Today at Okta we launched an exciting addition to our service that enhances our ability to better address the security issues associated with cloud adoption. We’ve added very rich support for multifactor authentication, so our customers can now easily apply an additional layer of security to their application access strategy, and it works with web and cloud applications, whether they are accessed on the Internet or via a VPN.
In the old on-prem software world, apps were only accessible to users on the enterprise private network. Users had to be in the office or on the VPN. In that sense, it was relatively easy to add protection on top of basic username and password. You either had to get into the building, or you had to get onto the VPN. VPNs are fairly easy to protect with multifactor authentication, either by distributing x.509 certificates or RSA style security tokens. Either way, if someone tricked an employee into divulging their password, your private on prem apps were still protected.
Until now, there hasn’t been an equivalent set of options for the cloud. Each SaaS vendor uses its own identity stack, with separate usernames and passwords. Adding MFA was nearly impossible because you’d need a separate token or cert for each app – not very practical.
The problem is not going away and in fact recently there has been a constant flow of stories about websites, companies, and individuals getting hacked, whether it’s Sony’s big data loss, RSA’s compromised token infrastructure, or various celebrities getting their email and Twitter accounts broken into. Here are some relevant facts:
- 75% of users use the same or nearly the same password across several apps, personal and work related.
- Broad spam based phishing attacks are still rampant, spear phishing attacks are getting more common, and they work .
- All of this is causing large security vendors to acknowledge that end users need more help and IT has to think differently. Kevin Haley, director of Symantec's security response team commented recently:
“We used to say, 'Those stupid users, they're falling for obvious attacks,' but we can't do that anymore, maybe we shouldn't have done that in the first place," said Haley. "The social engineering [in targeted attacks] has reached a point where it's pretty incredible."
The need to increase the security of enterprise cloud infrastructures is real and making multifactor authentication easy for IT and end users to adopt and deploy is a big step in the right direction.
Okta’s approach to MFA solves this security problem very elegantly, and shows the power of our cloud centric architecture. Our customers connect all of their apps to Okta using our catalog of over 1000 pre-defined application integrations. Users can then easily access all of their apps and admins get a single point of control to enforce policies across all apps. With that single policy, and our newly announced native MFA support, admins can easily enable MFA for some or all applications from one central location. Further, Okta integrates with leading SSL VPN solutions from Juniper and Cisco which means that you can also apply those same MFA policies through Okta to govern VPN access to behind the firewall web applications as well.
Our initial multifactor authentication implementation includes native support for an additional security question, as well as an Okta developed soft token that runs on market leading smartphone platforms. End users can manage their own tokens leveraging popular consumer app stores, so the heavy lifting of distributing soft tokens is eliminated. Policies are flexible, with controls based on location, frequency and application. All of this is built by Okta and delivered as a part of the core service. And of course, just like we integrate with over 1000 SaaS and web applications from various vendors today, Okta will also integrate with 3rd party MFA vendors if customers have an existing solution.
But for those enterprises who are just adopting MFA or looking to make a change, Okta now offers an easy-to-deploy-and-maintain solution as part of our core service – no additional vendor to manage, no additional cost.
We are very excited to help accelerate the use of MFA in the enterprise cloud arena, and to knock down yet another obstacle to cloud adoption as a whole.