|
|
|
|
|
|
by 4death4
977 days ago
|
|
|
> It seems a reasonable expectation to assume that anything sent to Okta support isn't instantly available to attackers. No that’s not a reasonable assumption. Malicious Okta employee is just as significant an attack vector as compromised Okta support tool. |
|
|
If Okta employee is a high priority threat model... then the customer is better off not using Okta.
Not that it shouldn't be considered, but if Okta top-to-bottom penetration is expected and accepted, then that's taking Zero Trust to a whole new length.