Securing the future of work: Why Zero Trust is critical in a hybrid world

The modern workplace is evolving at an unprecedented pace. With the rise of digital work and the widespread adoption of hybrid work models, the traditional concept of relying on a secure network perimeter has rapidly diminished. 

Employees are no longer confined to the office. They can access corporate resources from anywhere, at any time, and from a multitude of devices. This shift requires a more robust approach to security — the Zero Trust model.

With Zero Trust, no device or user is trusted by default. Trustworthiness must be continually assessed and credentials validated. While organizations have been quick to incorporate a Zero Trust security model on desktops and laptops, mobile adoption has lagged behind.  

So, how do we apply a Zero Trust model to mobile devices? 

The need to secure the mobile edge

Traditionally, organizations have relied on Enterprise Mobility Management (EMM) systems to handle the security and deployment of mobile devices. While EMM systems are valuable for managing and securing corporate-owned devices, they may not be the right tool for every corporate use case. Consider the rise of "casual use" scenarios, where employees download a cloud app to quickly submit expenses or manage a time-off request. These actions may not necessitate a comprehensive device management solution, yet they still require robust security measures to protect sensitive corporate data.

Without the security guardrails of a traditionally managed device, these unmanaged devices can pose a considerable threat to the corporate network. Organizations need a way to ensure a baseline level of security across all devices managed and unmanaged before granting them access to corporate data and systems. This is where a Zero Trust approach, combined with innovative solutions like those offered by Google and Okta, becomes essential.

Okta and Google — Securing Zero Trust authentication

Google and Okta have a long-standing partnership focused on helping customers secure their data as it moves to the cloud. A year ago, the two companies integrated Chrome Enterprise with Okta’s Device Assurance policies, allowing organizations to check the security status of endpoints before granting access to applications. This integration enabled organizations to leverage device signals, like whether the browser is up to date with the latest security patches, as part of their authentication policies.

Building on this success, we’re thrilled to announce that these same benefits will soon be extended to Android devices, with the ability to verify access across both EMM-managed and unmanaged devices. Available signals cover key information for a device’s trustworthiness, including software versions for the OS, security patch and Google Play service versions and pending updates, whether a screen lock meets complexity requirements, if the device has been rooted, and more. Further, there is information about the environment the device is being used in, for example, if the WiFi network is secure.

Through Okta Verify’s integration with Google’s Android Management API, Okta customers can now access these signals when users authenticate to corporate resources, even if the device is unmanaged. This approach complements Okta’s existing integration with Chrome Enterprise, providing organizations with comprehensive visibility over all endpoints accessing their data, whether desktops or mobile devices, managed or unmanaged.

Integrating with other mobile security tools

The Android Management API can be integrated with many systems organizations rely on — from identity providers like Okta to Mobile Threat Defense (MTD) providers to EMM systems. Customers can combine these providers and the Android Management API will seamlessly facilitate on-device communication of trust signals to various actors without complex server-to-server integration required by IT organizations. This allows organizations to assert, for example, whether a device is actively under management and by what system during the sign-on process. Google, with its partners, is looking at other exciting use cases for this functionality in the future.

Availability

Early access to Okta Verify’s integration with Android is available for Okta customers in January 2025, with broader availability shortly after for devices running Android 10 and above. For more information on Okta Verify for Android, contact your Okta account manager or product manager today.