4 min Security

Oktane 2024: agents, security and the fight against SaaS chaos

Okta has had it with the "mismash" of identity security solutions

Oktane 2024: agents, security and the fight against SaaS chaos

Four out of five security breaches are caused by stolen credentials. At its Oktane conference held in Las Vegas, Okta announced it aims to eliminate this vulnerability by standardizing application security building blocks. This, the company believes, will lead to the future of identity security being a bright one.

Okta offers two main products: Customer Identity Cloud and Workforce Identity Cloud. In this article, we’ll summarize the innovations in these areas and discuss the new identity working group Okta has announced today, which has been founded in partnership with Microsoft, Ping Identity, SGNL, and Beyond Identity.

Customer Identity Cloud: manageable agents and GenAI Apps

In today’s tech landscape, announcements about AI agents have become essential for any credible tech company. But how can these be implemented securely? Auth for Gen AI aims to accomplish this through well-known AI frameworks and libraries such as Langchain and Vercel.

Specifically, Auth for Gen AI allows AI agents to call APIs for services like Google Calendar, GitHub, or Box. Importantly, the credentials for these services are tied to the specific user’s account, ensuring access remains implemented in familiar ways.

As agents are expected to permeate every aspect of IT systems, there may be instances where they need to make sensitive decisions, such as booking a flight when the price drops below a certain level. In such cases, Async Authentication with Auth for Gen AI can request authentication from the end user.

For organizations, the idea of feeding proprietary data to AI is tempting but fraught with pitfalls. RAG (Retrieval Augmented Generation) can contextually pass additional information to an AI model, but this too requires controls. Fine-Grained Authorization for Retrieval Augmented Generation, while a mouthful, is incredibly useful. It allows permissions to be set within documents themselves, ensuring employees can only access specific information and nothing more.

With the rise of agents, APIs are more crucial than ever. AI helpers prefer to communicate with a single point without an interface. Through the Developer Portal, a new component of Customer Identity Cloud, Okta customers can make their APIs “AI-ready” and expose them to developers and partners without security risks.

Workforce Identity Cloud: combating MFA overload and other persistent problems

Okta asserts that “identity within the enterprise is under attack,” and for good reason: compromised credentials cause 80 percent of all infiltrations. With an average of over 1,000 SaaS applications in use per organization, credentials are abundant. While MFA seems to be the solution, fully “phishing-resistant” MFA like Okta Fast Pass remains elusive. In essence, we need MFA that prevents authentication data from being passed on to malicious websites.

Okta Privileged Access will soon be joined by Secure SaaS Service Accounts, which protects shared SaaS accounts that are often left out of identity security measures.

On a higher level, Governance Analyzer with Okta AI is a new addition. This tool examines in real-time whether authentication decisions are being made consistently and securely. Due to its learning nature, Governance Analyzer continuously adjusts its advice based on actual usage.

Okta’s new working group: Microsoft, Ping Identity, SGNL, and Beyond Identity

Beyond its own solutions, Okta is looking to innovate with other major players. They note that thousands of different applications in today’s cloud are built without secure identity. Some companies, like Google, Microsoft Office 365, Slack, and Atlassian, are already leading by example and prepared for the future.

But what does that future look like? It involves the Interoperability Profile for Secure Identity in the Enterprise (IPSIE). This open standard, rooted within the OpenID Foundation, aims to provide a framework for SaaS companies to improve “end-to-end security of their products along every interface of their technology stack.” In short, it’s an industry security standard that can’t be ignored.

CEO and co-founder Todd McKinnon stated, “Our goal with IPSIE is to standardize identity security and help foster an open ecosystem where building and using enterprise applications that are secure by default is easy for everyone”.

This article has summarized the innovations that Oktane 2024 will bring. Techzine is attending the event to learn more about Okta’s vision and innovations in its own offerings.

Also read: Okta merges identity into one platform: what does that entail?