One-Minute Webinar: Driving Scale in the Cloud With Okta for Infrastructure

We’re always talking about how every business has had to become a tech company in order to operate efficiently while delivering to customers worldwide. But what we don’t always talk about is that this shift puts a ton of pressure on developers, operations, and security teams.

It’s up to developers to build the software that your internal and external users depend on, while ops teams are tasked with streamlining its continuous delivery, and your security team has to ensure the workforce can be both protected and productive—a tough balance to strike. In this installment of our One-Minute Webinar series, we’ll take a look at why a cloud operating model has become non-negotiable for modern organizations, and how Okta’s latest solutions help make it happen.

Legacy ops have got to go

There’s no two ways about it: there’s no place for on-prem legacy ops at any company whose goal is to grow and scale. That’s why most organizations—84%, to be precise—have adopted a multi-cloud strategy, 70% employ or plan to employ a DevOps program, and half of CIOs that have not transformed their company’s capabilities will soon be displaced from their digital leadership teams.

But why is it so essential to leave legacy systems behind? Simply put, every challenge and complexity they bring is compounded as you achieve scale, and this is especially noticeable when it comes to identity and access management (IAM).

  • If your IAM tools were made for a fixed environment, they won’t be cloud-aware or capable of adapting to dynamic infrastructure, where resources are quickly spinning up and down.
  • Because the surface area of dynamic cloud environments changes rapidly, it can’t be backed by static credentials and shared accounts—nor can accounts be unlinked to identity events.
  • Identity events trigger onboarding and offboarding workflows which must be automated, since manual workflows are slow and result in security risks such as ghost accounts.

The shift to dynamic systems

The solution is to adapt to dynamic cloud infrastructure, but this comes with a new set of considerations. The system should be capable of discovering elastic cloud resources so that you can maintain an accurate inventory of what exactly you’re controlling access to. It also needs to mint ephemeral credentials on-demand in order to minimize surface area and avoid credential sprawl.

Policies and lifecycle management of accounts must also be automated end to end, and these configurations and controls should be API-driven and injected into your existing automation—in short, you need infrastructure as code. This enables you to achieve velocity at scale, while ensuring security. As a result: 

  • You developers have fewer blockers and faster time-to-value on software projects.
  • Your ops teams have less burden and can focus on getting software out the door.
  • Your security teams meet compliance, while minimizing the risk of floating credentials.

Embedding identity into the flow

Of course, dynamic cloud infrastructure also has challenges that compound at scale. For instance, how can you configure infrastructure-as-a-service (IaaS) environments for velocity while meeting compliance standards? And how can you secure DevOps privileged workflows without impacting productivity? 

The critical piece is identity. Having policies that are clearly attributed to specific users and roles, centralized access controls across hybrid and multi-cloud environments, and automated lifecycle management sourced from a system of record are what allow these processes to work at scale.

With Okta Advanced Server Access (ASA), we’ve extended our core IAM functionalities to meet the needs of your infrastructure. Single Sign-On (SSO) and Adaptive Multi-Factor Authentication (MFA) allow streamlined authentication and contextual access controls for your server logins. Okta Universal Directory (UD) acts as the single source of truth for your servers, while Lifecycle Management (LCM) automates the provision of server accounts from end to end. Okta ASA unleashes the full benefits of our platform for your cloud environment.

How Okta ASA works—and why it matters

With ASA, you can assign your Okta users and groups to Projects, which encompass all the servers they require access to. Once users and their devices have been authenticated in Okta, they can be authorized for the Projects they belong to through role-based access controls; this is done by minting a short-lived and tightly-scoped client certificate, which is injected with metadata from the user ID and device ID. 

The best part of all this is how Okta UD and LCM work together so that you can scale these workflows across tens of thousands of dynamic servers spanning multiple clouds, all spinning up and down constantly. All you have to do is decide which Okta groups you want to assign to the Okta ASA application—and from there, you can configure who has access to which servers in ASA, and fully automate account lifecycles.

Adopting a culture of automation is key for any organization to succeed at scale, but more than that, they need to integrate security and identity within the automation process, as early as possible in the product lifecycle. Since software development automation moves through those stages from left to right, the goal should be to “shift left”—in other words, to get those security and identity controls closer and closer to the start, so that when the machine processes take over, they have the proper guardrails in place.

In short, identity and access management, like security, must be embedded into your cloud operating model through automation, so it never becomes an afterthought for your DevOps and security teams. And by bringing the best-of-breed solutions of the Okta Identity Cloud to your dynamic infrastructure, Okta Advanced Server Access does just that. 

For more insights on moving to a modern cloud operating model, check out the following resources: