Hi, I'm Tom Field, senior vice president of editorial with information security media group. I'm talking today about enabling secure access and complex environments. My guest is Frederico Hakimini, his product marketing manager with Octa. Frederico, thank you so much for taking time to speak with me.
Yeah, thank you for having me. So Frederico, we know that enterprises today are large, they're complex, but how does this complexity influence their IT environments? Yeah, they certainly are large and complex and it influences their environment in two ways. First, the organizations are having actually hybrid environments today, which is basically a mix of systems both on-prem and cloud and most of the times the cloud are actually adopted not by IT, but by their marketing sales department and the data goes everywhere.
So they have systems on AWS, on-prem, on their Salesforce, so that creates a lot of pressure over hybrid IT and that changes the way they secure the systems. So how does this complexity translate to securing access both to on-prem and to cloud resources? Yeah, many organizations have this hybrid IT actually more than 70%, but most of those organizations still have separated security or siloed security. So they have a set of tools for on-prem, usually they would have let's say Oracle access manager and then maybe some VPN and some network security controls and then they have a separate set of security controls from the cloud or for the cloud systems, the modern security stack, maybe Splunk, maybe something else, but that creates a lot of redundancy, if you will.
And also it makes it fairly hard to secure those systems because they got it hop on and off in between those, also it goes, it basically spreads investment as well. So yeah, usually organizations have separated systems and that creates burden. Finally, there's something else is that because many systems are actually using password as the only access control, there is a big rise in password attacks. I believe according to the rise in more than 80% of the security attacks involved in sort of weak or stolen passwords.
Well, given that, Frederico, what do you find to be some of the fundamental controls in this blended environment? I'm thinking about things like multi-factor, single sign on. Yeah, you're right. SSYMFA helps a lot with the password and the identity as a security control, but let me step back a little because we're talking also about hybridizing, right, blended environments.
I guess the most important thing you should start with is by consolidating the security investments. So having solutions separated solutions for both on-prem and in the cloud, in terms of security, actually creates redundancy. You start having multiple redundant policies everywhere, the audit goes separately, or security team needs to blend those together to have intelligent data. So if you can have everything under the same roof, under the same solution, with the same security policy and configuration, that certainly reduces that burden on security.
Also, it reduces the pressure on the kind of security response solution you need because it doesn't need to combine logs from multiple places. Yeah, having a single solution helps a lot, but then more specifically, identity is a great area of investment, especially with single sign on MFA, especially on SAS and on-prem apps together. SSYMFA is a great ally because it is the most effective umbrella that you have in the security stack. It brings all the systems under the same roof and also applies the same policies for everything.
So you can have an employee access policy for both your Oracle on-prem and your Salesforce and the cloud. In MFA, it basically adds security on top of SSYM. So people are logging into single sign on with their passwords, but with MFA, you actually get to do more. You get to implement more security.
You can do it. You can add fingerprint authentication. You can add adaptive controls. So you just prompt for MFA in risky situations, or you just deny access in risky situations and prompt MFA all the time.
It's really up to you. So you can do that based on the network. Let's say it's the first time that user is accessing from this country or from a certain device. And you can even remove password at all using passwordless solutions.
So all of this helps you deliver the security that goes for large organizations, complex organizations, the single umbrella, single solution that works for all systems, and mitigate that account compromise risk we talked about. Frederica, let's talk a little bit about Okta. How are you providing a comprehensive solution to help customers address this complexity we've been talking about? Yeah.
I'm doing this a few years ago. But before we come up there, I guess it's worth talking a little bit about how we got here in the first place. So Okta, we started around 10 years ago, and the go at that time was to create the best identity platform we could get to make customers happy, enable to secure access to cloud solutions. And we did this very well.
We started doing this at scale. Today we support more than 6,500 systems, cloud systems with app catalogs and implementation for security is a breeze because the security team can secure cloud apps in like 20 minutes to half an hour each, and it's great for users because they access everything from the same place. And they have that as a so, that MFA, and even more so, you also have features like account management. So if some new employee comes up from HR, they want to get access to everything they need.
If they need to reset a password, they can do straight on the tool without having to call to help that. So it takes a lot of time, a lot of money, and everybody, we're very happy. So much so that the most popular question we started getting from our customers, we're like, why don't you extend and secure everything on premise? Well, I have servers.
I have my Oracle. I have my SAP or P. Then we started rolling out products and solutions to go with the entire hybrid IT, and we came up to that stage right now. So first we released a product called advanced server access a couple of years ago to secure servers.
And most recently we released a product called Access Gateway, which just extends the security of Octa from the cloud to all the on-prem apps you need, from your Oracle to your IBM to your zero-print, your SAP. And surprisingly, or maybe not surprisingly, OEG, this practice is London because as soon as we released it, many organizations realized that Oct supports all the hybrid IT environments. And also, it is a great way of replacing legacy single-sign-on or web solutions that are being deprecated, like say, a siteminder, like Oracle Access Manager, IBM, TBO, the Access. So back to your question, all of these together is what makes securing hybrid IT without that easy using the same policy in the same system.
So this is what we've been doing the last years, and it all kind of came together around like a year ago, where we completed the solution, if you will. So today with Octa, you secured everything using the same policy in the same system. Well, very well said, Frederico, I do appreciate your time and your perspective today. Thanks for spending a few minutes with me.
Yeah, thank you very much. Actually, I would like to give everyone here the audience a final tip. So if you want to hear a little bit more about Octa and learn about how we do all of that, I told you, we have two great videos on YouTube. And if you want to check it out, just go YouTube and you can search for two things.
First is Octa Workforce, which basically is a video that tells you in around 60 seconds, what we do for the entire hybrid IT. In second, it's just Search for Octoxes Gateway on YouTube. There's also a 60 second to 90 second video that shows you how in the details on that. Well, very good, Frederico.
Thanks so much. Again, I look forward to speaking to you again sometime soon. For sure. Thank you, Tom.
One more time we've been talking about enabling secure access in complex environments. You've just heard from Frederico, Pacamini, he's a product marketing manager with Octa. For information security media group, I'm Tom Field. Thank you very much.