In with the Old, in with the New: Adapting Legacy Security Investments for the Modern World

ThijvvX 8XqYlY3j6JdRZAG1tVLyuGOas755kYhIgk5PZ4iEpW10WvrerEfeaTvaVnWxTvew2DPNAvvpceHH98LFPkQDxWrjlc17KwknxxuJCv7nYbhMJf0TmYvSREgBkOqC5iM9kyghjKSXfax9Jk4

The Jetsons show the Flintstones their modern machinery (Image credit: The Movie Database)

Have you ever heard the phrase “sometimes you have to go back to go forward”? As we at Okta look to modernize everything Identity and security, we also realize that we are beholden to our customers by helping them leverage existing investments. In the federal government Identity world, that tends to mean allowing government agencies (and their partners) the ability to leverage their legacy PKI identity infrastructure. 

The Common Access Card (CAC) that the DOD uses and the Personal Identity Verification (PIV) card used across the Federal Government have been the standard for user access to government systems and locations for almost 20 years. It’s been a hefty investment, and it’s not something “we” can quit easily. The older the system gets, the more brittle, cumbersome, and expensive it becomes. But it’s here for the foreseeable future. 

This is why it’s important to stay in touch with your past but keep your eyes on the future. As I said earlier, this is something that we at Okta pride ourselves on. Our mission is to seamlessly connect any user to any data via any application. In that spirit, we’ve been hard at work on a couple of amazing additions to our capabilities set to help bridge the gap between the past and the future:

PIV/CAC as an Authenticator: Support of the old. Smart Card Authenticator, a frequently requested feature, will allow agencies to leverage their investments in legacy PIV/CAC infrastructures in a new, application-focused, Zero Trust way. Imagine using a modern authenticator to get in the front door and then step up to PIV/CAC-based authentication to access a critical application serving up protected, highly sensitive data. Unlocking the potential in existing legacy investments is critical on any Zero Trust journey.

Allow List for FIDO2/WebAuthN Authenticators: In with the new. Allow List for FIDO2 (WebAuthn) Authenticators helps facilitate the adoption of strong, modern authentication by leveraging standards-based, highly secure WebAuthN for an agency's most sensitive applications. Admins can now control which authenticators can be used (or are required) for access to certain applications. This gives agencies the flexibility to apply the right level of authentication to the right data.

While adhering to the many standards and directives around Identity, don’t lose sight of the importance of strong security AND great user experiences. Features like the ones mentioned above strive for both and help get us one step closer to the Zero Trust and good user experience we’re all trying to build.

If you’d like to learn more about Okta’s Smart Card Authenticator, visit the product page here. You can learn more about Okta’s Allow List for FIDO2 here