The NIST Cybersecurity Framework 2.0, released in 2024, updates the original 2014 framework to reflect today’s complex threat landscape and the need for a more flexible, inclusive approach to cybersecurity. Designed for organizations of all sizes, it adds a new “Govern” function, clearer guidance, and real-world examples to help teams build or improve their security programs without starting from scratch.

In an Okta environment, connecting an external service to the API typically requires a token, which can be obtained through either API Tokens or API Service Apps, each with its own benefits and drawbacks. API Tokens are quick to implement but have security and management limitations, while API Service Apps offer greater scalability, automation, and security using OAuth 2.0.

Browser-in-the-Middle (BitM) attacks bypass multi-factor authentication by stealing session tokens, often through social engineering tactics like phishing. To protect against these attacks, organizations should use hardware-based MFA, client certificates, and FIDO2 standards while educating employees and monitoring for suspicious activity.

Okta automates user access management, streamlining onboarding, role changes, and offboarding while enhancing security. Integration with our HR system ensures instant access for new hires and immediate revocation for departures, reducing errors and improving efficiency.

Incident detection and reporting are crucial for identifying security breaches, minimising risks, and ensuring compliance with regulations like NIS2 and NIST. Okta simplifies this process with real-time monitoring, AI-driven analytics, comprehensive audit logs, and seamless SIEM integrations, empowering businesses to respond quickly and effectively to potential threats.

The use of machines in organisations has grown exponentially, while growth allows for higher volume of automations and lightning speed machine to machine transactions, machines often operate with privileged access, handle sensitive data and authenticate with single factor authentication.

As my work shifts to Customer Identity Cloud and I explore OAuth 2.0 and OpenID Connect, token management is crucial. Custom development offers flexibility but presents challenges, like OAuth 2.0 leaving token lifetimes to the implementer, balancing security and usability.

Cybersecurity can feel overwhelming, especially with new rules like the EU’s NIS2 Directive. But the truth is, these changes are here to help us stay safer and more resilient in a world where cyber threats are always evolving. Pair that with a smart strategy like Zero Trust and tools from Okta, and suddenly compliance and protection don’t seem so hard.

Are you having trouble figuring out how to update roles: Viewer, Creator and Admin after integrating Loom to Okta? 

While the planning, implementation, and rollout of an IAM solution will always be an ongoing function that varies based on organizational needs and use cases, it can be useful to organize your design into three main tenets. 

Am I a human? Or am I a bot?

I recently watched Terminator 2 – what a great film! 😊 

The scene where the T-800 makes the phone call impersonating the voice of John Connor really did predict the future. Who thought we’d be living this threat IRL today? In addition to many, many spam emails, today I received a phishing phone call from my ‘HR Department’ asking me to share sensitive information.