Identity management vendor
Okta is teaming with
Rubrik to ensure business continuity for organizations if their identity services are compromised, a key concern at a time when
identity and credentials have become top targets for ransomware gangs and other threat groups.
At Okta’s
Oktane 2025 conference in Las Vegas Wednesday, Rubrik announced it is expanding its Identity Recovery product line to cover Okta customers, providing such capabilities as immutable, air-gapped backups and granular recovery for key
Okta objects and metadata.
The Palo Alto, California-based company already offers the service for Microsoft Active Directory and Entra ID. Now it’s extended to Okta.
“Identity has become the primary vector of attack,”
Hema Mohan, vice president of product management at
Rubrik, told MSSP Alert. “Adversaries exploit compromised identities to target systems like Okta, Active Directory, and Entra ID, using phishing, token theft, privilege escalation, and supply chain attacks.”
Such incidents often lead to ransomware or large-scale data theft, Mohan said, adding that with the vendor’s identity recovery capabilities, organizations can “rapidly restore their Okta tenants and the downstream dependencies, and contain the blast radius, and resume operations with confidence.”
Protecting the Data
Okta offers a secure and resilient platform for controlling access to internal systems and cloud-based applications, but their customers still own and manage the data and configurations in their tenant. Rubrik technology is designed to protect against such problems as misconfigurations, human errors, and changes made by malicious actors.
In the case of a compromise, Rubrik tools help organizations avoid having to manually put the pieces back together by rebuilding data and tenant settings or creating custom workflows to restore the data. The automated and on-demand backups included in Rubrik Okta Recovery – which will be available in the coming months – provide protection for such Okta objects as users, groups, and applications, while all backup data is stored in Rubrik’s air-gapped and immutable storage to ensure they’re isolated from attacks and tampering.
Misconfigured, compromised, or deleted objects are restored directly in the Okta tenant to reduce disruptions and eliminate manual rebuilds, and with the same capabilities used to protect Okta, Active Directory, and Entra ID all on the same platform, organizations have unified identity protection.
Partners Also Benefit
In addition, partners like MSSPs and MSPs also can take advantage of the offering, Rubrik’s Mohan said.
“Partners play a critical role in identity,” she said. “For many organizations, identity is too complex and resource-intensive to manage alone, especially in hybrid and multi-IdP [identity provider] environments. MSPs and MSSPs are often on the frontlines, helping customers secure, monitor, and recover their identity systems.”
With Rubrik Okta Recovery, MSSPs and MSPs can use it both internally to protect their own Okta tenants and ensure their operations stay resilient and as a service offering, extending protection and recovery to their customers and including Rubrik’s technology in managed identity resilience services.
“This differentiates MSPs and MSSPs in a competitive market by not only detecting threats, but also delivering fast, orchestrated recovery across Okta, Active Directory, and Entra ID,” Mohan said. “We see it as an opportunity to deliver real business continuity outcomes.”
Identity is the Target
Bad actors over the past several years increasingly have turned more to identity rather than such avenues as software vulnerabilities to gain access to corporate networks and the data they hold. According to research by Rubrik, identity-based attacks account for almost 80% of all cyberattacks as threat actors leverage compromised user credentials to gain access.
“The rise of identity-based cyberattacks demands immediate and decisive action from organizations,” Rubrik officials
wrote in a blog post this year. “As the digital landscape evolves, cybercriminals are increasingly targeting compromised credentials and exploiting identity vulnerabilities to gain unauthorized access to critical systems. With nearly 80% of cyberattacks being identity-driven, safeguarding user credentials has become a top priority.”
In a
report this year,
eSentire said that 59% of the incidents handled by its security operations center (SOC) in the first quarter were identity-focused, a 156% increase from two years ago. The MSSP and managed detection and response (MDR) specialist pointed to the rise of such tools as
phishing-as-a-service (PhaaS) platforms as key drivers, enabling less-skilled bad actors to launch large-scale and sophisticated phishing attacks.
Okta Rebounded from Attacks
Okta has a keen understanding of the threat, having been the victim of identity-based attacks in 2022 and 2023. The one in late 2023 started when an employee’s Gmail account was compromised, with the data breach eventually affecting a range of customer support clients, including such companies as
BeyondTrust,
1Password, and
Cloudflare.
The San Francisco-based company responded with a
number of improvements, including zero-standing privileges for Okta administrators and requiring multifactor authentication (MFA) for protected actions in the admin console.
