Can less trust make for more security?

Expectations around how data is being protected now impacts businesses, says the CEO of one identity and access management company.

Presenting at the Oktane19 conference in San Francisco, California, Okta CEO Todd McKinnon discussed how the concept of trust is shaping demands.

“Every user that’s using your technology is worried about how their data is being used,” McKinnon said.

“What is this company going to do with this data? Is it directly tied with the service I want or are they using it in other ways? Is it private?

“All of this added together is a tremendous amount of complexity for the end users and everyone else in your environment.

“And if you take these challenges together, it is significant, because it’s leading to an erosion of trust.”

Okta CSO, Yassir Abousselham, explained how a Zero Trust framework – in which the security risk of every device and user is constantly evaluated – can help enable a safer experience when it comes to working remotely.

“We want to be able to provide the same experience whether that person is within the corporate environment or outside the corporate environment,” he said.

“How we do that is by leveraging a number of contextual signals. It’s that context that allows us to gain that high level of assurance while maintaining a superior user experience.

“That context can be location, the network, as well as other signals like whether the endpoint they’re using is meets security requirements.”

Concerns in the cloud

Also released at Oktane19 was Okta’s Digital Enterprise Report, that highlighted a growing dependence on cloud technology and operations for businesses around the world.

A total of 60% of respondents said they expected to increase cloud computing through infrastructure as a service (IaaS) over the next 12 months.

But McKinnon cautioned that the reliance from enterprises to build their products using cloud platforms has left many exposed.

“It’s the right approach for agile innovation, but server access has traditionally relied on shared credentials that may never change, and that creates significant vulnerabilities for any large or growing organisation,” he said.

“Without a clear tie back to user identity, technology leaders lose visibility, agility, and ultimately security.”

He also announced the launch of a new product, tasked with further improving controls around identity.

“Okta Advanced Server Access brings centralised identity security to organisations leveraging on-premises, hybrid, and cloud infrastructure to not only increase security, visibility, and control, but to create a significantly better experience for the teams building innovative products.”

Abousselham outlined a business case for the product.

“In this case we’re offering a scalable way to manage access to your server infrastructure,” he said.

“What that means is at a customer organisation, one would have a single account per user and it’s that single account that’s being used to provision access to all of the servers that they need to have access to.

“That same access can be deprovisioned when that individual is no longer working with the company.”