Beyond Access: How to Secure Your Users’ Interactions with BetterCloud

This post originally appeared on Okta’s Security Blog.

The rise of user mobility and SaaS application adoption have drastically changed the landscape for access and security: More people are accessing more resources from more locations and more devices. Organizations must ensure that all users around the globe—whether remote employees, customers, partners, or contractors—can securely access data and protect applications anywhere.

In this post, we’ll explore how Okta and BetterCloud work together to keep these users secure.

What is Zero Trust security?

To enable mobile and cloud experiences without compromising security, many organizations have shifted their security strategy away from focusing only on the network. Rather, they have begun to focus on the user, including their behavior, devices, interaction with resources, and other user context.

This “Zero Trust Security” framework assumes that no user is coming from a trusted network or trusted device and should therefore be given unbridled privileges. Instead, IT and the security team validate the identity of the user at the point of access to ensure unauthorized users never gain access to an organization’s restricted systems or applications.

Adopting a Zero Trust security model

As the leader in identity and access management, Okta has championed the Zero Trust model and has been recognized as a strong performer that enables organizations to securely embrace the rise of cloud and mobile adoption by moving away from a network-based perimeter, and instead evaluating the context of the user and device before granting access.

However, security should not end at access. Once access is granted, IT still needs to ensure that the user has the right privileges, not only to the application itself, but also within the application. Should a user be allowed to share certain resources within Box or Google Drive? What types of files are shared within Slack? Can I create custom admin roles within G Suite? Okta has partnered with BetterCloud, a leader in SaaS Operations Management (SOM), to extend securing user access to also securing user interactions within applications themselves. Organizations large and small now look to Okta and BetterCloud to secure both their users’ connections and interactions across their entire digital workplace.

Managing SaaS application interactions to prevent insider threats

Though a user is “trusted” within the organization and interacts with only other “trusted” users (e.g. employees, partners, customers), it’s still possible that the user exhibits untrusted behaviors which can compromise an organization’s data once access has been granted. This is often done without malicious intent. In fact, a recent survey by BetterCloud shows 62% of respondents believe that their biggest security threat comes from well-meaning, but negligent employees. Managing user interactions within applications is an important step in securing your users.

But many IT and security professionals are unaware of these blind spots. The proliferation of SaaS creates new ways for users to expose data. Content sharing permissions and configurations are complex. And even if IT knows they are missing something, they have no easy way of understanding what data is exposed within their SaaS applications and how to plug those holes. As employees collaborate freely through SaaS applications—from any place, at any time—SaaS is turning into a new threat vector for insider threats.

Okta + BetterCloud: Enforce policies that secure user interactions

Together, Okta and BetterCloud give you the flexibility to protect against insider threats by providing complete visibility across your SaaS environment—right down to the data assets and configurations of SaaS apps. Okta provides secure access into your SaaS apps along with proper provisioning, while BetterCloud gives you visibility into how your SaaS apps are being used, along with mechanisms to secure them.

With Okta + BetterCloud, not only can you create alerts for the events that actually matter to you, but you can also create automated workflow policies to remediate security concerns.

This means organizations of all sizes—whether 100 or 10,000 employees—can now connect security insights from user interactions within Okta and popular SaaS content-sharing apps to detect and remediate insider threats. For example, you can remediate Box misconfigurations and remediate Google Groups misconfigurations. Misconfigurations like these are no one’s fault; they occur because of the variety and complexity of settings that exist in SaaS applications.

The impact

A year since we launched the Okta + BetterCloud partnership at Oktane18, over 400 mutual customers now use both Okta and BetterCloud together to solve their access and interaction challenges around their best-of-breed SaaS stack, including industry-leading brands like Peloton, Bird, Juul Labs, and Spotify.

Here are some results that these customers have experienced after implementing Okta + BetterCloud:

• 43x faster remediation time for security incidents since they now have automated alerts and actions set up to create remediation paths for any suspicious user interactions.
• 85% reduction in time spent locating specific configurations, settings, data objects across SaaS apps.
• Compliance with GDPR by putting security measures in place to solve for group management, email forwarding, and user access roles.
• Enforced data protection policies by locking down sharing settings on email and documents, removing third-party connected applications with unnecessary access to employee data.
• Eliminated unnecessary number of super admins by granting users delegated admin privileges and saving 13.5 hours setting up and training new admins.

Learn more about securing user connections & interactions

The digital workplace now presents a new generation of insider threats. Okta and BetterCloud
have you covered. If you’d like to learn more about how mutual customers are benefiting from their use of Okta and BetterCloud together, hear directly from them in this customer panel video
from Oktane19, or contact us here.