Dazzpers

As organizations across industries have moved away from traditional networks, security has become much more complex. Businesses that were once contained by a physical network perimeter are now having to account for their individual users, and the devices they use to access the corporate resources.

Mario Moreno

IAM Engineer

September 20th, 2021

With more endpoints than ever before, companies need to employ a Zero Trust framework and support IAM solutions that authenticate users, deploy contextaware policies, monitor and manage devices, and so much more.

As the Okta security team, we know employees are the first line of defense when it comes to protecting our company and customer data. So when we were faced with growing our remote workforce from 30% of employees to 100%, we put this knowledge to practical use. Operating with the tenets of Zero Trust and employing the core features of the Okta Identity Cloud, we were able to accommodate this new, fully remote workforce in a matter of days—without compromising our security. We supported our users by securely connecting them to their work and each other, and kept our IT and security teams in control throughout the process.

1 Contextualize access management

Defining who—and what—has access to your resources is a core component of a modern IAM solution. As part of our strategy, we’ve used Okta’s Device Trust feature to determine that users can only access high-risk corporate resources from their work laptops.

Device Trust makes it easier for your IT team to stay in control as it ensures that unmanaged devices don’t have access to your resources, putting you in a better position to protect your sensitive data. It also allows you to minimize the friction caused by multi-factor authentication (MFA) prompts, as employees using trusted or managed devices can experience seamless logins—an ideal balance of security and usability.

2 Simplify authentication

Over the years, we’ve learned that it’s important to keep security simple for employees. If your access policies are too complex or cumbersome, your users may try to bypass them, using tools that your security team hasn’t vetted. That’s why we’ve worked hard to make authentication experiences as seamless as possible, while still abiding by the Zero Trust premise of never trusting and always verifying our users.

To do this, we’ve adopted the following features, all of which you can embed into your security roadmap:

  • Adaptive MFA: Combined with SSO, this added layer of security mitigates the risks posed by poor password hygiene—80% of security breaches involve compromised passwords. By analyzing each login request for location, network, user behavior, and more, it allows for seamless experiences in low-risk situations.
  • Biometrics: “Something you are” factors like fingerprints and facial recognition are amongst the most secure forms of identity verification.
  • Passwordless authentication: Modern passwordless solutions are threat-resistant and give you enhanced admin visibility and control.

 

While protecting your resources, these processes give your remote workforce uninterrupted access to the applications and data they need.

3 Enable remote incident management

In a fully remote environment, our security team had to take additional steps to protect against human error, fraud, and hackers, among other threats.

For example, when people work together in an office, it’s easy for IT to monitor for potential threats and walk to an employee’s desk to help. But a remote workforce means that’s no longer an option, as your IT team is also working from home. In this instance, we suggest revisiting your protocols for security incidents. In our case, we relied on endpoint detection and response tools to investigate security problems—in real time— from a distance.¿¿¿

4 Refine remote onboarding

At Okta, we’ve created processes that let us set up and deliver hardware to our team, without having to share data with outside vendors. This has ensured that we remain compliant with data security regulations.

Our Lifecycle Management tool has also been indispensable here. With automated user provisioning and deprovisioning, we can continue to ensure that our employees have access to all the workforce applications they need—regardless of where they’re joining us from.

5 Revisit employee training

Whether it’s for our employees or our customers, education is a big part of what we do at Okta. During the transition to remote work, we’ve made a concerted effort to educate our employees on how to make safe, smart decisions while working from home.

Using our online learning management system, we hosted interactive sessions that encouraged questions and discussion. We also sent email updates to keep employees informed on any new or changing policies and shared important resources.

We’ve also seen a shift in focus in our security training. Instead of spending time on physical threats like tailgating, it’s now more important to educate remote workers on how to secure their home environment.

6 Invest in home offices

Supporting your employees as they build working spaces at home is important to keeping them engaged and productive. To help meet this mandate, we created a program that lets employees buy and expense the equipment they need to securely—and comfortably— work from their homes. This included:

  • Software, hardware, and tools to set up their digital workstation
  • Ergonomic desks and chairs, as well as extra monitors, to improve posture
  • Screen shields to keep their work private

We’ve also recognized that some employees may not have the physical space they would normally have in an on-premises office—and might be working in a shared environment with partners or roommates who are also working remotely, sometimes with children. In these instances, you can consider making your work hours flexible, so that people can choose when they work around their other commitments.

References:

[1] Cover your bases: best practices for protecting remote work. Okta Inc. 2021

https://www.okta.com/resources/whitepaper/cover-your-bases-best-practices-for-protecting-remote-work/

en_USEN