Monday, March 4th, 2013

Cloud IAM – Simplicity is Security with Okta!


The following is a guest post from David Baker, Chief Security Officer at Okta, one of Box’s trusted partners for single sign-on (SSO) and cloud identity management. This article is the fourth in a series about security, collaboration, and content in the cloud.

When Box asked me to write a blog for RSA, I jumped at the chance, and not just because they’re a close partner of Okta. I am a fanatical customer. Everyone at Okta uses Box, and it’s a very important part of our data-security program.

Back in November, I wrote a blog about service simplicity to help drive security. It was focused on a New York Times article, “Killing the Computer to Save It,” in which Peter Neumann argued that the “increasing complexities of modern hardware and software [have] made it virtually impossible” to ensure computers are secure and trustworthy.

I certainly agree. Let’s use the Box case as an example. I have data that I want to store securely. If I do it myself, then I need to first think about securing the computer I use to save the data:

  • First, create a complex password for logging in (check)
  • Then, check all apps and the OS are up to date (check)
  • Finally, enable full disk encryption (check)

Oh wait, now I need to figure out a secure location to store my recover key for FDE.

And, now that I think about it, what about physical security of the computer? Do I need to have it on my person at all times? (What about bathroom breaks?)

Maybe I could just put the data I’m securing on an external hard drive and lock it in my house somewhere? That’s getting closer, but I still need to noodle around with a strong symmetric encryption key or software. And what if I need the data in a hurry? This is quickly becoming too complex to manage.

As a security professional, I can happily manage all those steps—but I can’t expect my CEO or SVP of Sales to do the same. No worries—Box to the rescue. Using Box, we’re all able to store, share, and collaborate important documents and data. The data is stored securely (encrypted, segmented, and backed-up). We can access it at any time, from anywhere. Simplicity.

At Okta, we too have taken simplicity to heart, by trying to solve the inherent complexities of multiple identities. By closely integrating on-premise directories and using the cloud to virtualize Single Sign-on (SSO) and Identity Access Management (IAM), we give IT administrators a much simpler platform for management, activation, and integration. Unlike on-premises software that must be tailored to multiple operating systems and diverse network architectures, the cloud platform is abstracted and just needs SSL communication protocols. SSO makes things simple; centralized IAM makes things simple. And as with Box, simplicity is security.

If you’re interested in getting started with SSO, we do offer a free Box + Okta connector. Check it out and get more information at