What if… You Didn’t Lose Sleep Over Remote Work Security?
When COVID-19 arrived in March, organisations were forced to make quick decisions around remote work security. While those early security measures may have worked well as a stopgap, some companies are discovering those solutions won’t work long-term. Other companies are shifting towards a dynamic work model—a transformation that comes with challenges of its own.
There are a number of reasons why some organisations require stronger security strategies than others. Maybe their industry is highly regulated, their company values employee and customer identity protection, or they work regularly with sensitive data. But with breaches on the rise, and IT environments in flux, it’s more important than ever for organisations to optimise their IT security.
Fortunately, Okta’s security solutions have already been tried and tested by thousands of customers who shifted towards a cloud-based, remote IT environment long before COVID-19.
Simple security for complex environments
Meet Blackhawk Network, a privately held company delivering branded payment solutions to retailers and corporations. Blackhawk has over 3,500 employees working in offices across 25 countries, and a customer base that’s just as vast. As a result, the company couldn’t rely on a traditional perimeter to protect its infrastructure. Since Blackhawk also has a presence in the financial services sector, it’s highly regulated—and these regulations often differ from place to place.
When the company decided to re-architect its complex back-end, these factors drove a need to maintain a strong layer of security throughout the entire process—and afterwards. Blackhawk also needed to make its remote security as convenient as possible so that employees wouldn’t look for workarounds. These are both common concerns for organisations today.
To begin with, Blackhawk needed to strengthen its password protection and increase visibility into user activity, but it didn’t want to add unnecessary friction to the user experience. Blackhawk’s solution? Strengthening its password policy and deploying Okta Single Sign-On (SSO) across all internal apps and common sales apps. Meanwhile, Okta Adaptive Multi-Factor Authentication (MFA) enabled the company to adapt authentication requirements on a region-by-region basis, allowing employees all over the world to login securely—and with minimal friction.
These solutions also gave Blackhawk better visibility into user activity. As a result, in the unlikely event that a bad actor manages to breach the network, the company is far more likely to notice and prevent any damage.
“Identity plays an important role in Zero Trust in two ways. One is knowing who is accessing something, and two is knowing where they're accessing it from,” says Vijay Bolina, Chief Security Information Officer at Blackhawk Network. “And this is regardless of whether they’re inside or outside of a perimeter.”
Gapless protection
When HackerOne enlisted Okta to protect its pen test and bug bounty platform, the company wanted a seamless layer of security that would cover all endpoints, and an automated provisioning process that would significantly reduce the possibility of access being granted to the wrong person. Because HackerOne uses freelance ethical hackers to test for bugs and security gaps in its customers’ software, the company is privy to highly sensitive information that needs to be protected at all costs.
To keep the chances of a leak as low as possible, the company purchased a range of Okta products, including Universal Directory, Single Sign-On (SSO), Adaptive Multi-Factor Authentication (MFA), and Lifecycle Management.
HackerOne began by consolidating its infrastructure to provide a consistent experience for all its contractors. It also automated the provisioning process, first setting up BambooHR as a primary. With Universal Directory and Lifecycle Management in place, HackerOne can group users into specific instances, and then automatically provision them with the correct apps. 70% of these apps can also be offboarded automatically, which significantly reduces the chance of a former contractor retaining access.
Okta SSO provides HackerOne contractors with quick, simple access to all their apps through a single dashboard—regardless of their location or device. Meanwhile, HackerOne balances user convenience with an extra boost of security from MFA, which allows the company to eliminate VPNs for 70% of its workforce and cut passwords back to two per user. Instead, the company requires MFA each and every time a contractor logs in.
“That's better than rotating passwords every 90 days,” says Aaron Zander, Head of IT at HackerOne. “The more of us that do that, the better the standards become, and the easier it is for smaller companies with less money to adopt industry best practices.”
Get some rest
Find out how Okta can help you reduce your risk of a breach by filling in the gaps in your dynamic and remote work environments. Whether you need help encouraging your employees to adopt new security tools or to eliminate errors in your provisioning process, we can help.
Contact our sales team for more information on our security solutions for remote work. Then go ahead and take a nap. You’ve earned it.