Perfecting Digital Experiences in Industrial Enterprises to Drive Productivity, Flexibility, and Safety.

Effective use of IAM to prevent data breaches in testing and automation (Okta and HeadSpin)

March 17, 2022
Shinji Kanai

HeadSpin has a wide range of security-oriented features, including bare-metal devices, on-premise deployments, CYOL, Soc 2 certification, HS Tunnel (Socks 5 base) support, and more. Recently, we introduced a new feature called the “Data LifeCycle Policy” API, which allows you to delete unused test data automatically from devices under test, based on a configured corporate policy. The reason behind the ever-increasing demand for such robust and flexible security features is that remote work widespread in the wake of the COVID outbreak and increased the risk of information leaks due to unauthorized access. Further, the speed of the release cycle is shortened, and the content under test is diversified. Today, there is an ever-increasing need to handle various sensitive information safely and timely during the testing phase.

Some examples of sensitive information used in testing are as follows:

  • Pre-release apps and contents
  • Copyrighted materials such as video and audio of games before release
  • Access credentials to CI/CD or other external systems
  • PII data related to human health
  • Financial information such as credit card information
  • Authentication tokens cached in the browser
  • Applications built for debugging that support deep linking

Confidential information is not limited to the above. So, what measures can you take to reduce the leakage of this confidential information to the outside world? One answer is to introduce a single sign-on (SSO).

HeadSpin supports modern authentication protocols such as OAuth/OIDC and SAML. Using these protocols, you can delegate the authentication process to a 3rd-party identity service. As a result, not only can you centrally monitor access logs to the HeadSpin platform, but you can also deploy high-assurance multi-factor authentication to protect your data. Also, note that having SSO in place keeps your architecture simple, reducing the risk of being caught in the blind spot of complex or isolated systems, thus improving the organization's overall security (*1).

This blog will show you the procedure of configuring authentication and authorization with Okta as an IDP (Identity Provider) and some key benefits of HeadSpin and Okta integration.

Effective use of IAM to prevent data breaches in testing and automation

In this video, we reviewed the procedure of configuring SSO with Okta as an IDP and introduced some benefits of using Okta together with HeadSpin, including auto-configuration, multiple role assignment, and deletion, enabling Okta MFA (Fido2/WebAuthn) and central access log. The following article will cover integrating HeadSpin with Azure Active Directory to achieve SSO and benefits unique to the Azure integration.

(*1) According to the IBM/Ponemon report in 2021, system complexity and compliance failures were top factors that amplified data breach costs. The average time for respondents to identify and contain a breach is 287 days.