The traditional workspace is a thing of the past. Employees need to stay productive whether they are working from the office, home, or a coffee shop – any location with access to the internet could be a potential workspace. This trend in work habits is largely due to the increased adoption of cloud applications in the enterprise – whether you have a cloud-only, cloud-first, or hybrid-cloud strategy, SaaS applications play an important role in enhancing employee productivity. And, as an employee, you want to retain consumer like digital experiences, even with corporate applications.
The increase in SaaS applications is coupled with an increase in the various device types that are used by employees to access corporate applications and data. Traditionally, we would see an employee work from the office, on a Windows device joined to Active Directory. However, that traditional approach is not scalable, as employees need seamless access to corporate apps regardless of their location. The proliferation of devices presents a new problem to IT administrators – IT admins no longer own the device and the network, so what is the best approach to ensure secure access to corporate data?
Moving past the perimeter based approach to security, to a modern, identity led approach is critical in the era of managing access from networks outside your perimeter. The internal network is no more secure than the outside network, which introduces the concept of ‘gated’ access based on a user’s identity and their associated device.
Two of the commonly accepted approaches to a modern, enterprise security model are Forrester’s Zero Trust Model and Google’s BeyondCorp. These approaches emphasize the need to enforce security inside the perimeter, just as strongly as you enforce security outside the perimeter, along with the concept of least privileged access to applications. All users, devices, and networks involved in accessing corporate data should continuously be evaluated against a set of policies that define if access is legitimate. Both the Zero Trust Model and BeyondCorp are vendor agnostic models that specifically emphasize the concept of “trust no one” until identity and device security posture are proven and validated.
At Okta, we are enabling customers to implement a Zero Trust solution via our contextual access management feature set. This encompasses our device trust solution, along with our adaptive and behavioral MFA policies and partnerships with our security analytics vendors. Our contextual access management is optimized to ensure a seamless end user experience, best of breed integrations with EMM vendors, and a low complexity setup for admins. To learn more about Okta’s strategy for Zero Trust, see the whitepaper here.