Technological advances have driven the workforce and humanity to new heights, even enabling a society that functions largely digitally during a pandemic. But the proliferation of applications, accounts and the like creates new challenges for security – a more-tech-means-more-problems conundrum.
Unmistakably, technology has become more complex. Instead of one smart device, you likely have several. Instead of one password, you probably have an array. Instead of one login screen, you often have to go through multiple gates.
Security is scrambling to keep pace in the innovation race, and try as it may, it often strays behind. There’s just so much to secure, and with the infamous cyber skills shortage in government, teams don’t have enough hands for it all.
“There’s a tremendous amount of complexity involved here,” Michael Epley, Chief Architect and Security Strategist for Red Hat’s North America Public Sector. “It’s very difficult to get people that can look at all those different systems and integrate, or tie them all together, safely.”
But security isn’t locked into a losing battle; it can still catch up.
Relearn the practice
Imagine someone strolling through an apartment lobby and pressing on door handles until they find an unlocked room to ransack. That’s what hackers try inside networks.
To make it more difficult, agencies need constant security checks – at the front door, in the elevator and for each individual room.
Zero standing privileges is a concept that prevents guaranteed entry. It’s an extension of the least-privilege model and paves the way for a zero-trust security strategy, which constantly asks users to verify identity.
Layered on top, privilege access management ensures on-demand access for users after they prove they need it. Criminals are locked out, and users can access the room they need.
Having more locks makes no difference if one key opens them all. In other words, users need more than one way to verify their identity.
Identity checks now rely on multifactor authentication, an example being a texted code. The problem here is that employees don’t want to be treated as strangers in their own agencies.
An easy way for agencies to maintain security without encumbering employees is biometric authentication, like fingerprint and facial ID, Epley said. These secure and easy-to-use MFAs don’t impede productivity and promote acceptance, not circumvention.
Don’t go alone
Agencies need data from all their services working together to beat back attacks, but integration is no small feat. For that reason, many are looking for ways to manage the complexity of securing their enterprises.
Turning to managed security services is one strategy facilitated by cloud platforms. Managed services essentially outsource security – as completely or partially as agencies would like in areas like zero trust – while still giving agencies control of their data and policies. Combined with clearinghouses for intra-agency risk and threat analysis, these services respond quickly to their environments.
“You’re using a managed service that’s presumably provided by an expert in that particular piece of technology. That’s why you’re starting to see a rise of more managed services,” Epley said.
This article is an excerpt from GovLoop’s recent guide, “Your Cybersecurity Handbook: Tips and Tricks to Stay Safe.” Download the full guide here.