for enterprise applications.

The initiative, termed Interoperability Profile for Secure Identity in the Enterprise (IPSIE), aims to tackle the pressing challenge of identity-based security breaches by providing a cohesive framework for SaaS companies to bolster the security of their technology stacks comprehensively.

Cyber threats continue to rise, with research from PwC indicating a substantial increase in mega breaches experienced by Asia Pacific organisations over the past three years. Among these, 35% reported data breaches costing between USD $1 million and USD $20 million. Additionally, a United Nations report cited cyber-enabled fraud as leading to losses up to USD $37 billion in 2023 in East and Southeast Asia.

Currently, numerous cloud-based applications lack secure identity frameworks. Historically, there has been no unified approach for SaaS developers to incorporate technologies such as Single Sign-On (SSO), risk signal sharing, and session termination cohesively.

Okta collaborates with prominent SaaS providers, preparing for the standard's implementation. More than 50 key enterprise SaaS applications, including those from Google, Microsoft Office 365, Slack, and Atlassian, have already introduced features and APIs that align with the proposed standard.

"Okta is focused on elevating the entire technology industry to be better protected from attacks. Our goal with IPSIE is to standardise identity security and help foster an open ecosystem where building and using enterprise applications that are secure by default is easy for everyone," stated Todd McKinnon, CEO and Co-Founder at Okta. "We are proud to have led the formation of this working group within the OpenID Foundation as we work to standardise identity security and make the world a more secure place."

The IPSIE working group aims to provide a comprehensive identity security framework applicable to enterprise SaaS applications, resources, and workloads. The group expects to deliver its initial specifications by early 2025, with a stable standard projected for the following year.

The planned standardisation will cater to several capabilities, including Single Sign-On (SSO) for centralised login policies, System for Cross-domain Identity Management (SCIM) for secure user lifecycle management, entitlements management through Okta FGA, session termination, and risk signal sharing across security systems.

For enterprises, IPSIE is designed to mitigate common security risks like orphaned accounts and shadow directories, while also supporting the enforcement of least-privilege access principles. SaaS developers can anticipate a streamlined framework for implementing robust enterprise security features.

Ben Goodman, Senior Vice President and General Manager APJ at Okta, commented, "Identity security has never been more critical, with over 80% of data breaches traced back to compromised identities. The introduction of IPSIE comes at a pivotal moment as organisations navigate an increasingly complex threat landscape. While technological advancements create new opportunities, they also introduce new vectors for attack. A unified identity security standard lays the groundwork for more resilient enterprise security - one that can adapt and scale as technology evolves. IPSIE isn't just about addressing today's security challenges; it's about building a foundation that will help organisations safely embrace future innovations while maintaining robust protection of their digital assets and user identities."

To support IPSIE's adoption, Okta has launched over 125 new Secure Identity Integrations for major SaaS applications, accessible through both its Workforce Identity Cloud (WIC) and Customer Identity Cloud (CIC) platforms. Developers using Auth0 will also benefit in achieving IPSIE compliance following the standard's finalisation.

The initiative marks a significant strategy shift in the industry towards identity security through a collaborative, standardised framework. No single entity can resolve the identity security challenges alone, and as such, IPSIE emphasizes collective industry involvement.

As the IPSIE standard takes shape, Okta plans to maintain collaboration with third-party standards bodies, identity providers, and independent software vendors to advocate for open, interoperable identity security standards, aspiring to foster a secure technological ecosystem.

Comprising members such as Ping Identity, Microsoft, SGNL, and Beyond Identity, the IPSIE working group is open to further industry input and collaboration as it works towards its key milestone for 2025 specifications.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X