Skip to main content

How Okta Uses Incydr™ to Protect Against Data Leaks


"Hi, my name is Matheo. I work in IT security here at Okta, and I manage all things IT security-related, so antivirus, endpoint detection and response, data loss prevention, DNS, vulnerability management, and of course, Code42 to monitor Insider Risk."


About Okta

"It's definitely a culture of innovation, a culture of speed, a culture of transformation, and we're always probing, always changing, and of course, always on. That's kind of our mantra."


What made you choose Code42 Incydr?

"Really just maturing our security posture. We had an initiative around data loss prevention in general so it definitely came from a bigger initiative, which was protecting data confidentiality, integrity, and availability of the data that we have at endpoints.

We went from Office 365 to Google Workspace, and then we still used Box. So with Code42, we're able to monitor both of our solutions."


What considerations do you prioritize when choosing security tech?

"We needed it to work, and we needed it to integrate with Okta. And so for some vendors, that's kind of a challenge when things don't work with Okta, and we need to have workarounds. With Code42, we have the opportunity to out of the box integrate many of the things we needed with Okta right away. So that helps improve the experience for end-users because we don't have to go reinvent the wheel to make sure things are working."


How do you use Okta and Incydr to protect against file sharing exfiltration?

"We have different types of users based on different types of data that they can access. So we want to make sure that we're assigning the risk to a particular user based on the type of data they have access to. And that way we can keep close tabs on certain type of users and that will help us improve our security posture in general."


What role does Incydr play in your Insider Risk Management strategy?

"You can integrate Code42 with Okta and then have contextual information for a particular user around it's manager, whether they're permanent, what their email is, and all that stuff. I have visibility of files that are publicly shared, and I get notifications for those that I can ingest into my SEIM, and then take action. So I didn't have that before.

I think having visibility is key. So I think that their role is allowing us to see what's happening and giving us the ability to respond to what we see is happening. Code42 gives us that context that really matters when it comes to data."


What's been the impact of having Incydr?

"Security benefits are really hard to measure because you really don't know the impact of a security breach until it happens. And so net negative impact equals the best positive outcome. Not living in the disaster mode because Code42 is helping us mitigate the risk."


What would you tell someone in a similar situation who is considering Incydr?

"Once you start trying it, you're like, oh my God, what is going on because you didn't realize how much stuff is being exposed. Give it a try. Ask for a demo and see if you can set up a test environment and plug it into a couple of test cases and see if it works for you. I think you won't be disappointed."


About the Author

Matheo is the IT Security Director at Okta. He manages the configuration and deployment of IT security-related tools and patch management. He is in charge of implementing a zero-trust strategy and other security-related goals around reducing the attack surface, privileged access management, DLP, networking, and securing SAAS applications. Matheo has technical experience working and securing cloud environments in AWS and Azure, deploying and managing endpoint detection and response tools like CrowdStrike and CarbonBlack, and implementing security controls in compliance with CIS, NIST, and ISO standards.

Profile Photo of Matheo Lord-Martinez