webinar- turbocharging okta for privileged access management
TRANSCRIPT
HELLO!I am Anirban Banerjee.
I am the Founder and CEO of Onion ID.
https://calendly.com/anirban/enterprise-demo/
IT INFRASTRUCTURE
TODAY: CHALLENGES
OKTA vs ONION ID
OKTA & ONION ID:
INTEGRATION
PROTECTION
THROUGH PAM
IT INFRASTRUCTURE TODAY
4
IT Infrastructure
Today
Laptops In house servers
Mobile devices
Cloud Servers
The Landscape is Changing
Wait for it – Cloud Services!
Why is the Cloud so Popular?
All these benefits are not without cost!
• Shift in Capex to Opex• Cost savings – 25% on avg.
• Employee Mobility• Easy access – 49% on avg.
• Scaling is easier• More efficient – 55% on avg.
• Time savings• More time to innovate – 31% on avg.
• Choice – no traditional vendor lock in
Costs in the Cloud
▸ Plan• 10- year cost of ownership
▸ Sometimes unpredictable
▸ What to Track• Instances, Accounts, Licenses
▸ How to Track• Custom tools, Vendor tools, 3rd party
Estimating Cloud Costs
▸ Not just dollars• Time to manage accounts/servers• Vendor downtime
▸ Hidden costs• Employee training costs• Service desk requests• Wastage of unused accounts/servers
▸ Who is spending• Visibility is very poor
What about Asset Management?
Asset Management:
Obvious Costs
▸ Inventory• How many accounts, servers• How many applications
▸ Audit• Regular process, just like
compliance• Set up controls
▸ Alert• Knowing is half the battle• AWS Cloudtrail• Domo• Zapier
▸ Managing users• Account setup is not easy• Multiuser support is very poor
▸ Downtime• 99.95% means 21.6 mins of downtime/mo• 99.99% means 4.32 mins of downtime/mo
▸ Resetting passwords• 18.5 Million results in a generic search• Highest ticket count for any Hoster
▸ Onboarding users and training• Users may need 11 weeks to get comfortable
Asset Management:Hidden Costs
Access to Cloud Assets comes with hidden costs!
OKTA vs ONION ID
What is Okta?
▸ A cloud-based SSO platform that allows users to enter one name and password to access multiple applications.
▸ Users can access all of their web applications, both behind the firewall and in the cloud, with a single sign in.
▸ A seamless experience across PCs, laptops, tablets, and smartphones.
▸ Saves time spent for user management, account creation, password resets.
▸ Simple access management for multiple users and apps!
Privileged Access Management
Securing access to an application is only the first step.
How can we control what happens once a user has access?
Access Management Privilege Management !
What can an employee see?
What can an employee click?
What can an employee fill?
What can an employee download?
Evolution of PAM
PAM 1.0SSH CORP
Traditional password-based protection. Additional features include:
• SSH Key Rotation• Command
Interception• Video-session
Recording
Difficult to Deploy, Use & Manage Ignores User Behavior No fine-grained PAM No SaaS features
PAM 2.0CYBERARK, BEYOND TRUST
Introduction of Server PAM • Windows and Linux
Authentication beyond passwords:• 2FA, traditional SMS
Increased PAM flexibility: • upgrade/downgrade
rights • Password Vaulting• Automatic Password
resets
Difficult to Deploy, Use & Manage Improved, but still not fine-grained PAM No SaaS features
PAM 3.0ONION IDCloud Saas PAM is a priority:• Fine gained control
over apps and licenses.• Cost monitoring and
control.• Advanced protection
features (text redaction, button intercept, form protection).
No Rules - user behavior:• Active Authentication
(geofencing, geo-proximity, air sigs, fingerprints).
• Advanced anomaly detection via adaptive ML.
Easy to Deploy, Use & Manage:• Zero Agent Design• Near Invisible 2FA
Evolution of PAM
What we offer
Privilege Access Management Full control over who has access to what and when. Real time and Intuitive
Vigilance Keep track of user activity Receive alerts for anomalous behavior Gain complete visibility through detailed reports
License Management Control your cloud costs Monitor time and money spent on cloud services
OKTA&ONION ID: INTEGRATION
16
PAM Layer Layer on top of existing services
Dynamic Privilege Management
SSO NAC CASB
Power In Unity
Okta users maintain access to their applications via the SSO mechanism
Onion ID adds another layer of security, which can be enabled for any Okta-supported application
Once activated, Onion ID offers complete control of what an employee can see, do, modify, fill out, and download within the app.
No modifications to the Okta installation, no need to recreate user profiles.
All you have to do is activate the Onion ID extension for any application that you want to support.
PROTECTION THROUGH PAM
19
Privilege Management
Command Filtering
SSH Key Management
Session Recording
URL Filtering
Action Filtering
View Filtering
Fine Grained Control
Find out which servers, applications and websites your employees are using.
Each action is risk scored using machine learning to detect and prevent threats.
Even if an application does not support role-based filtering, Onion ID can help you layer security on the application is seconds.
Real time alerts to identify misuse and anomalous changes
Make sure that compromised accounts cannot be misused.
THANK YOU!Any questions?You can find more about us at:Onion ID – Infrastructure Access Securitywww.onionid.com , [email protected]: +1-951 231 0557https://calendly.com/anirban/enterprise-demo/