AWS re:Invent 2023
Okta Privileged Access Zero Standing Privilege Is No Longer a Myth Sec106

Title

AWS re:Invent 2023 - Okta Privileged Access: Zero standing privilege is no longer a myth (SEC106)

Summary

  • Introduction: Jason Fehrenbach from Okta Privileged Access discusses Okta's vision and its role in privileged access management (PAM).
  • Okta's Unified Platform: Okta integrates access management, privileged access management, and governance into a unified platform to reduce identity silos and simplify identity management.
  • Privileged Access Management: Okta focuses on PAM as part of a broader identity management strategy, aiming to answer key questions about access rights and reduce the number of silos.
  • Strong Authentication and Policy Engine: Okta uses strong authentication and a policy engine to ensure secure access to privileged resources, including integration with governance for approval processes.
  • Frictionless User Experience: Okta aims to balance security with user experience by automating approval requests and integrating with the command line interface (CLI).
  • Risk Signals and Insider Threat Protection: Okta plans to use risk signals and AI for insider threat protection, including universal logout and active session termination based on risk score changes.
  • AWS Integration and EC2 Access: Okta's integration with AWS, particularly EC2, allows for just-in-time access and dynamic account lifecycle management, moving away from SSH keys and passwords.
  • Transactional MFA and Policy Engine: Okta introduces transactional multi-factor authentication (MFA) for individual SSH or RDP connections, enforced at the Okta layer.
  • AWS Entitlements Discovery and Analysis: Okta's new capabilities include connecting to AWS organizations to discover and analyze permission sets and resources, aiming for least privilege access.
  • Vaulting Service and Secrets Management: Okta expands its vaulting service to manage static secrets and apply policies for access control.
  • Roadmap and Future Plans: The roadmap includes the release of new features on December 1, with ongoing iterations and developments in areas such as secrets management, AWS entitlements, privileged elevation, and service account protection.

Insights

  • Okta's Vision of Zero Standing Privilege: Okta's approach to PAM aligns with the concept of zero standing privilege, where users are granted just enough access for the time needed to perform a task, reducing the risk of unauthorized access.
  • Integration with AWS: Okta's focus on AWS integration and the popularity of AWS among Okta users highlight the importance of cloud infrastructure in identity management strategies.
  • Emphasis on User Experience: Okta's efforts to automate approval processes and integrate with CLI tools demonstrate a commitment to improving the user experience without compromising security.
  • AI and Risk-Based Security: The mention of Okta AI for insider threat protection suggests a trend towards more intelligent and adaptive security measures that respond to real-time risk assessments.
  • Secrets Management as a Growing Concern: The expansion of Okta's vaulting service to include static secrets management indicates a recognition of the challenges organizations face in securely managing credentials and sensitive information.
  • Continuous Innovation: The roadmap presentation underscores Okta's commitment to continuous innovation and adaptation to emerging security challenges and customer needs in the identity and access management space.
Observability Best Practices for Hybrid Environments Biz211Omics Innovation with Aws Healthomics Amgens Path to Faster Results Aim215