Is Nexthink affected by the recent Okta code repositories event?
No, Nexthink is not impacted. Nexthink has received formal confirmation from Okta that it is not impacted. While Nexthink relies on Okta for corporate accounts and API management, additional authentication factors are enforced based on third-party technologies, along with posture checks that are required for production environment access.
There is no impact on the Nexthink cloud environments. Nexthink will continue to monitor the situation and provide further updates as they become available.
In early December 2022, GitHub alerted Okta about possible suspicious access to Okta code repositories. Upon investigation, we have concluded that such access was used to copy Okta code repositories.
Our investigation concluded that there was no unauthorized access to the Okta service, and no unauthorized access to customer data. Okta does not rely on the confidentiality of its source code for the security of its services. The Okta service remains fully operational and secure.
As soon as Okta learned of the possible suspicious access, we promptly placed temporary restrictions on access to Okta GitHub repositories and suspended all GitHub integrations with third-party applications.
More information can be found in this blog post.
How is Nexthink protecting its products against events like this?
Nexthink applies an in-depth defense strategy, in which multiple controls are thoughtfully layered providing together mitigation against a wide variety of threats. This includes:
Host posture checks
Restricted access to the management plane
Continuous monitoring of any suspicious activity
Nexthink has also achieved the ISO 27001, 27017 and 27018 and SOC 2 Type I/II certifications for the Nexthink Experience and Infinity cloud platforms.