In recent years, several factors have come together to drive the need for a more robust cyber strategy in government: the changing nature of work, the expansion of IT infrastructures beyond the traditional firewall and bad actors’ focus on exploiting human elements. And the employee is at the heart of it all.
With government workers signing on from remote locations, legacy solutions based on perimeter defense are no longer adequate. Along with the growing use of the cloud, and the explosion of IoT endpoints, telework has made the perimeter obsolete.
“Historically, security was built from an on-premises perspective, just trying to keep everybody out,” said Mitch Rosen, Global Director for Solutions Engineering with Keeper Security Inc., which provides password management solutions. “Now more people are working from home, often without a virtual private network. They still need to get their work done, but organizations have much less visibility and much less control around security.”
The Need for Zero Trust, Zero Knowledge
In this environment, attackers look to exploit the human interface in order to compromise government systems. Much of this comes down to password management practices.
“People use the same password over and over again, or they write them on sticky notes, they put them in a spreadsheet. All those practices, while convenient, are inherently vulnerable,” Rosen said.
Agencies need an approach to cybersecurity that takes into account the vulnerabilities of end users. They need a human-centric approach, one grounded in zero-trust and zero-knowledge strategies.
- Zero Trust: Assumes that all users and devices could potentially be compromised, and that everyone must be verified before they can access the network.
- Zero Knowledge: Stored information is accessible only by the end user; each user has complete control over the encryption and decryption of all personal information.
Solution: Enterprise Password Management
One way to achieve this is through the implementation of an enterprise password management platform, a secure location in which credentials are stored and managed. Rather than reuse passwords across personal and work devices and accounts, users can be assigned randomly generated passwords, which can be automatically provisioned and applied.
This approach to password management — rigorous, automated, highly centralized — supports the recent EO calling for agencies to adopt a zero-trust posture. Strong identity management is key to implementing a least- privileged approach to systems management. And the human-centric focus likewise enforces a zero-knowledge strategy, with encryption in place to ensure passwords are accessible only to the intended end user.
A modernized password management platform can be the first line of defense against identity breaches. As a zero-trust and zero-knowledge approach to security, a password management platform delivers security in a way that is quick to deploy and easy to use, giving agencies a pathway to achieve compliance through greater visibility and control, Rosen said.
To learn more, check out the report titled “How to Make Employees Part of Your Zero-Trust Strategy.”
This article appears in our guide “Bright Ideas for Making Cyber Stick.” To see more about how agencies are implementing cybersecurity, download the guide.
Leave a Reply
You must be logged in to post a comment.