Research Breakdown: IDC PlanScape for MFA

The IDC PlanScape report is designed to help organizations identify, justify, and implement initiatives critical to successful digital transformation. The report, IDC PlanScape: Deploying Multifactor Authentication, looks specifically at the latest trends and opportunities in the MFA space. Here are the need-to-know insights from the research.

IDC’s findings

  • Passwords, on their own, aren’t enough in today’s evolving threat landscape. The static nature of passwords makes them all too easy for attackers to steal through social engineering attacks or compromised websites, leaving end users unaware.
  • MFA has finally come of age. The rise in the adoption of smartphones has allowed for the ease of push-based authentication, making multi-factor authentication easy to deploy to entire organizations and cost-effective for businesses.
  • True MFA requires two or more methods of authentication. IDC identifies three main forms of modern authentication: knowledge-based authentication (passwords, PINs), possession-based authentication (hardware tokens), and biometric authentication (facial recognition, voice identification). A combination of two or more of these methods must be implemented to be classified as strong authentication.
  • Organizations should deploy MFA in a phased approach to focus on high-risk users and applications first. Starting with a pilot, adding different user groups in phases, and adding services in parallel are strategies organizations can take to ensure a smooth MFA rollout and adoption.

Okta’s take

  • There has never been a more critical time to implement MFA. With massive data breaches increasing in frequency, organizations need to be proactive in their approach to securing the enterprise through strong authentication techniques.
  • Building and implementing MFA can be time consuming, risky, and challenging for technical professionals trying to balance security with a favorable end user experience.
  • Successful security adoption relies on the end user. Allowing the end user to have a range of easy-to-use options for the methods by which they authenticate leads to a better experience and more rapid adoption of MFA.
  • MFA is the first stage of a modern security strategy, and allows organizations to secure all environments and groups. Cloud applications, mobile devices, and different user groups (e.g., partners, and contractors) all need to be secured through strong authentication.

How Okta can help

  • Okta’s MFA solution is easy to deploy and easy to manage. Support for a variety of MFA use cases and applications allow for flexible, phased deployment to protect the entire organization. With customization capabilities and quick time-to-value, Okta’s MFA allows for the best of usability and security.
  • Out of the box, Okta integrates with strong factors such as U2F and Windows Hello, in addition to providing our own authenticator app with push, Okta Verify. The Okta Verify app takes MFA one step further by providing login context on the push notification—where the login attempt is coming from, the time, and the browser from which Okta was accessed.
  • Okta’s MFA factors can also be paired with adaptive policies, which allow administrators to set policies for step up authentication based on contextual indicators like new devices, risky geolocations, proxy anonymizers, and changes in login patterns.
  • Okta is looking to the future of passwords, which might mean none at all! Using Okta allows for contextual access management and a passwordless authentication experience.

Want to know more about deploying Okta MFA? Download our Okta MFA Deployment Guide for additional best practices.

Source: IDC PlanScape: Deploying Multifactor Authentication (doc #US42539517, May 2017)