Who’s Zooming Who? How Okta Can Provide A Federated Approach to Secure Your Cloud Solutions

Today’s blog is brought to you by one of Brite’s Cyber Security Engineers.

There’s no shortage of security vulnerabilities and data breaches making headlines.  It’s the continuing narrative of how cloud solution providers overlook key privacy and security flaws in favor of streamlining the product to market.  As a cyber security engineer, I’ve implemented and optimized Identity Access Management tools to address these ongoing privacy concerns, so I wonder:

– If the catalyst for a cloud solution to make critical changes to their offering is directly tied to a mammoth increase in traffic, what can be inferred about privacy and security measures employed by less popular solutions?  

– Is there an assumption that cloud providers and developers, by the very fact their offerings are via the internet, have taken greater steps to secure our data?  

– In the rush to adopt quickly to the situation at hand, are we sacrificing the availability of our solutions over confidentiality and integrity?

The next solution cannot act like the next best solution.  Cloud solutions need to, at the very least, address the same core competencies businesses have deployed within the perimeter.  Solutions such as Okta, help organizations secure cloud applications.  To help illustrate how Okta tackles privacy concerns, I’ll be using Zoom and its cloud platform as my example.

Zoom Attacks

The sudden surge in video calls during the work from home mandate of the COVID-19 outbreak positioned Zoom as an ideal target for attackers.  Successful attacks include hijacking meetings, exposing users email information or other personal and/or company information and exposing unsecured links to storage repositories. Almost blindsided by the uptick in usage, Zoom’s CEO Eric Yuan has since admitted to overlooking key privacy and security flaws in the product, exposed by the uptick in Zoom’s usage, and has acted to fix the issues.

How Okta and Identity Access Management Tools Tackle Privacy Concerns

Let’s look how Okta, an identity access and management (IAM) software, can enhance Zoom as an example how your organization can use IAM to alleviate privacy and security concerns.

Direct Integrations: First, Zoom directly integrates with Okta, one of the 6000+ applications that Okta supports.  Users allowed to utilize your portal for Zoom, can use the instance of Zoom within Okta.  Your company can also have its own Zoom instance imported into Okta, to provide even greater flexibility and to further secure Zoom (more on this is a bit).  Users can find all cloud applications and portals available within their Okta interface.  Instead of downloading Zoom from various, unsecured sources on any device, your source is available as soon as a user logs in from any platform.

In this crisis, many workers have had to utilize personal PCs or mobile devices to substitute for desktop solutions in-office. Okta provides a platform to leverage all of these solutions through a single pane, rather than scrambling to download and piecemeal software. Corporate users are often averse to migrating to new solutions.  With users at home, their reluctance towards new technology may be even greater.  You cannot risk further distancing your employees from buying into your company’s solutions. Okta makes it easy for your employees to leverage a single portal and equally easy for your company to deploy with little friction.  

Security: Okta can also fortify your cloud solutions by securing your cloud infrastructure and applications with a unified approach.  Features for security include:

Okta‘s Identity Cloud: Can snap into your existing on-prem AD and LDAP databases to allow authorized users access to Okta’s portal.

Okta’s Universal Directory: Allows creation of Okta specific roles and designations within the console.

Okta’s always-on single sign-on (SSO): Delivers a user-friendly, fully federated authentication platform, uniting web and mobile applications utilizing LDAP integration across multiple domains.

Okta’s Adaptive Multi-Factor Authentication (AMFA):  Enhances access to all public and private resources while allowing optimal usability for your employees. Not only can Okta’s AMFA solution work with customers current factor providers, they also support your FIDO2, SAML and OIDC authenticators as well.

Zero Trust: Maybe it’s possible your organization wants to limit access altogether to Zoom.  Okta allows enterprises to enforce a zero trust model, limiting access and authentication to apps like Zoom, but also Windows and Linux servers as well as APIs.   You can choose to promote another video conferencing solution, deploy Zoom on a role-based basis with full MFA and access management controls, or simply choose to block traffic to Zoom.

Final Thoughts

There’s always a risk in trying new things.  Within this new reality of late, businesses have had to pivot very quickly in order to maintain as much business continuity during these trying times.  Necessity is not only the mother of invention, but also to new pathways of communications.  Zoom has been a phenomenon that has extended far beyond the corporate world; it’s changed how friends and families collaborate as well and embrace cloud technology.

But in the rush to adopt these solutions, as we push more and more data through these platforms, businesses (as well as consumers) must still be vigilant and apply their own core competencies and security standards to these products.  Adopting identity and access management solutions like Okta makes it easier for businesses to explore new pathways of business while minimizing their risk.