InnovationSpotlight
How Modernizing IAM Systems Paves the Way to Zero Trust
Large federal agencies such as the Defense Department, Treasury, Social Security, and Health and Human Services are all challenged by legacy identity and access management (IAM) systems, some of which were put in place two decades ago.
These systems are typically managed in silos, don’t talk to modern point applications that run over the cloud and in some cases, haven’t even been managed by security teams.
That situation will change over the next couple of years, according to research by Okta. The company found that security organizations’ partial or complete IAM ownership levels have gone up 14 percent since 2019.
Today, 91 percent of security leaders report that the security department has complete or partial ownership of IAM solutions, up from 80 percent the prior year, indicating that security leaders are taking an increasingly larger role in managing the IAM technologies at their organizations, according to Okta.
Sean Frazier, federal chief security officer at the company, says as more security leaders across the federal government take a closer look at their legacy IAM technologies, they will find that Okta’s Identity Cloud can help them manage traffic more efficiently and detect and block bad actors and other malware from accessing the network.
Frazier says Okta’s platform supports some 10,000 applications, but most notably, integrates with Splunk for
analytics, CrowdStrike and Proofpoint for behavior analysis, and YubiKey for hardware authentication.
“Think of what we do as the traffic cop,” Frazier says. “Crowdstrike or Proofpoint can pass the context analysis to the Okta Identity Cloud, and we can set it up so it has two and even three authentication factors. If an identity doesn’t measure up, it gets blocked. We can also authenticate any way the customer wants us to authenticate, whether it’s through a software token, a CAC or PIV card or in hardware with a YubiKey.”
The Okta Identity Cloud integrates with the Web Authentication API, also known as WebAuthn, a biometrics specification written by the W3C and the Fast Identity Online (FIDO) Alliance with the participation of Google, Mozilla, Microsoft, Yubico, and many other security industry players.
WebAuthn lets servers register and authenticate
users using public key encryption instead of a traditional password. All major operating systems and browsers have implemented WebAuthn, and developers have built support into operating systems so users can run authenticators like Touch ID sensors and facial recognition apps on Windows PCs and MacBooks and iOS and Android smartphones.
“We have to authenticate identities quickly so users are not punished and there’s as little friction as possible,” Frazier says. “People can’t feel like they have to do this extra thing to
PRODUCED BY: SPONSORED BY: