Looking for Okta Logos?

You can find all the media assets you need as part of our press room.

Download Media Assets

3 On-Prem Security Myths Debunked

Frederico Hakamine
Frederico Hakamine
Sr. Technical Product Marketing Manager

As technology evolves, we’re often faced with misconceptions around how it works and how we can use it. Whether it’s that Apple computers are immune to viruses or that private browsing keeps user activity anonymous, there are a number of security myths that surround our technology—and change how we use and protect it.

This trend applies to both personal and business contexts. Within the enterprise, decision makers are often swayed by common misunderstandings around securing corporate resources. For instance, despite the hype around cloud computing, 98% of enterprises still rely on on-prem systems and servers. In part, this is because they believe that the cloud presents more of a security risk than their on-prem systems—but that’s simply not true. 

Three myths that get in the way of on-prem security

In my previous post, I discussed how Okta Access Gateway enhances organizational security. Now, I’ll explore three on-prem security myths that have no place in today’s enterprise, and how Access Gateway helps change the game for these types of environments.

Myth #1: On-Premises systems don't require the same security as cloud systems

As businesses adopt new technologies, it’s easy for them to dismiss their legacy infrastructure as not being refined enough to hold potentially compromising data. However, personally identifiable information remains highly sensitive regardless of whether it sits on Salesforce or on PeopleSoft. Additionally, many on-prem business applications, like Oracle’s E-Business Suite, are also responsible for hosting classified corporate data including trade secrets, business process intelligence, and financial information.

Understanding this, hackers don’t discriminate between on-prem and cloud-based applications when they’re looking to breach an organization.

Myth #2: On-prem is inherently more secure than the cloud

Due to the belief that on-prem systems are inherently secure, organizations rarely implement cutting-edge security in these resources. Meanwhile, cloud infrastructure is increasingly enabled with security features like bot protection, biometric authentication, and adaptive multi-factor authentication (adaptive MFA).

However, on-prem systems that operate within an organizational network are particularly vulnerable, especially with the rise of data breaches caused by internal employees. Currently, 87% of businesses point to human error as their biggest security threat and 59% suffered an insider attack in 2018, up from just 33% the previous year.

With these looming threats, the adage, “it’s only running on our intranet” is no longer a valid security claim. Companies need to treat these on-prem systems with the same level of security as any application hosted on the public cloud.

Myth #3: Securing on-prem resources is a complex process

Up until recently, securing on-prem systems has been a daunting task—especially for businesses operating with legacy identity infrastructure. Implementing access management meant deploying complex vendor-specific MFA solutions and servers for each system, which resulted in a number of disjointed MFA policies across the organization. Since many of these MFA solutions used hardware tokens, this resulted in expensive solutions, with poor end-user experience for any admin or employee that wanted to access the tools to do their job.

However, new integrated identity and access management solutions are eliminating the infrastructure and MFA hardware complexities.

Three myths, one solution

So, what have we learned? In order to effectively protect themselves, businesses need to understand that their on-prem systems and applications are not secure enough to manage the sensitive data they hold—and that implementing the right level of security doesn’t have to be an onerous task. These three debunked myths can all be addressed with a comprehensive identity management solution that prioritizes security and simplicity. Enter Okta Access Gateway. 

By implementing Access Gateway, companies can deploy tools such as Single Sign-On (SSO) and Adaptive MFA to control access to their on-prem resources using the same platform that serves their cloud-based applications. In this way, Access Gateway replaces legacy Web Access Management solutions and on-prem MFA servers that are known for being insecure, inefficient, and incompatible with systems hosted in the cloud.

Okta also provides out-of-the-box integrations to more than 6,000 applications, including on-prem resources that contain sensitive data—Sharepoint, PeopleSoft, E-Business Suite, and more. This means that organizations can embed modern security features across all of their systems, drive improved compliance with data protection regulations, and enhance the experiences of admins and end-users alike. In doing away with the myths that surround on-prem security, organizations can take another step towards future-proofing and protecting their infrastructure. 

Learn more

To learn more about how Okta Access Gateway can help you secure your on-prem infrastructure, check out the following resources: 

Oktane18 mini
Frederico Hakamine
Sr. Technical Product Marketing Manager

Frederico is a jack of all trades and master of none. He has been designing, developing, customizing, and breaking systems for more than 10 years in the field. Frederico spends his time at Okta developing code and promoting the Okta Platform and APIs. In his spare time, he cracks some code for his wife's startup and works on silly projects like his own beer and music.