One-Minute Webinar: How Okta’s Security Team Protects Our Remote Workforce

At the onset of the COVID-19 pandemic, we were told by health and government officials to stay home and stay safe. Ironically, when it comes to corporate technology, home is one of the least secure places we can be.

Allowing employees to work remotely can leave organizations susceptible to a number of security threats. And with the pandemic giving us no other choice, businesses everywhere have been scrambling, trying to protect company and customer data while maintaining productivity. In the third installment of our “Okta-on-Okta Remote Work” webinar series, we explore the unique challenges our security team faced while supporting and securing a distributed workforce. From securing VPNs and prohibiting access from unknown devices to creating safe environments for digital events, here are some of the things we’ve done that you can adopt at your organization.

Protecting the new perimeter: our people

For many organizations, shifting to an entirely remote workforce has highlighted the importance of having a modern identity and access management solution. Focusing on network security isn’t enough. At Okta, we understand that our employees are the first line of defense when it comes to protecting our company and customer data. As a result, we’ve further enabled our workforce with the following:

Access control

We’ve been using Device Trust to ensure employees can only access corporate resources from their work laptops. With solutions like Single Sign-On (SSO), we’ve also created access policies that are specific to remote work environments.

Simple authentication

If security policies are too complex, users may try to bypass them, using tools that are neither vetted nor monitored by the company. To prevent this from happening, we’ve made the authentication experience as seamless as possible with passwordless options, multi-factor authentication (MFA), tokens, and biometrics.

Remote onboarding

Welcoming new employees to distributed teams was challenging at first. But we’ve since created processes that allow us to set up and deliver hardware—without having to share corporate data with outside vendors. Automated user provisioning and deprovisioning, which has always been in place, also helps to secure our workforce.

Employee training

Education has been vital to helping employees make smart, safe decisions while working remotely. Using our online learning management system, we’ve hosted interactive sessions that allow opportunities for questions, engagement, and discussion, just like in-person training. We also send emails to keep employees up to date on evolving policies and provide additional resources.

Home office support

We’ve created a program that lets employees expense the equipment they need to securely—and comfortably—work from home, including extra monitors, screen shields, and ergonomic furniture.

Turning vendor relationships into secure partnerships

As our employees adjusted to life (and work) at home, their technology needs changed. Unsurprisingly, we noticed a massive uptick in Zoom and Slack usage, but we also received more requests for app integrations and other solutions that could improve how our customers collaborate and interact with data.

This created a new challenge for our security team, as they’re responsible for ensuring that all services meet Okta’s requirements. To help with this, we expanded the review stage of our procurement process, and started looking at third-party vendors through a partnership lens. This approach was instrumental in helping us move events, like Oktane20, to a virtual environment. The process not only secured our conference platform, but also protected our speakers, partners, and attendees.

Preparing for a future in the cloud

Part of what made it easy for us to support a fully distributed workforce was the fact that we’re based almost entirely in the cloud. Still, our security team—like other organizations that have gone remote—had to take additional steps to protect against human error, fraud, and hackers, among other threats.

For example, when people work together in an office, it’s easy for IT to monitor for potential threats and go to an employee’s desk to help—but that’s no longer an option. Instead, we’ve established new protocols for when incidents do occur, leaning on endpoint detection and response tools to investigate problems from a distance.

The COVID-19 pandemic has proven that cloud-native solutions are the future, and that it’s time for businesses to move away from traditional, on-prem architecture. Moving to the cloud is a marathon, not a sprint. Whether you’re operating a hybrid or legacy IT environment, tools like Okta Access Gateway can help you to cross the finish line and make a safe transition to the cloud.

For more insights on how we’re redefining our workforce, check out the following resources: