This blog post is an excerpt from GovLoop’s recent guide “Your Guide to Identity and Access Management.” Download the full guide here.
Today in government, the security perimeter and user credentials have expanded to include mobile devices, Software-as-a-Service (SaaS) applications and technology such as software bots. At the same time, compromised user credentials have become vulnerable to sophisticated cyberattacks. Together, these changes have created a critical need for strong identity governance in the federal government.
But limited budgets and a shortage of trained cybersecurity personnel can make it difficult for government agencies to verify that user access is authorized, secure and compliant.
To learn why strong identity governance strategy can help the public sector move past these challenges and achieve compliance and security objectives while empowering end users, GovLoop sat down with Frank Briguglio, Public Sector Identity Governance Strategist at SailPoint. SailPoint is a leader in Identity Governance and Administration.
Data breaches that expose user identities are on the rise. In 2018, the Identity Theft Research Center reported that hacking was the most used method of breaching data, with 482 data breaches resulting in almost 17 million records exposed.
Briguglio explained that enterprise security is in need of a new paradigm and must evolve from network-centric to identity-centric. The increasingly complex relationships between people and data is redefining perimeter defenses, and it means that the public sector must think about identity in a very different way.
“The traditional network as we know it today can be breached,” said Briguglio. “So how do we protect our high-value assets? Really, identity and the access controls are the best way.”
According to Briguglio, a strong identity governance strategy is what will help the federal government achieve compliance and security objectives while empowering end users.
The role of identity governance is simple in principle: give the right people the right access to the right data. To do this, trusted and properly managed identity access has to become the primary control.
That’s where SailPoint comes in.
“SailPoint offers a modern identity governance and administration platform,” Briguglio explained. “We can be deployed on-premise, in the cloud as a SaaS solution or as a managed service. We can deploy everywhere, anywhere, to meet the requirements of federal, civilian, our DoD [Defense Department] and Intelligence Community agencies.”
As the trusted vendor managing more than 2 million identities at 54 agencies, SailPoint helps the federal government meet their compliance requirements by controlling who has access to IT resources and monitoring how that access is used. Their cloud identity governance platform uses automated IT processes to drive efficiencies and maintain stringent regulatory compliance requirements. It also helps agencies apply machine learning techniques to prevent unwanted application and data access that typically leads to data breaches.
Using the right identity access management solution will empower users to manage their passwords and simplify the process for gaining access securely, Briguglio concluded.