Solution Brief: Secure your company with identity-first automation using Okta Workflows no-code platform
The identity-first security imperative
Identity threat detection and response are essential elements of a strong security posture and effective security operations (SecOps). Consider that:
- Verizon’s Data Breach Investigations Report (DBIR) 2022 revealed that 82% of breaches involved the human element, noting “Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike.”
- Gartner identified “identity-first security” as one of The Top 8 Security and Risk Trends We’re Watching, stating that “Hybrid work and the migration to cloud applications have solidified the trend of identity as the perimeter. Identity-first security is not new, but it takes on fresh urgency as attackers begin to target identity and access management capabilities to gain silent persistence.”
- Identity and access management (IAM) is a key enabler of Zero Trust (ZT) initiatives, and our own State of Zero Trust Security 2022 survey indicates that 97% of organizations plan to have a ZT initiative in place by early 2024.
What’s more, today’s attacks can escalate from gaining initial access to executing actions on objectives (e.g., exfiltrating sensitive data, detonating ransomware) within minutes — which means that organizations must be prepared to take decisive action the moment suspicious behavior is recognized.
However, threat actors are adept at hiding their activities, whether by using stolen credentials, operating system tools (“living off the land”), or any other of a vast arsenal of tactics, techniques, and procedures (TTPs).
As a result, in many cases it’s only possible to detect a threat by aggregating signals from multiple security tools; similarly, containing a threat quickly and effectively often requires a coordinated response with actions applied by multiple tools at enforcement points throughout the IT environment.
If we haven’t already reached it, we are fast moving to a place in which identifying and responding to threats needs to happen faster than humans are capable. In other words, security operations need to become even more automated.
In this guide, we’ll show how leveraging identity management — often working in tandem with the security, analytics, and operational tools you already have — can not only keep your organization safe in a dangerous and ever-evolving threat environment, but can also help you accelerate time-to-market, save time, and use resources more efficiently.
The traditional approach to securing enterprise assets is to lock the front door — that is, to build a strong barrier consisting of firewalls, network access controllers, antivirus, and a whole host of additional perimeter solutions.
But what do you do when the threat actor has the key (e.g., stolen credentials) or someone inadvertently lets them in (e.g., by opening a malicious document)?
Today’s organizations can’t rely upon front-door locks — no matter how many nor how sophisticated. There has to be an additional mechanism sitting inside the IT environment — sending and receiving signals, analyzing behaviors, making risk determinations, adjusting access privileges, and applying actions on a per-user level — to leverage identity as part of a layered defense and to prevent identity from being abused.
Strengthening runtime security with Okta Workflows
The Okta Platform already includes many capabilities that help harden your identity infrastructure to protect your organization and your customers, including adaptive Multi-Factor Authentication (MFA), Single Sign-On (SSO), and passwordless authentication.
Okta Workflows provides additional security capabilities that allow customers to automate security tasks and extend what the Okta platform does out of the box. Workflows is a no-code automation platform that allows anyone to build identity-centric business processes with basic if-this-then-that logic. To decrease the effort needed to harness this power, Workflows includes:
- Connectors: Pre-built integrations that connect third-party applications across your tech stack;
- Templates: Out-of-the-box flows that can be used as-is or modified to meet unique needs; and
- Solution Packs: Bundled collections of pre-built, fully customizable templates, to help customers solve specific identity-based automation challenges. Use cases include IT Operations, Office 365 Integrations, and Security Operations.
By unlocking identity automation, Workflows drives efficiency, contributes to compliance, and helps to scale IT operations in a sustainable and secure manner.
Today, many of our customers are using Workflows to:
- Customize lifecycle management: Managing complex group memberships during onboarding or moves, such as assigning applications, migrating shared files and calendars, etc.;
- Extend audit and reporting: Generating reports and taking action on the results, such as identifying and suspending inactive users; and
- Automate communications and alerts: Sending ad hoc or scheduled notifications through preferred communication channels.
But the same technologies and features that enable those applications can also be applied to security.
Because it’s impossible for humans alone to fully safeguard a complex environment in the face of frequent and focused attacks, organizations need comprehensive security solutions that can automatically detect and respond to threats.
Importantly, these solutions need to be flexible and extensible — so that they can cover a broad surface of users, apps, and resources — without forcing maintenance burdens on IT teams.
