You’ve heard the phrase “with great power comes great responsibility.” That’s how government has to operate, as their data centers contain the sensitive, private information of countless citizens.
Protecting that information is paramount, but as agencies set up security gateways and protections to guard against external hackers, the biggest threats might come from inside of the organization.
Insider threats are dangers that originate within an organization, and they can be hard to stop. They can come in all different forms, and their proximity to sensitive data can grant them much easier access to classified information compared to external hackers.
Against a broad landscape of threats, agencies need protections at every level. A layered security approach combines multiple security controls to holistically protect assets and data.
To defend against insider threats, a layered security approach specifically blends access, identity and security event management.
Layered security starts with multifactor authentication (MFA) to verify users. MFA double-checks the identity of users by requiring two or more proofs of person, such as a password and an emailed code, before allowing access to data. MFA can help take care of the “who” question of layered security.
Next, agencies need to manage user access privileges. By determining which users can access what data, agencies ensure that no one has unnecessary permissions. A software engineer in a Veterans’ Affairs Department hospital, for example, might not need access to confidential medical records that a doctor, by necessity, does.
In addition to knowing who is on your network and what they have access to, agencies need to be able to manage users’ actions on the network. This provides better visibility and control of systems.
Visibility into what users on the network are doing can establish use patterns, as well. These patterns can detect when users are acting unusually, which could be a red flag for potential threats. A layered security approach offers the tools to track network users as they change roles and can allow for the simple deprovisioning of permissions.
When agencies know who is on their network, what access is granted and usage patterns, they have the added benefit of meeting components of an important federal initiative: the Continuous Diagnostics and Mitigation program (CDM). CDM helps agencies ensure that they have the right solutions and procedures in place to validate and monitor security and mandates compliance.
After tracking and accounting for the activity on systems, agencies can look to further expand their security. By bringing in machine learning and predictive analytics, agencies can boost the speed at which data can be analyzed for patterns and potential dangers. Plus, delivering these tools via automated methods reduces the strain on agency employees and frees up time for workforce security training.
To find out more about how a layered security approach can work against insider threats, check out the new GovLoop course, A Layered Approach to Insider Threat Prevention.