Here’s How to Resist Phishing in a Heterogeneous Workforce

Here’s How to Resist Phishing in a Heterogeneous Workforce

Organizations manage a broad ecosystem of users, from employees and contractors using the same access points to business partners collaborating throughout the supply chain. How do you keep this dynamic world connected, flowing, and, most importantly, safe from social engineering, like phishing, and other workforce risks?

Keep access to resources fluid, but safe

Today, we’re unveiling new Workforce Identity Cloud enhancements that reflect the needs of dynamic workforces. The protections of the platform are expanding with you.

Enhanced controls for WebAuthn + passkeys management 

For EA release in Q1 2023, we’re announcing more granular controls for WebAuthn authenticators. These options allow admins to allow or block specific FIDO-certified authenticators and to initiate easy WebAuthN enrollment for employees. These controls can help to prevent hardware-based phishing attempts and also ensure that only valid and approved WebAuthN Authenticators, like Yubikeys, can be enrolled.

Taking it one step further, you can also contain the security risks associated with proprietary passkeys. For example, admins can block the passkey for an individual, certain groups, or everyone. These controls can also prevent enterprise credentials from being backed up to an end user’s personal cloud account. These Passkey Management features are currently in Early Access.

Enhanced security checks for unmanaged devices

Your people are located everywhere, but so is your technology. Your dynamic, remote, and diverse workforce uses a myriad of devices and operating systems. In the face of these expectations, your IT team must have total control of how they’re using these resources—wherever and whoever they are. 

BYOD activity and unmanaged devices are simply part of the new terrain, but security teams can gain the needed insights by using risk signals. Through posture checks, teams gain visibility into every device attempting to connect to your apps and data. Security can use this data to define appropriate access policies to enforce their security posture.

warning found1

Enable secure, phishing-resistant access—throughout the enterprise 

Since 2020, Fastpass has allowed for safe, frictionless, passwordless authentication across your organization's apps, devices, and operating systems. Today in early access (EA), Advanced Phishing Resistance for FastPass ensures that authentication requests come from the correct server. Stolen keys are useless as the system prevents them from accessing Okta-protected sites and apps. This enhancement to Fastpass allows your direct employees the same ease of use, with added peace of mind for your security teams.

And coming soon, we’re broadening the scope beyond direct employees. We’re extending the abilities of FastPass to span and protect your expanded ecosystem. 

Let automation keep your disparate workforce safe

Since 2020, Okta Workflows, our identity automation and orchestration platform service, has made it easy to automate identity processes without writing code. Now we’re bringing that power and simplicity to your security posture. With the following new Workflows tools, you can automate your response to potential security incidents, at scale, through our powerful Workflows technology.

Security templates

These security-focused templates enable automation across the top security operations center processes. These templates give teams the ability to monitor and improve your organization's security posture—continuously. This insight allows them to detect and respond to critical security incidents by identifying changes in user behavior that indicate a risk to the organization.

security ops

Connector builder

Our no-code connector builder enables Okta partners and ISVs to author new Workflows connectors. Admins can easily build custom tools, and Okta ISVs can build connectors for their own users. This tool enables teams to build within their own ecosystems while enhancing the value they gain from the overall Okta platform. This powerful tool has paid dividends for our customers in creative ways.

What’s next

We’re committed to the continuous improvement of our Workforce Identity Cloud solution. We invite you to stay in touch and learn more about our insights and capabilities with some related content:

Phishing Resistance and Why it Matters

Available Workflows Templates

How NTT Data Automates