Automating security operations
Workflows enables additional identity-focused security automation and orchestration, while also allowing you to leverage the security tools you already have.
Collectively, these features help your security solutions to work in concert to keep your organization safe through timely detection and mitigation of threats.
To showcase the range and utility of Workflows as it applies to automating security operations, let’s briefly explore three security operations solution packs.
The Security Operations templates include a number of solution packs to implement identity-first security automation use cases
Solution Pack: Protect Company Data
In this age of data breaches, protecting employee and customer data is essential to maintaining customer trust, preserving brand equity, and avoiding costly regulatory penalties.
This solution pack helps you protect data proactively by setting up security notifications for particular events:
- Send a password change notification
- Notify a user when their profile is updated
You can also strengthen safeguards by extending MFA:
- Trigger notifications when all MFA factors are reset
- Harden customer verification with an email factor challenge
Solution Pack: Respond to Risk Signals
Both internal and external threats can cause a serious incident within minutes, making a fast response imperative. This solution pack makes it easy to automatically monitor and take action against such threats.
Actions to protect against external threats include activating Workflows templates that:
- Track and alert for possible account takeover (ATO) attempts
- Report suspicious activity
- Send suspicious activity event alerts, using PagerDuty
- Quarantine an Okta user
Track and alert for possible account takeovers by monitoring and acting on suspicious password and factor resets, or changes in privileged access
You can also mitigate internal threats by automating end-user device management to:
- Customize conditional access with Jamf Pro and Okta
- Remotely lock all Kandji devices based on security events
Remotely lock devices to mitigate internal security risks from terminated employees, or from lost or stolen devices
Solution Pack: Extend Security Audit and Reporting
Security auditing and reporting are important aspects of corporate governance – from helping to ensure compliance and maintain certifications, to providing security-related metrics to IT teams.
This solution pack helps you mitigate risks from employees and contractors by identifying and acting on employee status events, with actions including auditing inactive users and managing access to sensitive applications based on particular factors.
The pre-built templates allow you to:
- Identify inactive Okta users
- Manage access to GitHub repo based on Secure Code Warrior assessment status
Enforcing completion of security training is part of increasing user awareness of threats and contributes to good security hygiene
Benefits beyond security
Automating security workflows — and doing so with no-code ease — delivers benefits that extend beyond protecting your organization and customers from threats.
These second-order benefits stem from the fact that identity is a challenging domain where experts are in short supply. As a consequence, IT teams and application developers often find themselves spending considerable time and energy on identity-related features and tasks — which detracts from the resources that are applied to the organization’s core competencies and primary objectives.
By making it easier for anyone in the organization to work with identity — whether to fulfill foundational functions or to truly innovate — Workflows frees up precious talent to focus their efforts elsewhere.
Plus, automation and orchestration improve an organization’s ability to scale, by cutting down on manual, labor-intensive processes that can be internal bottlenecks. At the same time, these same workflows are more sustainable and secure, because they require very little upkeep and are far less prone to errors of omission.
Collectively, these attributes mean that organizations can accelerate time to market and no longer face a trade-off between delivering a great user experience and strong security.
Since we launched Workflows in 2021, we have been amazed at how our customers have used it to automate and orchestrate highly complex, identity-centric business processes.
Some of the world’s leading brands — including Sonos, Peloton, Slack, Intercom, and Bain & Company — have saved time, increased operational efficiency, and elevated their customer-facing experiences using Okta Workflows.
We also understand that innovation cannot exist in a silo, and we have been blown away by how our customers have led the way in how Okta Workflows has evolved.
While our initial Templates and Solution Packs focused primarily on lifecycle management, it wasn’t long before customers found ways to use Workflows to improve their security posture.
Just as “desire lines” indicate where pedestrians want footpaths, working closely with our customers and seeing what they’ve built with Workflows makes it clear where we need to apply our own efforts — and it was these customers who inspired us to build out our Template and Solution Pack libraries to address security use cases.
The world has changed, as today’s threat actors can acquire nation state-level tools within dark web marketplaces, and an ecosystem of cybercrime services has greatly lowered the barriers to entry.
Identity is key for maintaining a strong security posture and Zero Trust strategy. In fact, we may well be at a transition from identity-first security to identity-powered security — and we believe nothing is better suited for this reality than Okta Workflows.