Zero trust and IAM from the cloud as the foundation of hybrid IT must be simple

Most companies today rely on a hybrid IT infrastructure: Existing on-premise solutions are extended with flexible best-of-breed SaaS solutions. This improves flexibility and agility, but also increases the scope for cyber attacks due to the growing number of digital identities. For example, the Verizon Data Breach Investigation Report 2020 showed that attack patterns that target end-users - such as phishing and the use of stolen credentials - lead the attack rankings again. With obvious numerical sequences and the multiple use of passwords, consumers - employees as well as customers - also make it easy for attackers. These new broadened IT infrastructures, which are becoming more and more complex due to numerous identities and new devices - keyword "Bring Your Own Device" (BYOD) - require a new security concept: Zero-Trust.

What is Zero Trust?

The idea behind Zero-Trust is simple: Never trust, always verify. In concrete terms, this means that every access to the corporate network - whether by a user, a device or an application - must be constantly verified depending on various factors. Companies should therefore be able to answer the following question at any time and ideally in real-time: Who is allowed to log on to which service via which device at which time and how, and what (un)critical content can be accessed?

Answer the "trust question" automatically

To answer this question, risk-based access decisions involving both the user and the device in use are automatically made using machine learning. For example, users can be secured using Adaptive Multi-Factor Authentication (AMFA), which typically involves entering a password followed by a choice of various other factors. For devices, the system checks whether the device is a managed, registered device and also includes location factors. Among other things, the combination of user and device checks results in a risk score that decides on access.

In order to make these complex decisions automatically in real-time, a central control point (access proxy) is required as a core component of the zero-trust architecture. The more data this control point has at its disposal and the more systems and information from third-party solutions are integrated, the better risk scores it can determine, make decisions based on policies and provide secure access to systems and data quickly.

For example, Okta has an extensive integration network with more than 6,500 pre-built integrations, including Proofpoint, which among others provides anti-phishing software to analyze email traffic. By integrating with Proofpoint Okta can incorporate information to determine the risk score, including denying access to victims of phishing attacks and Very Attacked Persons (VAPs) or allowing access only based on very strong multi-factor authentication.

Easy is Right – for admins and users

IT security solutions are often circumvented or levered out whenever possible if they are not simple and intuitive. For example, if a customer fails to change his or her password and is no longer able to access a shopping account, customers often choose another provider with a simpler user experience to make purchases. But also a well-intentioned high password complexity can have a negative impact on both experience and security. When a 15-character alphanumeric, case-sensitive password with special characters is required and which must be changed each quarter, passwords are often written down in one or more places. The attempt to improve security then turns into the opposite. This is why the guiding principle for identity and access management (IAM) is easy but secure is right.

An identity platform for B2E, B2C and B2B from the cloud

In the past, often different platforms were used for workforce and customer IAM. However, this means at least twice the complexity, twice the effort to integrate and build policies, and a loss of control due to too many identity providers (IdPs), which further increases the attack surface.

A single directory as a central access system that integrates all systems and applications provides IT managers with the foundation for centralized access management and the ability to implement SSO and multi-factor authentication (MFA) across the board. Furthermore, workflows can be defined according to the most diverse B2E/B2B/B2C use cases with little or no additional programming effort, i.e. low code and no code. This means, for example, that it is possible to define what should happen in certain login scenarios: sending a welcome message, registering and verifying as a user or making an entry in the central CRM database or trigger a process to verify the identity e.g. by validating their national ID cards.

A central cloud-based service (IDaaS) simplifies and accelerates implementation and integration time, enables IT teams to assign access securely and quickly, shortens time-to-market and value, and offers high and flexible scalability and short response times to constantly changing requirements.

The following applies to the user experience: The simpler, the better

The success and acceptance of security solutions depend on user experience (UX). With cloud-based IAM, MFA and single sign-on, IT security is perhaps for the first time in a position where an increase in security goes hand in hand with an increase in convenience. Users no longer need to have countless passwords on screen and update them regularly; simple user interfaces and the use of biometrics and apps for verification contribute to an uncomplicated and secure log-in experience.

In addition, by linking access authorization to risk scores and context factors such as location or criticality of resources, Okta enables the authentication chain to be adapted for the best possible user experience: If, for example, a validated user is located within a secure corporate network and uses a registered, trusted device, he or she can gain access to non-critical resources under clearly defined rules without having to authenticate at all - simply and securely.


In a world where everything has to move faster and faster, security and user experience are becoming the most important criteria for whether consumers trust a solution or use a service, and thus determine the long-term success of organizations in the digital space. Zero-trust concepts paired with identity and access management help companies to realize IT security and UX as a powerful combination.

Want to learn more?

Attend the presentation of Goetz Walecki, Senior Manager Solutions Engineering Central Europe at Okta, at this year's virtual Cyber Access Summit on Wednesday, November 18, 2020 at 9:50 a.m. Register below for the event in German language.

See also