Making Your Identity and Access Management Resilient

No government can afford the wrong people accessing their information. After all, constituents expect that the sensitive data they give to agencies will remain private. When cybercriminals steal that data, the trust between agencies and their constituents erodes.

Unfortunately, remote work has made cyberdefense more difficult for agencies. Traditionally, governments have protected their data by constructing network perimeters around it. But as the distance networks cover grows, so do the chances of a cybersecurity incident disrupting agencies’ resilience.

Cloud-based identity and access management (IAM) can free agencies from this predicament. IAM covers the framework of policies and technologies ensuring the right users access the right resources appropriately. When combined with cloud computing, IAM can dramatically improve public-sector resilience.

“You want a deployment model that’s flexible enough to protect your workforce no matter where they do their work,” Steve Schmalz, Field Chief Technology Officer (CTO) at RSA Federal, a computer and network security provider said of the cloud.

Schmalz discussed three methods for increasing agencies’ resilience with cloud-based IAM.

1. Turn to zero trust

Perimeter-based security has a major flaw: it makes perimeters the only place agencies can enforce security. If cyberthreats breach this perimeter, agencies’ resilience may be at risk as the only way to shut out cybercriminals is to shut out everyone.

Enter zero-trust security. Zero-trust security treats all devices and users as untrustworthy until their identity has been verified. This model prevents bad actors from obtaining valuable assets by deploying multiple policy enforcement points as close to the assets as possible. If a breach happens at one of these assets, it must be shut down.

2. Add authentication options

Today, agencies have an unprecedented number of identity authentication services. Whether it is authentication tokens, cell phones or other options, agencies can leverage the most convenient and secure solutions for their workers. Even better, cloud can help agencies implement these solutions with more speed and security than before.

Biometrics can add another security layer to cell phones by making users verify their identity using bodily characteristics such as fingerprints.

3. Unify user experiences

Too often, agencies cannot provide the same UX for tools like IAM when they are on-premise or cloudbased. With a hybrid approach that effectively integrates their on-premise and cloud-based IAM services, agencies can ensure their users’ login experience is the same no matter what services they are accessing.

Cloud-based IAM like RSA Federal provides can give agencies the cloud’s flexibility and scalability without sacrificing security. The result is more resilient agencies worrying less about implementing secure IAM.

Additionally, Schmalz encouraged agencies interested in learning more about RSA Federal’s solutions to contact Four Points Technology, an IT solutions provider. Four Points Technology is RSA Federal’s Platinum partner, offering RSA Federal’s solutions on federal contracts and presales engineers who can evaluate customers’ needs.

This article is an excerpt from GovLoop’s recent guide, “Bouncing Back: How Your Agency Can Handle Disruption and Embrace Resilience.” Download the full guide here.

Leave a Comment

Leave a comment

Leave a Reply