In response to a series of high-profile data breaches originating from its tech supplier, Okta, the identity and access management (IAM) technology company introduced a Secure Identity Commitment in early 2024. This commitment includes strengthening its infrastructure, implementing internal security-by-design policies, and promoting customer best practices.
As part of this initiative, Okta significantly increased its investment in its existing corporate social responsibility (CSR) program, Okta for Good, to provide security assistance to non-profits and non-governmental organizations (NGOs) working in areas such as climate change and social justice.
One of the organizations benefiting from Okta for Good is the Norwegian Refugee Council (NRC), a long-standing European refugee charity with a history dating back to the aftermath of World War II. The NRC focuses on protecting the rights of displaced and vulnerable individuals during times of crisis by offering aid programs, supporting the work of the United Nations and other NGOs, and advocating for durable solutions to the global refugee crisis.
Operating in various regions worldwide, the NRC reaches approximately 10 million people annually through its 15,000 workers, supported by a budget of $750 million. With its headquarters in Oslo and a tech team based in Berlin, the NRC’s IT staff often work in conflict zones, presenting both challenges and opportunities to address real-world issues.
Pietro Galli, the NRC’s CIO, spent over a decade in the field before transitioning to IT leadership. He emphasizes the importance of leveraging technology to enhance the organization’s impact and efficiency, highlighting the role Okta plays in supporting their mission.
Cyber challenges for NGOs
NGOs face significant cybersecurity risks, including threats from cybercriminals and nation-state actors. The NRC, in particular, deals with targeted interference due to its work with vulnerable populations and governments, as well as challenges stemming from operating in conflict zones with limited infrastructure and internet access.
‘Do no harm’
The NRC prioritizes data responsibility and the principle of ‘do no harm’ in its humanitarian efforts, especially when working with digitally inexperienced populations. Galli emphasizes the importance of ensuring that the organization’s digital initiatives do not inadvertently harm the individuals they aim to assist.
“Okta for Good has helped us develop principles and training material for our staff around data responsibility. For us, responsibility goes beyond data protection”
Pietro Galli, Norwegian Refugee Council
Galli shares a poignant anecdote from South Sudan to illustrate the challenges of introducing technology in underserved communities. Despite these obstacles, the NRC continues to leverage digital tools to expand its reach and provide assistance to those in need.
Okta for Good
Okta’s partnership with the NRC extends beyond grants to encompass shared values and support for the organization’s mission. Through various programs and initiatives, Okta enables the NRC to enhance its cybersecurity practices and develop training materials on data responsibility for its staff and the broader sector.
The NRC has created training videos on data protection and GDPR compliance, aiming to make them accessible in multiple languages by 2025. Galli emphasizes the importance of collaboration among non-profits to strengthen their cybersecurity posture and leverage resources effectively.
Commercial relationship
Following a transition to cloud-based infrastructure, the NRC partnered with Okta to streamline operations and enhance security measures. Okta’s identity and access management solutions have enabled the NRC to scale efficiently and implement multifactor authentication policies tailored to different operational contexts.
Looking ahead, the NRC plans to collaborate with local partners to expand its reach and deliver cost-effective, secure digital services. Galli underscores the importance of leveraging Okta’s technology to support the organization’s global initiatives while maintaining robust cybersecurity practices.
