4 ways Okta Access Gateway boosts security for on-prem resources

In 2019, we made the exciting announcement that Okta Access Gateway (OAG) is available to all of our customers. In that post, we described how Access Gateway helps businesses implement modern access management solutions like single sign-on (SSO) and adaptive multi-factor authentication (MFA) across their on-premises applications.

The result is that organisations that operate in largely on-prem or hybrid environments can now leverage OAG to protect their systems against the growing prevalence of cyberthreats. In this post, we’ll take a closer look at the security benefits of Okta Access Gateway.

How does Okta Access Gateway improve security?

Despite a growing trend towards enterprise cloud adoption, almost 70% of organisations still rely heavily on on-prem applications. In some instances, this is because they are still operating on the same legacy infrastructure they adopted decades ago, or because they implemented a hybrid environment mixing on-prem systems with cloud solutions. In either case, if they want to remain secure, these businesses require the same identity and access management functionalities that are employed in the cloud. Okta Access Gateway helps accomplish this, removing the barriers to security that these businesses often face on on-premise systems.

On-prem apps and MFA are no longer incompatible

As organisations continue to make people their security perimeter, hackers have focused their efforts on compromising user credentials. As a result, it’s no surprise that 81% of data breaches are a result of weak, stolen, or reused passwords—and this isn't just on the cloud. Understanding that on-prem resources can have just as much sensitive personal and corporate data as cloud-based applications, bad actors don’t discriminate between the two when conducting account takeover or credential stuffing attacks.

To mitigate these potential breaches, organisations need to supplement their authentication processes with MFA. By adopting a technology like Okta’s Adaptive MFA, organisations can incorporate another layer of security and potentially do away with the threats that come from password use by going passwordless. To date, on-prem systems remain underserved from an MFA perspective—and existing offerings are notably complex to implement, making them unappealing to IT decision makers.

With Access Gateway, we’ve ensured that Adaptive MFA is a given for the on-premise apps used by our customers. As an extension of the Okta Identity Cloud, Access Gateway makes it easy for businesses to extend the Okta SSO and Adaptive MFA from the cloud to on-premises systems, noticeably simplifying the process of securing all apps from the same solution..
VPNs have become a thing of the past

VPNs have inadvertently become villains in the realm of security. While they were originally designed to provide an added layer of security for employees that needed remote access to organisational systems, they now pose a notable threat. A compromised VPN is a hacker’s dream come true—once they break through, they can potentially move laterally across the company’s various servers, applications, and databases.

Unlike with VPN’s, Okta Access Gateway provides access only to specific applications and not the entire network, greatly mitigating the risk of lateral movement in the network. Pair this Zero Trust approach with Adaptive MFA for a much more secure mobile login solution.

An IT admin’s dream: Simplified policy management

Typically, to manage each of their applications and systems, businesses have multiple policies for conducting password resets, account setups, and more. This can be a nightmare for IT admins who have to rely on various sources of documentation to do their job effectively—also posing a security risk if policies are used for the wrong applications. Additionally, managing these policies and monitoring the organisation for compliance can be an arduous task.

By implementing Access Gateway, IT operates with one set of policies that exist within a centralised location and span across all cloud and on-premise applications. This makes it easier to set the right security policies while also enhancing the company’s auditing capabilities. It also reduces user friction as employees have one login across the multiple systems they access and admins don’t have to go to different resources to reset passwords. Additionally, Access Gateway also operates alongside other Okta products such as Advanced Server Access to centralise identity management across all on-prem applications and servers.

Adopting enhanced security intelligence

Access Gateway’s most important benefit is that it provides businesses that operate on-prem systems and applications with access to Okta’s security network—and that goes beyond SSO and Adaptive MFA. By operating alongside proactive threat identification tools like ThreatInsight, businesses can apply Machine Learning-based security to remain ahead of large scale threats and mitigate major attacks. As such, Access Gateway is critical to enhancing an organisation’s security posture, making them more effective at protecting both user and corporate data.

Learn more

Okta Access Gateway is available to all customers. To learn more about how OAG can support you in securing your on-prem infrastructure while reducing costs, check out the following resources:

• Okta Access Gateway: Secure access to on-prem apps and protect your hybrid cloud—without changing how your apps work today - Datasheet
• How To Protect On-prem and Hybrid Cloud Apps with Okta (Fast) - Blog post
• What Is Okta Access Gateway - Video
• Okta Access Gateway - Product page
• Introduction to Access Gateway - Okta help page