Government agencies have often seen security as an obstacle to the adoption of emerging technologies and strategies. The problem has been that traditional security solutions lacked the flexibility needed to adapt to changing requirements. But that mindset is changing, as agencies adopt security solutions that enable them to deploy new security measures quickly and easily.
To learn more about this shift, we spoke with Kevin Jermyn, Federal Customer Success Director at CyberArk, which provides privileged access management solutions. He highlighted three steps that agencies can take to improve the flexibility and effectiveness of their security strategy.
1. Reduce the overhead involved in managing access.
Traditionally, the deployment of a new managed access security solution requires setting up an entire server architecture, which is expensive, both in terms of upfront costs and long-term maintenance. A Software-as-a-Service (SaaS) approach changes that equation.
This is especially important when an agency needs to scale up and scale back access management services on demand – for example, to give remote partners temporary access privileges. Without a SaaS-based access management solution, that would be an administrative headache, Jermyn said.
With SaaS, agencies “can focus on managing their business operations – and do it in a secure fashion,” he said.
2. Simplify the management of application credentials.
Many agencies are modernizing their application environments by using automated IT infrastructure, containerization and DevOps methodologies. The challenge is that these approaches involve a wide array of non-person entities, such as vulnerability scanners, RPA platforms and Continuous Integration/Continuous Development (CI/CD) tools. These entities should be issued credentials, just like developers.
That’s not easy, given the accelerated speed of the development environment, Jermyn said. “Sometimes your development teams move to modern development cycles without considering the impact of credential sprawl.”
You can simplify application credentialing by integrating the application credentialing manager with CI/CD toolsets and container platforms. “We allow developers to ensure that any credentials needed by their applications are provided in a secure and audited fashion,” Jermyn said.
3. Enforce least privilege at the endpoint.
Agencies should provide end users with access only to those specific network resources they need to do their jobs. This concept of “least privilege” is a way of reducing the risk of both accidental and malicious cyber disruptions.
End users – especially developers – often push for elevated permissions or even administrative rights. Otherwise, they say, they’ll need to go to the help desk for even minor requests, which can undermine productivity. But, in the wrong hands, elevated permissions mean trouble. “This can easily be exploited by an attacker as part of their attack cycle,” Jermyn said.
The key to enforcing least privilege is to combine several capabilities:
• Advanced privilege management, making it easier to manage, elevate and remove local admin rights without impacting productivity.
• Credential theft protection, protecting operating system browser and file cache credential stores.
• Application control, automatically blocking malware from running and reducing configuration drift on endpoints.
This article is an excerpt from GovLoop’s recent guide, “Beyond the Hype: Your Emerging Tech Playbook.” Download the full guide here.