Right now, “Zero Trust” is in serious danger of becoming an empty buzzword. The problem isn’t just that marketers have slapped the Zero Trust label on everything short of breakfast cereal–it’s that for all the hype, we don’t seem to be getting any safer.

At the heart of Zero Trust is a good idea, but the way most companies execute that idea is incomplete. Specifically, most security practitioners forget that device compliance is a crucial element of Zero Trust.

Think about it: your identity provider can ensure that only known devices access your company’s apps, but just because you recognize a device, doesn’t mean it’s in a secure state. A malware-infected laptop running an outdated OS can’t exactly be “trusted.” And you can’t count on MDMs to achieve total compliance. Things like unencrypted access credentials are out of their reach, not to mention Linux devices writ large.

Kolide solves the device compliance element of Zero Trust for companies that use Okta.

Our premise is simple: if an employee’s device is out of compliance, it can’t access your apps.

Kolide’s unique approach works with Okta to make device compliance part of the authentication process. If a device isn’t compliant, users can’t log in to their cloud apps until they’ve fixed the problem. And instead of creating more work for IT, Kolide provides instructions so users can get unblocked on their own.

Kolide works across your Mac, Windows, and even Linux devices, with mobile support coming soon. Our lightweight agent complements your existing tools, brings a lot of compliance issues into scope and under control, and can complete your Zero Trust picture.

To learn more and see our product in action, visit kolide.com.

Our thanks to Kolide for sponsoring MacStories this week.

Here’s an uncomfortable fact: at most companies, employees can download sensitive company data onto any device, keep it there forever, and never even know that they’re doing something wrong.

Kolide’s new report, The State of Sensitive Data, shines a light on an area of security that is often ignored, but is nevertheless a massive hole in many companies’ Zero Trust fortress.

These findings are particularly alarming given the overall state of device security. IT teams routinely struggle to enforce timely OS updates and patch management, meaning that end users are storing your most sensitive data–things like customer records, confidential IP, and plain-text access credentials–on devices that are vulnerable to attack.

This problem has gone unaddressed because until now there hasn’t been a good solution for it. MDM solutions are too blunt an instrument for dealing with sensitive data, and DLP tools are too extreme and invasive for most companies. After all, you’re not trying to ban downloads together, nor regard every download as suspicious. You’re just trying to make sure employees aren’t keeping data for longer than they need or keeping it on an unmanaged or unsecure device.

Kolide offers a more nuanced approach to setting and enforcing sensitive data policies.

Our premise is simple: if an employee’s device is out of compliance, it can’t access your apps.

Kolide lets admins run queries to detect sensitive data, flag devices that have violated policies, and enforce OS and browser updates so vulnerable devices aren’t accessing data.

Our unique approach makes device compliance part of the authentication process. If a device isn’t compliant, users can’t log in to their cloud apps until they’ve fixed the problem. But instead of creating more work for IT, Kolide provides instructions so users can get unblocked on their own.

To learn more and see our product in action, visit kolide.com.

Our thanks to Kolide for sponsoring MacStories this week.