ForgeRock and Secret Double Octopus Extend Partnership to Make Securing Employee Workstations Easier
Many of us start our day by logging in to a desktop. However, none of us think that this seemingly inane activity is the sole tool protecting crucial corporate information. Employees' workstations are a prime target for malicious actors for apparent reasons – any unauthorized access to a company laptop or desktop can immediately put sensitive data at risk and can easily cause a chain reaction with devastating consequences. Fortunately, multi factor authentication (MFA) is designed to protect against a vast range of attacks that rely on stealing workforce credentials.
Octopus Lite – MFA is Plug-and-Play
We’re thrilled to offer customers a better way to protect their workforce. By easily integrating into any ForgeRock setup, Octopus Lite brings a fresh approach to employee MFA. It makes deployment simple for IT teams, which can have it up and running in a matter of days, regardless of their workforce size. Octopus Lite allows employees to access their workstations using the ForgeRock Authenticator app, with its familiar and speedy user interface, instead of OTP (One-Time Password) tokens or hardware keys.
ForgeRock and Secret Double Octopus are proud to collaborate on this vital step toward our shared vision of a unified MFA mechanism for the workforce. This unified authentication platform delivers an immediate ROI by lowering employee downtime and helpdesk needs, plus it's cheaper to deploy and maintain. And most importantly – it leaves no security gaps to fill – starting with the workstation and covering any business system, on-prem or in the cloud.
How Protected are Your Endpoints?
When it comes to physical access to an employee's computer, the threat is not limited to professional hackers. Anyone who stumbles upon an unlocked desktop might be able to probe around and discover valuable corporate assets. Locally stored files may contain sensitive personal or business information. Even with the wide adoption of cloud storage technologies, much of that cloud-stored data is synchronized to corporate workstations. Employees may also keep local copies of frequently used files that could hold sales and customer data, trade secrets, or legal agreements.
These files are just part of the problem. Trusted workstations often take on the rights of their users. An email sent from the CFO's laptop can allow a scammer to steal a fortune without hacking skills. A developer's workstation with permissions to code repositories can be used to steal trade secrets or insert malicious code into an application.
A breached workstation can be especially dangerous for organizations leveraging single sign-on (SSO) platforms when the endpoint isn't adequately secure. SSO tools can enable immediate access to many company assets, so anyone logged in to the machine could potentially gain access to the user's SaaS and cloud accounts without any further authentication. By simply getting access to an unlocked workstation, a bad actor could access a wide array of downstream systems.
A sophisticated attacker will almost certainly try to make the most out of the opportunity. A creative hacker could extract cached browser passwords, copy encrypted files, install malware, or gain access to internal networks; the damage could be quick and widespread.
These risks have led companies to invest heavily in protecting their employees’ endpoints. The standard set of solutions dedicated to business workstation security is vast. It often includes antivirus and antimalware tools, unified endpoint management platforms, data loss prevention (DLP) solutions, disk encryption, and more. The layering of these tools is essential to defending against advanced cyber-attacks.
Still, when it comes to the most basic security measure – authenticating access to the workstation itself – security is often neglected for technical reasons or usability considerations.
MFA to the Rescue?
Most companies require a password to log in to any workstation, and typically that password is selected by the user. Users add this desktop password to the long list they already manage. Password overload often leads to overly simple, easy-to-guess, or reused passwords. These passwords are anything but secure.
Using these non-secure passwords as the only protection against unauthorized access is no longer acceptable in most modern business platforms, so why should the desktop be different?
Protecting an endpoint with a simple password leaves it highly exposed to many common attacks, from simple credential thefts to more advanced directory attacks and brute-force cracking.
One of the most effective solutions to mitigate these threats is multi-factor authentication (MFA). However, deploying a desktop MFA solution can be tedious for IT teams and painful for end-users. Selecting one that integrates seamlessly with an existing IAM platform can be a powerful game-changer for domain security and overall management costs.