Below are some of the major controls we leverage to secure our cloud service infrastructure:
Infrastructure and Physical Security
When we selected an infrastructure provider, we drew on our technical team’s experience in developing and operating market-leading cloud services. This enabled us to build in security and availability at every layer, from physical security through to computer, network, and storage. We complement these measures with well-defined security and access policies, and prove our security using ongoing third-party audits and certification.
We protect your data at every point in our infrastructure, including compute, storage, and network transmission.
We ensure that all of our service providers meet our data protection standards.
Our security-focused culture starts at the highest level with a chief security officer who reports directly to the CEO on security issues. It extends throughout the company via a security team that trains employees to watch for social engineering attacks like phishing, and tests them regularly to ensure compliance. We also support this culture with a policy that limits the amount of employees who have access to production systems.
Secure Development Lifecycle
We begin building security into our software before we write any line of code. Strict security checkpoints govern every step of our development lifecycle from design through to coding, testing, and deployment. Our internal security team works with independent external security researchers to validate our software security.
Each year, we train our developers in the latest secure programming and code review techniques.
Our software security is regularly reviewed by peers, in-house security researchers, and third-party security assessors.
Our software development lifecycle includes more than 60,000 tests.
Our coding tools automatically assess software security as they build our web applications.
Secure Customer Data
Okta’s data protection meets the highest industry standards, complying with FedRAMP and NIST 800-53, HIPAA, and ISO 27001 requirements. Our state-of-the-art encryption technology protects customer data both at rest and in transit to the user’s browser, leaving no weak spots for attackers.
We encrypt all customer data at the data field level, ensuring that we protect all of your sensitive information.
Security and Penetration Tests
We aggressively hunt for bugs in our software using four concurrent security programs. Our internal tests work in conjunction with third-party security audits, a public bug bounty program, and a highly-responsive customer bug reporting program. We also believe in the customer’s right to conduct a penetration test on Okta, and so we provide them with test environments to do that.
Our people make the difference
Our security experts have worked for the world’s leading SaaS companies. We incorporate their research directly into our products in a cycle of continuous improvement.
Learn more about Okta’s security
Want to dive deeper into Okta’s approach to security? Follow the links below: