Assessing Okta’s Protection of Customer’s AWS Credentials and User Directory

ACM.161 How does Okta protect our AWS credentials, configuration, system integration, and directory data?

Part of my series on Automating Cybersecurity Metrics. The Code.

Free Content on Jobs in Cybersecurity | Sign up for the Email List

In the last post we looked at how Okta works with AWS.

Federating AWS Authentication to Okta with SAML

One concern I mentioned was that Okta is requesting long lived credentials instead of integrating via a role and an external ID to obtain a list of roles in our AWS account.

The other question is —more importantly — how does Okta store the usernames, passwords, and other information we store on their systems?

How would an attacker obtain our data stored at Okta?

To gain access to the AWS keys or user names and password stored at Okta, an attacker could try a number of different tactics.