Insights from the Spectra Alliance: Our Perspective on Zero Trust
Have you heard of the Spectra Alliance? It’s a security coalition that brings together four best-of-breed platforms to deliver Zero Trust security at scale—and Okta is one of them.
We originally joined forces with CrowdStrike, Netskope, and Proofpoint to support businesses as they navigated the early impacts of the COVID-19 pandemic. Since then, we’ve formalized our partnership and developed a comprehensive Zero Trust architecture that securely enables seamless remote work, fine-grained access management, threat remediation, and compliance.
Now, the Spectra Alliance is taking the opportunity to share its learnings from the past year. In the upcoming “Your Journey to Zero Trust: What You Wish You Knew Before You Started” webinar on August 12, 2021, executive leaders from each partner company will discuss the critical role that Zero Trust plays in securing organizations. They will also share tactical tips for scoping elements of Zero Trust and how they can be implemented.
In anticipation of this important conversation, here’s a peek at some of the points that are top of mind for security leaders.
Zero Trust has never been more important
Protecting systems, personal information, and proprietary data has always been critical, but there are now many more reasons for companies to prioritize security. To start, cyber threats have evolved alongside technology. Phishing, credential stuffing, and malware attacks are much more sophisticated than they were even two years ago, and organizations now need enhanced security if they want to guard their assets (and their reputations).
Not only that, but these attacks have become increasingly effective with the rise of remote work. While companies have been steadily moving away from the traditional network security approach, the COVID-19 pandemic forced many to quickly adjust their long-term strategies—and bad actors have exploited the situation.
This is a challenge that impacts both the public and private sectors. In response to large-scale attacks like the SolarWinds and Colonial Pipeline incidents, President Biden recently signed an Executive Order focused on improving the US’cybersecurityy and protecting federal government networks. The Order acknowledges that most cybersecurity defenses are ineffective and that there’s an opportunity for the private and public sectors to work together to develop (and abide by) best practices.
The Executive Order may also result in a cybersecurity safety review board as well as a standard playbook for responding to cyber incidents—both of which will help set the standard for what companies need to do in order to protect their systems and users.
Organizations are investing in Zero Trust
According to our 2021 State of Zero Trust Security report, 90% of companies around the world claim to either have a Zero Trust initiative in place or are planning to have one in the next 12–18 months—that’s up from just 41% in 2020.
This number is even higher among Forbes Global 2000 companies, with 95% showing a commitment to Zero Trust. These companies are also investing more in Zero Trust security; 83% have boosted their budgets due to changes brought on by the pandemic.
At the same time, we’re seeing companies in various regions progressing through the stages of our Zero Trust Maturity Curve, adopting key security and identity initiatives like single sign-on (SSO), multi-factor authentication (MFA), and API access management. As they move forward on the path towards Zero Trust maturity, organizations are also prioritizing comprehensive solutions that set them up for success in the long term.
But, the question remains: what does an effective Zero Trust strategy actually look like?
The value of putting identity first
As Gartner indicated earlier this year, identity is the new perimeter. As such, getting Zero Trust right means having a centralized control panel that can evaluate who gets access to what, when—and in what context. Understanding that there’s no one silver-bullet solution for Zero Trust (and that identity is just one essential part), Okta has a number of integrations with our Alliance partners to help you along the journey to Zero Trust—each of which can protect against threats and also improve operations across your security stack.
For example, Okta and Proofpoint allow organizations to accurately identify and rapidly respond to credential phishing attacks. While Proofpoint pinpoints at-risk users, Okta places those individuals into a group and rolls out specific authentication policies for them. Our two platforms also work hand in hand to neutralize incoming attacks.
Meanwhile, Okta and CrowdStrike work together to deliver real-time, identity-related threat protection across all endpoints. This integration between CrowdStrike and Okta’s SSO and Adaptive MFA solutions helps enable fast, secure, context-aware access to resources without compromising on compliance.
Using the Okta and Netskope combined solution, enterprise policies can cover sanctioned applications, web services, and unsanctioned SaaS usage on managed and unmanaged devices. When Netskope detects that a user has violated an enterprise policy, Netskope calls out to Okta to trigger step-up authentication via MFA. Then, based on the response from Okta, Netskope can suspend a session or re-validate the user.
These are just some of the ways that the Spectra Alliance helps cover all the bases for Zero Trust—and we’re excited to bring it to organizations across sectors so that they can capitalize on today’s security momentum.
To find out if a robust Zero Trust architecture is the right fit for your organization, how to scope and implement Zero Trust security, and how the Spectra Alliance can accelerate your journey, register for our upcoming webinar.