New with Okta’s Workforce Identity Cloud: A Unified Identity Solution
Today at Oktane22, we’re announcing governance and privileged access management improvements to Workforce Identity Cloud that enable a unified solution for secure access to any resource from any user, as needed, all while maintaining least privilege.
The need for a unified workforce identity solution has never been more clear. Organisations today must manage security and compliance while also maintaining least privilege for users across apps, resources, and infrastructure. This often involves manual processes, custom solutions or multiple access management, identity management, governance, and privileged access solutions. Time and again, we hear from customers that they struggle to get the user productivity and security outcomes they need with this fragmented approach. Organisations implementing this disconnected approach quickly discover they can't keep pace with modern business.
We offer a different approach.
The building blocks of our new unified approach
Workforce Identity Cloud is a unified solution with a single control plane, enabling IT teams to build a holistic view of users and ensure they have access to what they need, when they need it (just-in-time) with the appropriate level of privileges for the resource they’re accessing.
Admins no longer need to manage manual integrations, and your workforce gains newfound agility, avoiding the real productivity costs of navigating multiple end-user experiences.
And because identity silos are eliminated, signals can now be easily shared across systems to improve security posture. By studying access patterns, organisations become more intelligent about risks and can evolve into predictive capabilities.
As a unified solution, Workforce identity Cloud builds on our foundation of identity. With enhanced governance and privileged access capabilities, it also delivers an orchestration layer that can now leverage ever more automation and integration.
Responding to customer needs and market realities
The drive to offer this holistic solution comes from listening to our customer's needs, as we all seek to manage risk and evolve.
Consider the daily life of today’s engineers—they may access dozens of applications, systems, and platforms throughout the day to do their job. These range from basic access, like an HR business application, to highly privileged access, like a production Linux server. They may access a resource daily, or just once for a specific project or task. There are two challenges to a modern workforce trying to manage this access.
The first is the threat of lost productivity because your users can’t access what they need in a timely and convenient fashion. Your enterprise and your users increasingly rely on a wide range of technology to get work done. You can’t afford for access to be hard to find or maintain. Unfortunately, getting access often takes days and involves multiple systems and business processes.
The second threat is the risk of standing privileges, especially sensitive or privileged resources. Any attempt to implement initiatives like Zero Trust in this complex, heterogeneous world must address the inherent risks posed by standing privileges, where privileged accounts or users have standing access to critical resources. Consider this year’s Verizon Data Breach Investigations Report, which reveals that a full 80% of breaches target servers, meaning that every server access is a potential target for identity-based attacks.
To resolve these two challenges of experience and least privilege in today’s complex environments, a unified solution must provide the access management, governance, and privileged access controls your teams need, without adding the complexity, management overhead, and potential security issues that come with multiple identity systems.
Further improvements to our products build on this foundation.
Coming to our customers
Two key enhancements are ahead: Okta Identity Governance is now generally available in North America and will be globally available in Q4 of 2022. Okta Privileged Access will be in Early Access in Q2 of 2023 and generally available in Q4 of 2023.
First, Okta Identity Governance
The governance layer instrumental to delivering our unified solution is made possible by Okta Identity Governance (OIG).
OIG re-thinks the way governance should be done, simplifying the entire process of determining who gets access to what resources. OIG is built with modern users and use cases in mind, with access requests that work with the most common chat-based apps and that meet end users where they are. All of this is in collaboration with tools and access certification to ensure only the right users have access to resources.
And with the global GA, OIG now provides contextual functionality, including event-driven certifications. This enables customers to run access certification campaigns driven by events rather than arbitrary predetermined schedules. These capabilities give customers more granular control and automation of their identity management. Access Request is now fully integrated with Okta workflows giving admins the ability to further automate and orchestrate identity processes with low or no code Okta Workflows platform.
Next is Okta Privileged Access
This is Okta’s Privileged Access Management (PAM) solution, built for modern workforces and IT stacks. This is another critical component of a unified identity solution. PAM is about protecting the “keys to the kingdom” by securing your most critical assets like root/admin server accounts and production Kubernetes clusters—any environment where a malicious attacker could wreak havoc.
Okta Privileged Access:
- Provides passwordless, Zero Trust access to infrastructure—including servers and Kubernetes—to ensure critical roles can access infrastructure just-in-time.
- Delivers security for an organisation’s most-privileged credentials—including those for shared admin accounts—with a modern cloud vault, under management by Okta.
- Provides the privileged governance you need, with the usability your workforce demands, including access requests via popular tools like Slackbots.
- Helps you maintain compliance by ensuring all shared account access is attributable on an individual basis, and providing comprehensive privileged session reporting.
Unlike existing approaches to PAM, which rely on complex integrations and federation across multiple identity providers and tools, Okta Privileged Access is a unified solution with Okta’s IAM and Governance offerings. It uses the same Okta Universal Directory, SSO, MFA, and governance policies as our core IAM technology. This ensures that privileged access management is not hampered by identity silos, data inconsistencies, and human error.
This powerful combination of modern PAM capabilities means customers can drive improved security and compliance outcomes. All while reducing the IT burden of managing complex on-prem systems and providing a better experience for admins and end users alike.