Security Built to Work Outside the Perimeter
People are the Perimeter
We all know that the days of working within four office walls are long-gone, in fact 43% of Americans work remotely at least some of the time. Your team works from their desks, but also from home, from the airport, from the coffee shop around the corner—the list goes on. Your employees are using modern cloud applications that allow them to work from anywhere, but is your security solution keeping up with this new perimeter? Keep your company out of the headlines and your end users happy and productive.
Threat Actors are Becoming More Sophisticated:
SMSishing:
“Trojan horse” text messages hackers will send to phones and then steal your data.
Phantom Fingerprints:
Hackers can lift fingerprints from photos taken up to 10 feet away.
Security in a borderless world:
7 of the 15 fastest growing apps in Okta’s network in the past year (Jamf, KnowBe4, DigiCert, Cisco Umbrella, Mimecast, Sophos, and CloudFlare) are security tools or have security use cases.
People are the Perimeter:
A data breach can cost a company
$3.6 Million
What is the Difference Between 2-Factor Authentication, Multi-Factor Authentication, and Adaptive MFA?
91% of phishing attacks target credentials.2 To prevent phishing attacks and meet a growing list of compliance requirements (PCI, HIPAA, NYDFS, NIST, and more) you need an authentication solution. But how do you choose between the complex options available? We made some sense out of all the acronyms for you:
2-Factor Authentication (2FA)
• How it works: Users must supply another, secondary factor after the primary factor (typically a password) to prove identity.
• Potential gaps: Only one additional layer of identity assurance with limited flexibility. Plus, it can be annoying to the end user to always require a second factor.
Multi-Factor Authentication (MFA)
• How it works: You prompt the user and grant access based on a spectrum of possibilities, including inside/ outside corporate networks, blacklisted/whitelisted sets of IPs, and application policies. You can set this up based on multiple data points and factors derived from login attempts, such as third-party tokens, biometrics, and SMS.
• Potential gaps: Static rules may not be as flexible and can still overburden the end user; does not surface unusual authentication behaviour.
Adaptive Multi-Factor Authentication (AMFA)
• How it works: A flexible system for prompting for additional identity assurance. Okta’s Adaptive MFA solution determines when to prompt for step-up authentication prior to granting access based on device and user context. Prompts are dynamic based on user and device context to prevent over-burdening the end user.
Here’s why Adaptive Multi-Factor Authentication is the secure, “won’t generate tons of helpdesk complaints” option you’ve been looking for.
1. Use Factors and Policies You are Comfortable With
You have to balance security and end user flexibility to meet security and compliance requirements for your organisation. Some end users might be at their desk, others might be on the go, and end users aren’t just your employees any more. Customers, partners, and suppliers are all demanding access on-the-go and on multiple devices—3-4 on average.
When you have enterprise-grade security standards, device context between any two BIG-IP devices on the network is also critical. In addition, you want the flexibility to leverage various factors for authenticating your users, whether it’s security questions or including biometrics, no matter where they are.
No matter the factor or the policy, Okta’s Adaptive MFA can handle it
Are your users team-Apple or team-Windows? Split? Of course. Okta Adaptive MFA supports biometric-based factors for all the fans such as Windows Hello and Apple Touch ID. Prefer another hard token? Yubikey is your new best friend. This flexibility allows you to provide an extra layer of defence to confirm all the identities before to providing access.
On top of that, why limit yourself to mobile? Adaptive Multi-Factor Authentication allows you to choose the second factor authentication needed based on employee role. So Bob in Accounts Payable can verify via mobile SMS, and Jan in Customer Success can authenticate via Google Authenticator, and Alex in the call centre, who cannot use his mobile device, can use Windows Hello. Bob, Jan, and Alex don’t hate IT for making access difficult and you rest easy knowing they’re keeping your data safe.
Don’t leave the team frustrated. To ensure strong authentication services from standing in line at the airport to the dining room table, Okta Adaptive MFA allows you to set organis