Enabling Secure Access for a Remote Workforce


Enabling Secure Access for a Remote Workforce

An increasing number of organizations are supporting distributed, remote teams. While these remote-work policies allow for increased flexibility, there are unique access and security considerations that are inherent to mobile work.

What collaboration tools should I use?

One of the biggest challenges of a decentralized workforce is ensuring that employees are empowered with the right tools. Over the past few years, we’ve seen many organizations adopting digital productivity applications such as Zoom, Slack and Box to enable their workforce to collaborate remotely.

Box Slack Zoom

How can I quickly provide access to cloud and on-prem services?

Getting these new apps in the hands of your users can be done quickly and efficiently if rolled out through a single sign-on (SSO) solution.

While SSO is often associated with providing access to cloud apps, that is not its only use case. For employees that need to access cloud-hosted infrastructure, you can integrate your IaaS platforms with your SSO solution to ensure that the same set of credentials are being used when accessing servers.

Many organizations also struggle with providing employees with secure access to the on-premises applications, like Oracle eBusiness Suite, Peoplesoft, JD Edwards, SharePoint, and Qlik.

Oracle SAP IBM Peoplesoft Microsoft IIS
Hyperion JD Edwards Qlik Outlook Sharepoint

How do I deploy effective multi-factor authentication (MFA)?

Many organizations take significant steps to secure their internal networks, but those security controls do not necessarily extend outside the office. Employees may inadvertently bypass these security controls as they access corporate resources from new devices and new networks.

In addition, consider that your employees may not only be working from their home, but from a cafe, airport, or any other location. This increases the chances of an employee’s device being lost or stolen, potentially allowing a bad actor to access sensitive corporate data.

We strongly encourage customers to add a supplementary layer of security to all user accounts in the form of multi-factor authentication (MFA). Additional factors can take many forms, like security questions and SMS one-time passwords, but we recommend using strong factors like mobile authenticator apps and biometrics.

Here are steps you can take to get MFA rolled out to all your employees in a timely manner, regardless of where they are located:

Identify which factors you will make available to your employees

Our suggestion is to enable biometrics with WebAuthn (FIDO2.0) and mobile authenticator apps like Okta Verify, but we also commonly see SMS OTP and Email OTP. It’s a good idea to make at least two-factor types available to users in case they do not have access to a phone during the time of enrollment.

Decide if certain groups require stronger factors

Executives and employees who have access to sensitive information should ideally be required to provide a WebAuthn (FIDO2.0) supported factor. Examples of this include TouchID on MacOS, Windows Hello, fingerprint on Android, as well as FIDO2.0 supported hard tokens. If your employees do not have laptops or phones which support FIDO2.0 authenticators, consider sending them FIDO2.0 hard tokens from Yubico.