Okta Launches Hybrid Cloud Identity Management
At its Oktane19 conference, the cloud identity management firm also launches a new service for securing access to critical enterprise servers
Cloud identity management firm Okta on Tuesday introduced a feature allowing companies to link its Identity Cloud to on-premises applications, saying the Okta Access Gateway is better-suited to hybrid environments than legacy tools from Oracle, IBM and SAP.
Okta also launched a service aimed at managing access to servers on company networks, either on-premises or in the cloud, with a dynamic approach it said is more secure than current systems that involve the management of static credentials.
The company, which went public two years ago, made the announcements at its Oktane19 conference in San Francisco.
Okta Access Gateway brings Okta into direct competition with major providers of enterprise identity management systems such as Oracle, IBM and SAP, but Okta said those companies’ products predate the cloud and were built for on premises-only environments.
Hybrid cloud
By contrast, it said the cloud is now well-established and is growing at an ever-faster pace, but that according to its own research the majority of large companies plan to keep at least one-third of their applications running on-premises.
Okta said that in such a “post-perimeter, hybrid world” many enterprises struggle to centrally manage identity and access management for both cloud and on-premises environments, resulting in unwieldy, complex systems that are a drain on both efficiency and security.
Okta Access Gateway gives users a choice of deploying a proxy on-premises or through cloud vendors including Amazon Web Services, Google Cloud Platform, and Microsoft Azure, and promises a single, independent source for application security that it said can be set up in about 30 minutes.
“Okta believes in enabling every organization to connect to the technology it needs, regardless of where that technology sits,” stated Okta chief executive Todd McKinnon.
The company said the technology is already being used by customers including Hitachi and would become generally available later this year.
Server access
Meanwhile, Okta Advanced Server Access aims to bring continuous, contextual access management to both on-premises Windows and Linux servers and resources running on major cloud platforms.
The service, available immediately, is billed as a more secure alternative to static Secure Shell (SSH) and Remote Desktop Protocol (RDP) credentials.
Okta said that typically a single administrator account granting broad access might be set up and the password then given to multiple people, an approach it said creates risks if those credentials should fall into the wrong hands.
The new service is aimed at enterprises that are struggling to keep track of who has access to sensitive servers and with provisioning and deprovisioning administrator accounts.
Dynamic approach
“Server access has traditionally relied on shared credentials that may never change, and that creates significant vulnerabilities for any large or growing organization,” McKinnon said. “Without a clear tie back to user identity, technology leaders lose visibility, agility, and ultimately security.”
He added that Okta’s approach, which involves continuously monitoring access and making access decisions based on changing user attributes and device conditions, is not only better for security but means an improved user experience.
The tool is based on a one-time, short-lived credential mechanism that removes the difficulties of tracking and protecting static keys, Okta said.
Aside from security and usability, Okta said the approach also makes it easier to automate server enrolment and supports custom workflows.
The tool and Access Gateway are both extensions of Okta’s offerings, which began with managing individuals’ access to cloud services and later extended to device-level management.
Other products announced at the conference included Okta Identity Engine, an upgrade to the Okta Identity Cloud that brings in a set of customiseable building blocks for identity processes.