Your Okta Groups Should Be (Mostly) Empty

Hannah Young

Hannah Young

.

December 14, 2022

2 min

read

Yep, you heard that right; we at Crosswire believe that your Okta groups should be as empty as possible. In fact, we think most of them should be empty most of the time. Your Okta groups represent risks, amplified by the number of people residing there. Your Okta groups are the gateways to the applications and infrastructure of your company. For your organization’s safety, your Okta groups should be (mostly) empty.

Security risk is the likelihood of someone compromising your enterprise’s data, tools, or applications, and this risk compounds the more people that have access to more information. Of course, people need access to these things to do their jobs, so you can’t just remove all that access. Or can you? People need access to do work, but they don’t need that access all the time.

For example, take a look at your local DevOps wizard. Most likely, they permanently reside in the ACL_AWS_SuperAdmin Okta group. However, do they need to be there when they’re not setting up or maintaining infrastructure? To go deeper, they definitely don’t need to be in that group while sleeping, and yet they are. Thus, if they’re compromised outside of working hours or when they’re no longer a part of a relevant project, your organization suffers due to access that person didn’t even need.

While it may be relatively uncontroversial to suggest that few people need all of their access all the time, it is hard to get access, so removing all of that access can be a hassle. Getting access securely and conveniently is a real problem; if it were easier to get access only when needed, then, of course, you would be doing this.

All of this is possible in Crosswire.

Not only is it possible, but you can also configure different types of access with approval chains, automation, and eligibility. Nevertheless, it’s still operationally challenging to remember to revoke access once granted, and it makes sense to worry that your Okta groups may gradually bloat with random junky permissions over time. However, Crosswire helps with that too! You can set TTLs on access so that sensitive access never lives longer than necessary. With Crosswire’s automation, access can be provisioned when the person qualifies and automatically be deprovisioned when they no longer do.

Crosswire’s philosophy is that you can meaningfully reduce your organization’s security risks by emptying your Okta groups, and we can help you do it. Your organization is more secure when your Okta groups are as unoccupied as they need to be for as long as possible. So, please, empty your Okta groups, and stay up to date with (or join) Crosswire below.

More from our blog

UPDATE: Customer Impact in the Okta Salesforce Breach

An update on Crosswire and the September 2023 breach of Okta’s Salesforce instance.

Crosswire Security Team

Breaking Down the October 2023 Okta Breach

A comprehensive timeline and breakdown of the October 2023 Okta Support Case Management System breach.

October 2023 Okta Compromise Guidance

In light of October 2023 Okta support compromise, Crosswire sent the following message to its customers.

Crosswire Security Team

The term Identity Threat Detection and Response (ITDR) has gained significant popularity this year, but what is ITDR, actually?

CISOs on Identity Security Maturity in the Enterprise

CISOs Chris Castaldo and Tanner Randolph share insights on security maturity and identity in the enterprise.

Black Hat Guide for Conference Veterans

Whether this is your 1st or 21st time at Black Hat, these tips can help you weather a jam-packed and intense week.

You Should Feel ‘Positively’ About Your Security Tools: How We’re Mitigating False Positives in Identity Security

False positives are a huge problem in security: see what Crosswire is doing to prevent them and mitigate their effects.

Decoding the (Broken) Modern Identity Stack

We've made the modern identity stack entirely too convoluted and broken, but not for the reasons you think.

The Secret Third Step to Threat Detection and Response: Protection

How are you protecting your accounts before an incident can occur (or slowing an incident down before it really ramps up)?

How to Detect and Remediate Identity Threats; Solution 2: Remediate

This is Solution 2: Remediate of a two-part series on how to detect and remediate evolving identity threats.

How to Detect and Remediate Identity Threats; Solution 1: Detect

This is Solution 1: Detect of a two-part series on how to detect and remediate evolving identity threats.

AI D&R: AI (in Security) is Dead; Long Live AI (in Security)

Explore the historical use, modern approaches, and future applications of AI in detection and response (D&R).

Quick RSAC 2023 Recap: We’re Back (and Stronger Together)

From Armisen to AI/ML, catch up on what you missed from RSA Conference 2023 with Crosswire!

Defending Against Threats in Identity Security; Part 2: Remediate

This is Part 2: Remediate of a two-part series setting up emerging problems in identity security.

Why Now’s the Perfect Time to Join an Early-Stage Startup

If you’re looking for the right time to join a high-risk, high-reward venture, we’d argue that there’s never been a better opportunity.

It’s Not Just You: IT Security Audits are Stressful

IT security audits can be a pain for everyone involved: check out our solutions to make this auditing season just a little bit easier.

Why RBAC is obsolete

RBAC lacks sophistication and flexibility, failing to address the access needs of the modern company.

Defending Against Threats in Identity Security; Part 1: Detect

This is Part 1: Detect of a two-part series setting up emerging problems in identity security.

Identity Is a Co-owned Problem Between Security and IT

Who owns identity at your org? Identity is (and should be treated as) a co-owned problem between security and IT.

The Founding of Crosswire as Told by Its Values

Crosswire, and its co-founders Johnny and Nick, are building the future of enterprise identity in new and exciting ways.

RSA Conference™ 2023: Stronger Together

The theme for 2023’s RSA Conference™ is “Stronger Together.” When info security is more important than ever, so is collaboration.

6 Early Warning Signs of an Under-Resourced IT Organization

It’s no secret that your IT organization is crucial to your company. But are they getting all of the resources they need?

Cybersecurity Is More Critical Than Ever, and You (Yes, You) Can Do Something About It Now

Why cybersecurity is more crucial than ever and what you can do to make your organization more secure, no matter your role.

Understanding Automation: How To Do More Than You Have the Resources For

Five significant ways to improve your workflows with automation and get more results than your resources permit.

Google Workplace Organizational Units (OUs) according to Parks and Rec

What are Google Workplace Organizational Units, and how do they work (according to Parks and Rec)?

Practical Survival Guide to Okta Lifecycle Management

Crosswire’s technical usability guide to Okta Lifecycle Management (LCM), from onboarding to offboarding.

Authorization (AuthZ) and Authentication (AuthN): A Brief History

Authentication is who you are, and authorization is what you can do. Here, we dive into the history of these terms.