How to Secure Your Workforce’s Devices with Okta
Beyond social and economic disruption, the COVID-19 pandemic has shone a light on the fact that if they want to operate safely, businesses need to be able to secure the various access points to their resources—and that includes devices. All over the world, we’re seeing people make workspaces out of living rooms, bedrooms, and outdoor decks. And oftentimes they’re using their own devices to get their work done.
Up until now, device security has been a thorn in the side of IT and security teams in organizations of all sizes. But Okta is changing that.
In our previous posts, we discussed how devices are changing the way people work and addressed the biggest obstacles your company faces when securing them. This article will explore the features Okta has developed to support you in deploying simple and effective device security (without acting as an endpoint management tool) to your remote workforce.
A refresher: Why securing devices is a challenge
Employees are increasing their reliance on personal devices to do their job, and this means businesses are exposed across a growing network of endpoints with varying software and operating systems. As such, companies often struggle to provide consistent authentication experiences and policies, leaving significant potential for security vulnerabilities.
In addition, if your business still employs traditional on-premises identity tools like Microsoft Active Directory, it may not be able to integrate modern endpoint security solutions and can’t effectively deploy security updates to devices beyond their network. At the same time, organizations tend to use different solutions to secure users and devices, and these can’t be easily reconciled. As a result, device security has so far been an awkward and complex process that can negatively impact your ability to enable and protect your workforce.
Have you heard? We’ve used data from the Okta Integration Network to see how organizations are enabling and securing their remote workforces during the COVID-19 pandemic. Learn more.
A new approach to device security
Our customers have always inspired us with their ability to respond to changes in their industry and other, broader influences. As they’ve grown and adapted, they’ve helped us understand their challenges in device security.
The Okta Devices platform service is designed to give your organization robust visibility into the hundreds or thousands of devices accessing Okta, enable contextual access decisions, and offer a consistent passwordless user experience.
With Okta Devices, there are four device classifications that can support admins in enforcing contextual access decisions for the resources that sit behind Okta.
1. Known devices
In this use case, Okta can identify whether it has seen a particular device before. When a device logs into Okta, we create a device fingerprint, a functionality that allows admins to create policies based on new device detection.
For example, admins can set a behavior detection policy across a certain number of user logins—let’s say 50. If a user logs into Okta on a device that they haven’t used in over 50 logins, then they will be prompted for additional information via Multi-Factor Authentication (MFA). If the login is successful then the new device becomes a known device and subsequent logins will check for that fingerprint.
2. Managed devices
Your business probably uses an endpoint management tool, such as Jamf Pro, Microsoft Intune, and VMware Workspace One. With Okta Devices, your admins can check if a device is being managed by such a tool before it’s allowed to access resources.
If a device isn’t managed, there are a few options IT can implement with Okta’s Device Trust feature, which is compatible with all endpoint management solutions. In this instance, the user can be prompted to enroll their device into the endpoint management system, be prompted to provide MFA, or denied access completely.
3. Registered devices (roadmap feature)
At Oktane20, we discussed a number of new features that are being enabled by the Devices platform service. These will largely be powered by our Okta Verify app, which will soon be updated on Android and iOS and relaunched on Windows and macOS. In this new iteration, users will be able to register their device on Okta Verify, which will then create a strong user-device binding in Universal Directory, providing admins with a clear, centralized view of their device inventory.
Secure devices (roadmap feature)
As we continue to develop our device security features, we’re working hard to enhance device context in our platform by checking for true security posture. One of our upcoming features, Endpoint Security Integrations, will integrate with endpoint detection and response tools, such as Crowdstrike and Tanium, to enable the creation of device-specific access policies.
In practice, this could block access from devices that have malware or have had their firewall disabled until the issue is remediated. As a result, businesses can rest assured that users can only access Okta on uncompromised devices.
Keeping your devices secure
Over the last few years, device security has become an important component of enabling the workforce while reducing potential security risks. And with the vast growth in remote work we’re seeing as a result of the COVID-19 pandemic—as well as the increase in identity-focused attacks—it’s more critical than ever to ensure that all endpoints are secure.
With Okta Devices, your business can enable fast, efficient responses to mobile security threats, simplify the creation of centralized access policies, and deliver passwordless authentication experiences that streamline access to the corporate tools users need. In this way, as you and your workforce continue to navigate changes to the way you operate, you can ensure that your employees are working securely and effectively from the devices they have at home.
If you’d like to learn more about device security and how Okta can help, check out the following resources:
