Skip to content

Implementing Zero Trust Principles to Mitigate Insider Threat with Okta + Code42 Incydr

A key component of a Zero Trust strategy is ensuring you’re able to consistently verify and authenticate users before they access data and systems. What’s more, it’s also critical that users only have access to what’s really required to do their jobs. Easy in theory. Harder in practice.

Employees are authorized to view certain applications, but that doesn’t mean they won’t abuse their access privileges. Data leaks and theft at the hands of insiders are  increasing in both scope and impact thanks to trends like digital transformation, hybrid work, growing IP entitlement of employees, and workforce volatility. In fact, 71% of those who responded to the Code42 Annual Data Exposure Report 2022 stated they are concerned about their lack of visibility over what and how much sensitive data departing employees take to other companies. 

In addition to requiring authentication, security teams regularly audit the access employees have to applications. Most also have methods to detect compromised users. But what about when your own employees –and not an outsider– become the threat? There’s many a tale of an employee who felt the call of the “dark side” and turned into an insider threat. Even more common, the risk to data and systems an employee poses changes due to their circumstances. Take departing employees as an example. Research shows there’s a 1 in 3 chance a company will lose IP when an employee quits, and ¾ of security teams don’t know what or how much sensitive data they take when they leave.

What organizations need is a way to quickly detect these shifts in employee circumstances and behavior and take quick, responsive action to revoke system access before the business is put at risk. Okta and Code42 Incydr have teamed up to do just that.

  • Incydr is used to detect, investigate and respond to employee data leak and theft events. 
  • It ingests user attributes from Okta, such as user title, manager, department and more, and uses this context to help score the risk associated with employee file activity.
  • When Incydr detects critical data exfiltration events, or when risk changes such as when an employee resigns, Incydr communicates with Okta to remove a user’s access permissions. 

In the end, Okta and Incydr work together to ensure the right access controls are always applied so your data and systems remain protected, giving you the confidence of a Zero Trust approach to Insider Threats.

Interested in learning more? Join Okta + Code42 from September 27th through 29th for the 2022 Insider Risk Summit. It’s the industry’s leading conference on Insider Risk Management (IRM), bringing together security leaders and practitioners and industry experts to learn, interact and share best practices in the IRM space. Register today!

Additional Resources

You might also like: