Okta® and Zero Trust Security

By Zach DeMeyer Posted July 17, 2019

Zero Trust Security Okta picture of a lock

Zero Trust Security has sparked a lot of movement from players in the identity and access management (IAM) space. It seems like Centrify® may have kicked up some of the initial buzz, but eyes are now turning to other big figures in the industry, namely Duo and Okta®. Let’s look into why Okta and Zero Trust Security are starting to be linked.

What is Zero Trust Security?

Before we talk about Okta, though, let’s talk Zero Trust Security as a whole. Zero Trust, as a core security practice, has seen a rise in popularity among IT thought leaders. With recent changes to the overall IT landscape, namely the cloud, IT admins, DevOps engineers, and security officers need to be prepared for a different breed of threat vectors than those of IT organizations past. 

Historically, organizations relied on the perimeter-based “defense in-depth” approach. Also called the “castle” approach to security, defense in-depth relied on strong security measures surrounding the network, protecting it from those that were hurling rocks from the outside. For many years, perimeter-based network security was king.

Of course, following the many recent security breaches that have hit the news, we’ve seen that attackers can come from anywhere, inside an organization notwithstanding. Although the defense in-depth approach is still tried and true, when it comes to protecting the inside of the network, IT organizations need to consider covering all of their attack vectors, inside and out.

That’s where Zero Trust comes in. From a high level, Zero Trust Security is self-explanatory; no one, both inside and outside of an organization, can be trusted, so their access to IT networks must be tightly controlled and monitored. Individuals build trust through successive successful authentications, trusted and secure system, and good behavior, but must continue to be monitored in order to ensure security.

IAM and Zero Trust

At its core, IAM is dependent on authenticating that a user is who they say they are (aka AuthN) and authorizing their access to resources based off of that identity (aka AuthZ). Since it relies so heavily on ensuring a user is who they say they are, as well as controlling and monitoring the resources they access, Zero Trust closely aligns with IAM. Due to this alignment, conventional Identity-as-a-Service (IDaaS) providers like Okta have chomped at the bit to have their solutions be considered for a Zero Trust security approach.

Unfortunately, using conventional IDaaS solutions like Okta for Zero Trust is like trying to build a boat out of duct tape; it’s certainly possible, but it would be much better just using an actual boat. The main problem behind IDaaS for Zero Trust is that, ultimately, a conventional IDaaS solution is not an identity provider (IdP), the core figure behind AuthN, AuthZ, and IAM. Most often, the IDaaS solutions utilize a preexisting identity created by an IdP/directory service, which is then propagated to web-based applications and other cloud solutions à la single sign-on (SSO). Organizations may also use these IDaaS tools to apply multi-factor authentication (MFA) to the authentication process, but once again, it is an additive prevention measure, not a cure.

In order to leverage Zero Trust to its fullest potential, starting with the core identity provider is imperative. Confirming a user’s identity across their wide range of disparate IT resources can be challenging, but it’s necessary to ensure that the Zero Trust model is implemented properly. Of course, this part of the implementation can be difficult—especially when thinking about Windows®, Mac®, and Linux® systems, WiFi and VPN connections, applications, and more.

A Cloud IdP for Zero Trust

Thankfully, the first cloud directory service/IdP, JumpCloud® Directory-as-a-Service®, is helping organizations worldwide build out their Zero Trust models by authenticating and authorizing access to virtually all IT resources. With JumpCloud, IT admins are capable of provisioning and securing user access to systems, networks, applications, infrastructure, and more from a single cloud admin console. 

For example, JumpCloud admins can enable MFA at scale across entire user bases, enforcing it upon login to user systems, networks, and the JumpCloud user console, which provides access to a user’s applications and other IT infrastructure, cloud or on-prem. Regardless of your choice of platform, provider, protocol, or location, JumpCloud controls access to all of it securely.

Try JumpCloud Free

IAM is critical to Zero Trust Security, so a cloud IdP like JumpCloud is a great place to start your Zero Trust journey. Good thing you can get started with JumpCloud Directory-as-a-Service absolutely free! By signing up for JumpCloud, you are instantly granted access to the entire Directory-as-a-Service platform, with ten free users included for your convenience.

If you would like to learn more about Zero Trust Security and JumpCloud, please contact us or visit our blog. We would be happy to help you.

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

Recent Posts