Okta brings identity management to server level

NelsonG · April 2, 2019

Since it was founded in 2009, Okta has been focused on protecting identity — first for individuals in the cloud, and later at the device level. Today at its Oktane customer conference, the company announced a new level of identity protection at the server level.

The new tool, called Advanced Server Access, provides identity management for Windows and Linux Servers, whether they are in a datacenter or the cloud. The product supports major cloud infrastructure vendors like Amazon Web Services, Microsoft Azure and Google Cloud Platform, and gives IT the ability to protect access to servers, reduce the likelihood of identity theft and bring a level of automation the server credential process.

As company founder and CEO Todd McKinnon points out, as every organization becomes a technology company building out their own applications, protecting servers becomes increasingly critical. “Identity is getting more and more important because there is more technology and zero trust in the network. You need to manage identity not just for users or devices. We are now applying our identity [experience] to the most critical resources for these emerging tech companies, their servers,” he said.

McKinnon explained that developers typically communicate with Linux servers via the SSH protocol. It required logging in of course, even before today’s announcement, but what Okta is doing is simplifying that in the same it simplified logging into cloud applications for individuals.

People’s roles change over time, but instead of changing those roles at the identity layer to allow access to the server, in a typical shop the development or operations team creates an admin account with a superset of permissions and simply shares that. “That means the admin account has all the permissions, and also means they are sharing these credentials,” he said. If those credentials get stolen, the thief potentially has access to the entire universe of servers inside a company.

Okta’s idea is to bring a level of automation to the server identity management process, so that users maintain their own individual credentials and permissions in a more automated fashion, even as roles change, across the entire server infrastructure a company manages. “It’s continuous, automatic, real-time checking of the state of the machine, and the state of the user and the permissions that makes it far more secure,” he said.

The tool is continuously monitoring this information to make sure nothing has changed such as another machine has taken over, avoiding man-in-the-middle attacks. It’s also making sure that there is no virus or malware, and that the person who is using the machine is who they say they are and has access at the level they are using it.

Okta went public almost exactly two years ago, and it needs to keep finding ways to expand its core identity services. Bringing it to the server level as this new product does moves the idea of identity management deeper into a technology stack, and McKinnon hinted the company isn’t done yet.

“You might not think of server access is an identity opportunity, but the way we do it will make it clear that it really is an opportunity, and the same can be said for the next several innovations we will have after this,” he said.