Nationwide, agencies have embraced telework during the COVID-19 pandemic. While most agencies have rapidly transitioned to remote work, it hasn’t been without challenges. Many agencies couldn’t provide remote access to systems except email when the crisis first hit and as a result, workers couldn’t access many of the systems they use daily.
At the same time, threat actors haven’t been sitting still, and attacks such as phishing and spear phishing are on the rise. Now, traditional network-oriented security isn’t sufficient with users accessing resources from more locations and devices than before.
That is why identity and access management (IAM) is critical to helping agencies navigate this new normal. IAM covers the policies and tools ensuring the correct people have the appropriate access to organizational resources.
Kelsey Nelson is Senior Product Marketing Manager at Okta, a cloud-based IAM provider. Nelson shared three ways IAM can improve agencies’ teleworking cybersecurity.
1. Practice zero trust
Zero trust cybersecurity involves never assuming trust for any entity inside or outside an agency’s IT perimeter. It is a modern security strategy that helps agencies manage, monitor and secure their data across all their applications, devices, networks and users.
According to Nelson, the COVID-19 outbreak has pushed the need for a zero trust approach to security to the forefront of IT and security leaders’ agendas. “Zero trust isn’t something that we’re building toward or that we want to enable conceptually in the future,” she said. “It is today. Everyone is outside the perimeter.”
As agencies begin down this zero trust path, starting with a strong foundation in identity and access management will not only help strengthen security for agency workers, contractors and partners, but also help make it easier for them to get to the tools they need to be productive.
2. Understand users
Agencies need to find ways to continue to drive productivity without compromising security. At the end of the day, users will find ways to circumvent security controls if they become too cumbersome to do their work. Granular access policies based on their devices, networks, users and location context can help keep agencies improve both security and the end-user experience.
These policies give employees only the access and tools needed for their jobs and also weigh risk of each authentication. If the risk is low, agencies can choose a more streamlined access experience and if the risk is high, agencies can set policies to require multi-factor authentication via the factor of their choosing. This policy framework makes it simple for both IT and security leads and end users.
3. Find ways to automate
Onboarding and offboarding workers, contractors and partners is always a challenge for agencies, but even more so when workers aren’t able to come to the office.
Using identity solutions to automate provisioning and deprovisioning will be a critical way to both help IT teams streamline manual, often error-prone tasks like this and also for agency workers to start work as efficiently as possible. And, in doing so, it’ll help agencies mitigate the risk caused by latent access, orphan accounts or incorrect access provisioning.
Whether it is on-premises or remote, IAM can help shield agencies from any cyberthreat – and get workers back to helping achieve their mission as quickly as possible.
This article is an excerpt from GovLoop’s recent report, “CIO Perspectives: A New Vision for the Government Workplace.” Download the full report here.