Skip to content

Accelerating Right-Sized Response to Insider Risk with Incydr + Okta

Every year, I look forward to Oktane – I think because its agenda is always centered around connections. Nearly every session is co-led by an Okta customer sharing their real world experience of how technology helps them build and support a collaborative and risk-aware culture for employees. By focusing on the people, it creates an authentic environment for security and IT professionals to learn from one another. 

So, with this week marking the second virtual Oktane conference – and with Code42 announcing our new integration with Okta Identity Cloud that automates access controls to speed insider risk investigations – I couldn’t help but reflect on all that has happened this past year. 

Zero Trust architectures enable Insider Risk Management solutions

Remote work and cloud collaboration platforms have changed how employees share and access data – and in turn, this shift in how we operate has accelerated organizations’ adoption of Zero Trust. 

While end users putting data at risk is nothing new, 74% of security leaders are more concerned about Insider Risk than they were before the pandemic. And as a result, 82% of decision-makers have prioritized developing better data protection strategies over the next 12 months, according to a recent Forrester study commissioned by Code42. 

Get our step-by-step guide to automating workflows to protect data

Insider Risk is much more than just a technology problem

Despite it being clear that data exfiltration is happening (and happening a lot), detecting Insider Risk can be hard if you’re relying on policy-based tools like DLP or CASB to solve the problem. This is because insiders are people, not computers or predictable number strings. They have trusted access and know their way around systems – and more often than not, Insider Risk is the result of good employees simply trying to do their jobs putting data in harm’s way unintentionally. 

The nuances of Insider Risk can make it seem like an uphill battle to mitigate. Security leaders require modern Insider Risk Management tools that enable them to proactively prioritize the riskiest file activities, streamline investigations, automate response workflows for those risks, and improve risk posture over time. 

Automating access controls as a form of right-sized response

Together, Code42 Incydr and Okta provide organizations with the ability to respond quickly to insider risk events, while also providing a flexible environment that supports innovation and collaboration.

Security teams using the Code42-Okta integration can:

  • Leverage user identity to monitor high-risk users and optimize Insider Risk Management platforms. 
  • Reduce insider risk exposure by automating and applying conditional user access controls based on predefined risk tolerance. 
  • Provide additional user context by provisioning role-based user attributes to identify behavioral risk indicators, such as remote activity, off-hour file events and attempts to conceal exfiltration.
  • Streamline and automate response workflows for departing and high-risk employees to speed investigations and effectively mitigate insider risk.

Leveraging Incydr’s automated workflow feature, when an Insider Risk Indicator (IRI) triggers an alert, a user is automatically added to a specific group in Okta with lower access permissions while a ticket is opened in the organization’s ITSM (i.e. ServiceNow or Jira). This not only connects what might otherwise be siloed efforts across departments, but also shifts security teams’ focus from being reactive to threats to instead proactively identifying insider risk events. This ultimately reduces complexity, risk of human error and the number of false positives. 

Furthermore, Code42’s SAML and SCIM-based integration with Okta helps security teams to identify behavioral risk indicators, such as remote activity, off-hour file events and attempts to conceal exfiltration. This direct integration allows security teams to programmatically monitor users with increased risk factors, such as departing and contract employees – all from within Incydr.


As organizations continue to evolve how effectively they are managing Insider Risk, a focus on automating data protection processes and handling alerts will continue to be top of mind for security leaders. 

Pairing Code42’s unique data-centric Insider Risk Management solution – Incydr – with Okta’s leading approach to identity and access, provides security buyers with an easier way to architect data security environments rooted in Zero Trust.

Download our Joint Solution Brief: Code42 Incydr + Okta Identity Cloud

You might also like: