Secure access to company data. How to facilitate remote work, protect resources and support IT departments?

Recent months have seen a great rise in the popularity of remote work and of applications supporting it. But at the same time the number of cyberattacks has increased too. Today, company data security demands safe and convenient access to resources and tools in such a way as to enable working from any place and any device, while minimizing the risk of losing valuable data.

According to OKTA’s experts, the number of applications implemented in enterprises within the last four years has grown by 68%. The Covid-19 pandemic has only accelerated this trend. Companies were forced to use solutions facilitating remote work. The most popular ones are videoconference and collaboration tools as well as solutions ensuring secure connection to the business infrastructure (VPN). The interest in the Zoom application increased by 110% between the end of February and the end of March 2020, while in the case of Palo Alto Network GlobalProtect it was by 94%.

More applications, more problems?

Applications which are in common use nowadays streamline business operations to a considerable degree, especially when a company has teams dispersed in various locations. However, every new tool means new logins and passwords to access it. It also means different guidelines as to how strong the password should be and how often it should be changed.

This situation proves cumbersome for employees, so they start using the same logins and passwords for different services and tools, they use sequences which are easy to remember or they write down their passwords on post-it notes attached to the computer. They just want to make their lives easier.

The implementation of various applications also means more work for IT departments that need to manage access to a growing number of solutions. It happens more often that they have to generate new passwords for employees who forget their credentials.

In addition, employees tend to use their own private devices more frequently, also for performing business tasks. Of course, the BYOD (Bring Your Own Device) trend was present before, but in recent months its popularity has sky-rocketed. The main reason is that companies do not have a sufficient number of mobile devices that employees could use when working from home. So they use their private laptops, tablets and smartphones. Needless to say, such devices are rarely as secure as they should be. And this is another challenge for IT departments, says Krzysztof Andrian, CEO at Concept Data.

Hunting logins and passwords

Cybercriminals have quickly adapted to this new environment. Interestingly enough, they focus their attacks not on tools as such, but on the users. For instance, their direct target is not the Zoom application. Instead, they send e-mail to its users in order to trick them into revealing their credentials to the tool. The data presented by Barracuda indicate that the number of spear-phishing attacks has increased by 667% since the end of February 2020. Fortinet’s research show that 60% of enterprises have experienced intensified attempts at breaching the IT security while shifting to home office. 34% have reported actual cyberattacks.

Today, one of the key tasks performed by IT and management departments is to ensure secure access to applications and data. They need to protect logins and passwords from hackers, they need to prevent unauthorised access when a password is stolen or lost and they need to detect any suspicious logins to the company resources, explains Krzysztof Andrian. Advanced IT solutions can do all of that. We recommend the OKTA platform to our customers.

OKTA provides its users with unique possibilities of ensuring secure access to data. Employees, contractors and partners can use SSO (single sign-on) solutions as well as MFA (multi-factor authentication). At the same time, IT departments get a comprehensive tool for access monitoring and managing from one place.

Secure access… meaning what?

Secure access to company applications, data and resources means, first of all, using strong passwords and multi-factor authentication which prevents access by unauthorised persons even if they manage to obtain actual logins and passwords. How to achieve this level of security:

– SSO (single sign-on) i.e. a technology which allows a user to get access to all applications (including cloud-based applications) after a single login (one ID, one password) to the OKTA platform. It is simple: the user needs to remember only one password.

– MFA (multi-factor authentication) i.e. a mechanism that requires the use of an additional factor during the login process. So the password is not sufficient: the user also has to provide a PIN received via SMS or a biometric credential, i.e. a fingerprint or FaceID.

– A controlled use of private and unknown devices. If a company wants to restrict logins to resources from unverified tools, it can implement adequate safeguards. OKTA enables logins only from devices managed by the company’s IT department, restricting logins from specific locations or sending notifications to the account holder about login attempts from unknown devices.

Furthermore, OKTA informs administrators about unusual logins which may point to a hacker’s activity.

OKTA in practice

OKTA can be integrated with several thousand popular work applications, including those which support remote performance of business tasks. They are e.g. Zoom, Box and Slack. First and foremost, OKTA provides secure and easy access to these solutions. It also makes it possible for IT departments to smoothly manage groups and users. Importantly, OKTA can also be integrated with HR systems, so one can automate adding and deleting group members and link these processes with the headcount status and particular job positions.

Furthermore, OKTA can work with tools which ensure the security of company data and applications. It cooperates with solutions securing e-mail communications (Proofpoint), VPN channels (Palo Alto Networks) as well as networks and the cloud (Netskope).

For most companies, the shift to remote work was a difficult and quite unexpected challenge. During the first weeks, entrepreneurs focused on organising the equipment and implementing necessary applications. However, today they need to put much more emphasis on security, because (as indicated by the Netskope Cloud and Threat Report) employees fail to comply with security principles, while the use of high-risk applications and websites increased by 161% during the pandemic. Now directors and managers have to equip their companies with solutions that will protect data and prevent cyberattacks. OKTA is such a solution, adds Krzysztof Andrian.

More on secure data access and remote work:

A new solution for companies hiring external contractors

A safe employee, a safe company. How to improve the quality of hybrid work and to secure data

Remote work which is secure and effective. What tools to choose

CIAM. How to ensure the ease of use and data security