Okta: How CIOs can manage uncertainty and change

IT estates are a mix of old and new, on prem and cloud - how to ensure all parts play nicely together?

The CIO's life has been made immeasurably more complicated by the pandemic and its repercussions on remote working, according to Max Faun, head of consulting Europe at Okta.

For one thing it has accelerated the move to cloud and SaaS apps, and for another it has required increased trust on the part of employees and employers as they are no longer in the same building.

At the same time, it has brought back the consumerisation debate - people working from home don't want to be forced to use clunky apps and devices.

CIOs would like to be able to roll out new cloud applications without having to worry about the backend but in reality this is complicated by technical debt, procurement cycles and existing contracts, meaning that a 'big bang' approach is only possible for very small or very new organisations.

In his presentation at Computing's Deskflix Cloud Automation event last week, Faun advised IT leaders to work out what they've got in their IT estates, then "chunk it up" into bite sized tasks.

"Do what can be done quickly, and then over time, migrate and decommission the rest," he advised.

For example, replacing a legacy app with a SaaS app could be a relatively quick task, moving a legacy app to the cloud could take longer, and applications that require re-engineering will take longest of all.

Because the estate will be in a state of flux while these changes are working through, it's important not to allow individual parts to become siloed, which will make systems both inefficient and insecure, he said.

"A critical part is managing this growing and proliferating number of cloud apps that server the business requirements, be they IT owned, business owned or shadow, through the use of an identity and access management solution."

Faun continued: "Most IT and security professionals understand that identity and access management solutions are a critical component and a central pillar to managing a digital future whilst maintaining adequate or even improved productivity and security."

Another key activity is to consolidate all the directories. Having a directory to support on-premises applications and other directories for various cloud and hybrid applications is a recipe for admin overhead and inefficiency.

"If you don't consolidate your directories into one meta directory with group and rule functions, you will forever be struggling with a constantly growing IT staff doing the same actions numerous times across your individual admin consoles sitting above each directory or forest. There needs to be one directory," Faun insisted.

Finally, organisations should move towards a zero trust approach, with multi-factor authentication (MFA) perhaps the most important element for security. However, this can bump against the expectations of employees and partners, who don't want to have to constantly enter one-time passwords, but modern contextual systems like Okta make this process adaptive, meaning that trusted people working from trusted devices in trusted locations don't have to jump through the same hoops.

"Smart MFA or adaptive MFA can use [information about the user and their past behaviour] to decide when and if to challenge a user based on what's going on removing the need for unnecessary prompts," Faun explained.