This blog post is an excerpt from GovLoop’s recent guide “Your Guide to Identity and Access Management.” Download the full guide here.
Agencies today are looking to better reach citizens and improve internal processes, all while staying ahead of modern threats. But as agencies focus on these efforts, they must be mindful of mitigating dangers to their data.
Credential-based attacks – such as phishing, password spraying, brute force and more – are common vectors that can be mitigated with strong multifactor authentication, built into the workforce/IT experience and also constituent-facing programs.
Whether your agency is building a new citizen-facing portal or unifying a constellation of existing services, there are ways to prevent these credential-based attacks and make web and mobile access secure, compliant and frictionless.
“Today, people are accessing more resources from more locations than ever before, changing the dynamic away from the previous ‘castle-and-moat’ or perimeter-style approach to security and instead centering controls around the only commonality in today’s environment: people – and their identities,” said Ted Girard, Vice President of Public Sector at Okta.
“By tackling security from a zero-trust lens – and we’ve heard from a number of customers that identity is often where they start on their zero trust journey – they’ll be better equipped to mitigate today’s threat actors, especially those employing the common credential-based attacks.”
To this end, the Office of Management and Budget (OMB) recently updated its federal identity, credentials and access management (ICAM) policy, encouraging the use of more flexible solutions, supporting pilots for new authenticators and requiring agencies to create an ICAM team.
The memo notes: “While hardening the perimeter is important, agencies must shift from simply managing access inside and outside of the perimeter to using identity as the underpinning for managing the risk posed by attempts to access federal resources made by users and information systems.”
“The memo aligns really well with how Okta sees identity’s role evolving both from a management and security/privacy perspective in government agencies,” Girard explained. “Okta can play a role in supporting major IT modernization projects, as well as in improving security for agencies. Our cloud-based, industry-leading identity and access management platform comes with all of the tools you need to manage a complex user base at scale.”
IT and security leaders recognize the need to adopt new, often cloud-based technologies to better support and secure their workforces and constituents, but they’re also faced with decades’ worth of legacy technologies, regulations and processes that stifle adoption and growth.
“Okta can help make the transition easier and more secure, which is why today dozens of agencies use Okta to consolidate disparate systems, securely adopt cloud services and find new ways to better reach their constituents,” Girard concluded.