It’s no secret that we’re experiencing a dramatic shift in the way we conduct business, the way we manage our workforce, and the way we interact with our customers. As companies worldwide respond to the unprecedented effects of COVID-19, we’ve seen these changes play out in how organizations accommodate both their employees and their customers. One thing is clear: at a time where face-to-face interaction is limited, it’s more important than ever that our digital experiences are as seamless as they are reliable. This means it’s more critical than ever to have strong security measures in place—ones that protect a greater volume of user and corporate data without hindering access to online products and services.
At Okta, we’re committed to keeping our services up and running for our customers around the globe, and supporting them as they face changes to their operations. We want to help you put the right measures in place to secure your users and customers. As part of that endeavor, we’ve compiled three key areas to focus on as you review the role of identity and access management (IAM) within your organization.
Reinforcing your remote workforce
To effectively create social distance, companies are being encouraged—if they are able—to have their employees work from home. This has spurred an increased adoption of remote work strategies, enabling employees to access the tools and applications they need (e.g. email, communication platforms, documentation) from their home network.
However, this approach does come with risks. Tools that commonly enable remote access to company resources, such as virtual private networks (VPNs) and virtual desktop infrastructures (VDIs), are particularly attractive targets for cyber attackers. And once a hacker gets past these firewalls, they have access to all of your networks, systems, and data. As such, securely enabling a remote workforce requires the right infrastructure to ensure that each access request is valid and safe for the organization.
As your company adopts additional applications to enhance collaboration across an increasingly disparate workforce, IAM functionalities like single sign-on (SSO) and context- and risk-aware multi-factor authentication (MFA) can help increase your security posture without compromising productivity.
Of course, remote workforces are nothing new. In the past few years, we’ve seen more and more companies offer flexible working arrangements. We’ve also seen many of our own customers lead the charge in deploying secure solutions for their employees, enabling them to access their tools from various locations, whether that’s home, a coffee shop, or a hotel.
HackerOne, for instance, is a company that employs ethical hackers from all over the world to find bugs and vulnerabilities in their customers’ IT systems. The company has grown rapidly and its lean IT team was finding provisioning new, remote employees a complex task.
Using Okta’s Identity Cloud, HackerOne automated the provisioning process, reducing the burden for IT. The company also set up Okta’s cloud-based SSO and MFA to create seamless authentication and authorization experiences for their remote employees, allowing them to strengthen their security posture and eliminate cumbersome on-prem technologies. These solutions have made HackerOne more agile when it comes to adopting new applications and services, better positioning the company for future growth.
Keep privacy center-stage
As companies navigate this uncharted territory, it’s important that we don’t lose sight of user privacy. This year’s RSA Conference offered a reminder that privacy is a major area for concern for executives as they face various regulations including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Children’s Online Privacy Protection Rule (COPPA). As organizations balance compliance and user experience in this new privacy landscape—where customers are increasingly aware of the steps companies have to take to secure their data—compliance has become a must for any business that wants to avoid a large-scale breach and retain customer trust.
To stay ahead of privacy concerns, businesses need innovative solutions to streamline and automate their compliance and consent processes—all of which should rely on user identity. This reduces the burden on IT and minimizes the operational complexities of monitoring and auditing compliance. To that end, we’ve partnered with privacy solutions like OneTrust and Datagrail, so that you can easily adopt the privacy and consent tools you need across your infrastructure.
Evolving security priorities with the times
Since the start of 2020, we’ve seen a number of emerging trends representing a shift in security spend. Moving beyond using identity and access management at the frontline of their networks and applications, companies are also starting to embed security and privacy at the development stage, ensuring that these factors are in play throughout the development lifecycle.
This is where DevSecOps comes in. The current pace of innovation often leaves developers struggling for time or resources to build robust identity and security measures through every stage of the product lifecycle. By adopting a DevSecOps practice, teams can engage with the tools and architectures they need to prioritize and automate security integration, ensuring it is embedded across the product lifecycle.
As your company maintains its operations—albeit within a very different context than we’re used to—it’s important to keep these and other security-forward approaches embedded in your short- and long-term strategies.
At Okta, we’re proud to partner with our customers as they face complex challenges both within the regular business landscape and beyond. Feel free to share your stories with us and let us know how we can help.
For more information on how we’re supporting customers during COVID-19, see the following resources: