Beyond Multi-Factor Authentication (MFA)
10 Reasons not to be “fobbed off”
Not all Authentication is the same. When considering multi-factor authentication solutions it’s imperative you take into consideration the bigger Identity picture and what functionality you may need in the future. An “MFA” only stop-gap maybe an easy tactical fix but is unlikely to provide the flexibility, functionality or feature set to provide the Identity needs of today’s enterprise.
With digital transformation, Identity is the cornerstone of everything we do from application access, services access and is the foundation for all technical controls and policy within our connected world.
10 key factors to consider when looking at your Identity provider:-
1. Growth – Ensure the solution you choose will grow with you. Okta offers an integrated Identity solution that is easy to manage and has a lower TCO than standalone solutions.
2. Cloud solution – Make sure the solution is “born in the cloud”. Most organisations don’t want to install internal servers that need managing and also look for reassurance that the SAAS provider takes care of the constant diluge of identity attacks without them ever getting near their internal infrastructure.
3. Authentication – Make sure your authentication provides “factor sequencing” or the ability to layer factors of authentication based on risk. Okta’s Risk-Based Authentication uses a machine learning model to detect login anomalies across any end user’s login. Login characteristics such as IP, location, typing speed etc. are all taken into consideration. A risk score is then created for each login and tied to a High, Med, Low-risk profile that admins can apply the appropriate response. For example, offer a passwordless login experience on high risk but require a strong auth factor like a FIDO 2.0 token. Many solutions do not offer this risk-based adaptive authentication control and flexibility.
4. Security – Make sure your identity provider has your back!! ThreatInsight from Okta provides administrators with the ability to block logins based on suspicious IP addresses. Okta utilises their global network behaviour analysis to ensure they are capturing IPs that are causing Identity attacks and allows customers to block and/or audit those IPs. “Credential Stuffing” Is a huge problem. It’s probably happening to your SAAS application NOW and you don’t even realise it.
5. Compliance – Make sure your Identity provider meets your compliance requirements. As an Identity platform, Okta is better positioned to help you meet compliance requirements. Okta’s combination of SSO, Universal Directory, Multi-Factor Authentication and Lifecycle Change Management allow customers to comply with GDPR, NIST, FIPS etc. The platform is modular meaning that you only need to purchase the components you need today but have the assurance that if you need additional functionality the features are there to be turned on.
6. Integration – Make sure your authentication solution easily integrates. The Okta Integration Network (OIN) has 5000+ integrations to applications and VPNs. These integrations are built on SAML and RADIUS, and allow customers to deploy MFA broadly with a single solution. It’s easy to add new apps and VPNs with little setup.
7. Visibility – Make sure your solution provides granular visibility and reporting. Okta has a rich set of APIs that result in deep integration with security ecosystem providers and SIEM solutions for incident management. Many solutions provide reporting but not the bi-directional API’s to make the events actionable.
8. Cost – Make sure that once you have a good understanding of all the features that you need that the solutions are commercially viable. Buying and supporting multiple point solutions will often not be as cost-effective as an integrated platform.
9. Passwordless – Make sure you can go “Passwordless” on Mobile or Desktop. OKTA has strong modern passwordless functionality through factor sequencing and Webauthn but also tight integrations with the likes of VMware Workspace ONE Integration.
10. 3rd Party Factors – Make sure you have broad native factor support. Okta supports a large set of 3rd party factors. In addition to this and passwordless. OKTA has also built features that allow for customers to integrate custom SAML factors.
Start your free trial today