Automating Infrastructure Identity with Okta Advanced Server Access
It’s a New World
Today’s ever-evolving business environment has accelerated to the point where to survive, every company must become a technology company. Market realities have changed dramatically, requiring companies to adapt at tremendous speeds. Customers are demanding new ways to purchase goods and services. Partners are looking for new ways to work closely without the need for around-the-world flights. And the way employees work together has changed almost overnight. With the pace of change increasing ever faster, even the most successful companies are struggling to keep up, let alone stay ahead.
To meet these challenges, companies are expediting many strategic IT and security initiatives that give their employees, customers, and partners the capabilities needed to do business in the current climate. Migration to the cloud has accelerated, as companies seek the flexibility and lower cost of moving to cloud-based compute, storage, and networking services. To expedite the delivery of new services while scaling quickly to meet increasing customer demand, software suppliers are turning to Infrastructure-as-a-Service (IaaS) provided by cloud service providers such as Amazon Web Services, Google Cloud Platform, and Microsoft Azure.
While increasing a company’s velocity, these strategic initiatives share a common barrier to faster implementation: security. The primary job of today’s Chief Information Security Officer (CISO) is to enable their company to move faster without increasing security risk. According to the 2020 Cloud Threat Report by Oracle and KPMG1, 92% of IT professionals surveyed described a “gap” between their desired level of cloud usage and their company’s ability to deliver cloud access securely. In the same survey, 59% of respondents admitted to having privileged cloud account credentials stolen through spear-phishing attacks. And as cloud use grows, the need for cloud-based services to comply with increasingly strict security regulations increases the burden on today’s CSO.
Okta Advanced Server Access: Solving a Common Problem with an Elegant Solution
Given the complexity of cloud security along with the urgency to scale faster, the need to control and manage access to company resources has never been higher. But addressing each point of vulnerability with a different security application only increases complexity and the subsequent burden on IT resources, slowing down your operation rather than speeding it up.
To meet today’s security requirements, companies need a single access authentication process that guarantees that the right person can access the right resources at the right time. This principle of Least Privilege Access is a foundational layer in building a Zero Trust Security Model.
Okta Advanced Server Access (Okta ASA) expands Okta’s industry-leading identity and access management platform to include server access and administration across any hybrid or multi-cloud infrastructure. By leveraging the Okta Identity Cloud, Okta ASA creates a single, unified Integrated Access Management (IAM) system that brings all of a company’s servers alongside its applications under a single, secure umbrella of identity-based authorisation and management.
Designed for scalability, Okta ASA leverages automation to streamline time-consuming manual tasks such as onboarding and offboarding admin users, freeing up precious IT resources to launch the new services their customers, partners, and employees require. Okta ASA gives even the largest companies the security, speed, and ease of use they need to manage access with the highest security level.
Okta ASA also simplifies the increasingly complex compliance requirements. As a SaaS, Okta ASA provides simple internal processes for tracking and managing SysAdmin user accounts and credentials, controlling command-level sudo privileges, as well as capturing server audit logs—all common requirements for compliance standards such as SOC2, PCI-DSS, and FedRAMP.
Enabling Zero Trust Server Access and Authentication
Static SSH keys and passwords are the weakest links in the access security chain. Okta replaces this outdated key-based system with a dynamic, ephemeral one-time access token that ties directly to the user’s Least Privilege Access profile in the central Okta Identity database.
Okta ASA Secure Log-in Process:
-
Users log in to a server directly from their local SSH or RDP tools—integrated with the Client Application.
-
Okta authenticates the user and device, then authorises the request against the respective role- based access controls.
-
A built-in client application mints a temporary client certificate scoped tightly to the individual request.
-
The Client uses the certificate to initiate a secure SSH or RDP session with the target server.
-
The login event is captured via the server agent and sent to the audit log or 3rd party SIEM service.