Okta Breach Reactions

An Exclusive ETR Insights Panel

Erik Bradley | ETR Research 

| July 15, 2022

Following Okta’s March 22 disclosure of a security breach in January, the ETR Insights team surveyed a panel of ETR Community members as to how the breach itself and Okta’s response may impact clients, contract renewals, and the security vendor’s reputation. The panel discussed the scale and particulars of the attack, Okta’s delayed disclosure, reputational damage and regaining trust, third- and fourth-party vendor oversight, cyber insurance, the vendor’s hopes of product expansion, contract renewals, and Okta’s competitors that could potentially benefit. Our panelists included three CISOs and a Senior IT Director representing the hospitality, business services, large healthcare, and technology verticals.

Overview. While the LAPSUS$ breach affected only 366 of Okta’s 15,000+ clients, and the extent of the hackers’ access was limited (according to Okta representatives), all panelists cited Okta’s delayed disclosure as most damaging to the company’s reputation, with one CISO particularly frustrated that he only heard about the breach via the media. Another criticized Okta’s incident response plan for not immediately requiring Sitel, the third-party vendor breached, to deliver a root cause analysis and remediation. While not an insurmountable blow to the organization, Okta does have work to do to regain its clients’ trust. “None of us are immune to breaches, but the fact that they let this go on for a few days without capturing it – and then more importantly, didn’t disclose it properly – that’s where it’s going to be those difficult discussions.”

As Okta is a cornerstone solution of authentication, and given the lack of ransomware or other immediate demands from LAPSUS$, one CISO imagines the attack on Okta was reconnaissance meant to get at bigger targets the hackers could then monetize. Of concern is how much access the hackers gained to Okta’s infrastructure and core key management services, though Okta assures that the breach was constrained by privileged access management and governance control in place. The panel considered pending state legislation that may require broader third- and fourth-party certification, with one CISO pointing to an audit of Okta’s own contract relationships as key to any service renewal. Others are concerned as to any impact the LAPSUS$ breach may have on their own indemnification and cyber insurance liability, which they already struggle to underwrite in the current market.

Vendor-Specific Commentary. ETR’s APR22 TSIS spending intention data shows both Okta and recent Okta acquisition Auth0 as highly favored, although a slight increase in negativity entered the data set after the breach was announced. ETR recalls a severe drop-off in SolarWinds spending intention following a major breach in 2021, but the current data is not showing the same reaction for Okta. While most panelists remain comfortable with Okta’s product offering, they imagine the breach will have a material impact on contract negotiations and any expansion of Okta’s services within their organization. In addition, the panelists cited Microsoft and Ping Identity as viable identity access management (IAM) and multifactor authentication (MFA) alternatives. One CISO is already looking towards Microsoft security to leverage their existing Microsoft 365 E5 licensing.

Vendor Mentions. The following vendors were mentioned in this panel: Okta, Auth0, CyberArk, Google, IBM, Microsoft, Oracle, Ping Identity, SailPoint, Salesforce, ServiceNow, and SolarWinds.

See the FULL Data Report on the Okta Breach HERE, and the FULL Panel Summary HERE for much more industry and vendor-specific data and commentary from our community of experts.

Or you can gain access on your own with a Free Trial  

Enterprise Technology Research (ETR) is a technology market research firm that leverages proprietary data from our targeted IT decision maker (ITDM) community to bring you actionable insights about spending intentions and industry trends. Since 2010, we have worked diligently at achieving one goal: eliminating the need for opinions in enterprise research, which are often formed from incomplete, biased, and statistically insignificant data. Our community of ITDMs represents $1+ trillion in annual IT spend and is positioned to provide best-in-class customer/evaluator perspectives. ETR’s proprietary data and insights from this community empower institutional investors, technology companies, and ITDMs to navigate the complex enterprise technology landscape amid an expanding marketplace. Discover what ETR can do for you at www.etr.ai