SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Okta brings centralised identity security to servers
Wed, 3rd Apr 2019
FYI, this story is more than a year old

Identity services provider Okta has announced Okta Advanced Server Access, a new product to bring continuous, contextual access management to secure cloud infrastructure, available today.

For the first time through the Okta Identity Cloud, enterprises will be able to continuously manage and secure access to on-premises Windows and Linux servers and across leading Infrastructure-as-a-Service vendors including Amazon Web Services, Google Cloud Platform, and Microsoft Azure.

Using Okta Advanced Server Access, companies like Personal Capital and are centralising access controls in a seamless manner that better mitigates the risk of credential theft, reuse, sprawl, and abandoned administrative accounts.

Organisations are grappling with how to secure a diverse and broad set of applications and infrastructure across a disparate, extended enterprise.

Increasingly, organisations of all sizes are recognizing the need for a Zero Trust framework that limits excessive user permissions and access while requiring continuous authorisation.

However, the credentials traditionally used to access servers — Secure Shell (SSH) keys and Remote Desktop Protocol (RDP) passwords — are static, creating significant vulnerabilities across a company's network.

Enterprises are struggling to keep track of who has the keys to access servers running mission-critical workloads and storing valuable data and are woefully limited when it comes to provisioning and deprovisioning powerful administrative accounts.

With many organisations relying on multi-cloud infrastructure, technology leaders are left with limited visibility and agility when it comes to their critical, high risk infrastructure, and no central way to control and continuously secure their hybrid environments.

“Today's enterprises rely on cloud platforms and hybrid environments to build the products their customers rely on and engage with daily,” says Okta chief executive officer and co-founder of Todd McKinnon.

“It's the right approach for agile innovation, but server access has traditionally relied on shared credentials that may never change, and that creates significant vulnerabilities for any large or growing organisation.

“Without a clear tie back to user identity, technology leaders lose visibility, agility, and ultimately security. Okta Advanced Server Access brings centralised identity security to organisations leveraging on-premises, hybrid, and cloud infrastructure to increase security, visibility, and control and create a better experience for the teams building products.

Taking centralised identity and access deeper

Designed with a revolutionary Zero Trust architecture from the ground up, the Okta Identity Cloud is capable of making smart access decisions based on dynamic user attributes and device conditions, where every login is independently authenticated and authorised.

Okta Advanced Server Access gives organisations the ability to make granular access decisions about an individual login request continuously.

Access controls are backed by a one-time, short-lived credential mechanism that eliminates the common pain of tracking and protecting static keys.

Whether an organisation is securing its on-premises infrastructure, cloud infrastructure or hybrid environments, Okta Advanced Server Access serves as a critical solution to a growing enterprise security problem — all while centralising granular access control, lifecycle management, and administration through the Okta Identity Cloud.

Okta Advanced Server Access enables enterprises to:

  • Centralise access controls to servers: Using Okta Advanced Server Access, customers can automate the end-to-end lifecycle of local server user and group accounts under a single directory. It delivers seamless SSO and MFA authentication to SSH and RDP workflows, inline to the protocols, while introducing contextual access controls based on dynamic user and device posture.
     
  • Remove barriers to automation: With Okta Advanced Server Access, it is easy to automate server enrollment into the configuration management of choice, including Chef, Puppet, Ansible, and Terraform. Customers can support multi-cloud environments with a unified control plane that abstracts each provider's IAM functions, and makes every actionable event an API, allowing for custom workflows.
     
  • Deliver a seamless end-user experience: Okta Advanced Server Access works in line with the SSH and RDP protocols, integrated natively with CLI and GUI tools. As a SaaS-delivered product, Okta Advanced Server Access abstracts the complexities of credential management, account management, and more. Automation makes it easy to configure dynamic environments, eliminating redundant tasks without compromising security