Arun Kumar Elengovan

Arun is a Senior Manager, Engineering Security at Okta. As a founding member of this team, he’s familiar with driving security strategy and execution across the company’s engineering organization. With 15+ years of experience, Arun specializes in security architecture, secure software development, risk management, and security operations. He holds CISSP, CEH, and an Advanced Cloud Security Practitioner credential, with expertise in web security, cloud infra security, cryptography, and secure identity frameworks. Arun has successfully led large-scale, cross-functional security initiatives, integrating security seamlessly into agile development and is passionate about building scalable security frameworks and empowering teams to achieve security excellence. Outside of work, Arun enjoys flight simulation and refining his virtual piloting skills, driven by his passion for the skies.

Mihai Iacob and Bryan Honan and Arun Kumar Elengovan

February 19, 2025

Content-Security-Policy in a Complex Environment

Content-Security-Policy (CSP) is essentially allow-list policy that dictates what a web page can load. CSP is complex to implement and rollout - even a minor mistake could mean that important parts of the page will not load, which in Okta’s case could mean trouble authenticating. This blog article aims to provide a glimpse into our secure implementation journey and guidance for the industry based on lessons learned.