The Great Balancing Act: Juggling Collaboration and Authentication in Government IT Networks
By Karthik Krishnan
Continuing and uninterrupted network access is critical for the effective and timely operation of federal agencies, particularly during times of crisis or disruption. Technological advancements over the past decade enabled the government to provide employees and contractors with remote access to resources that offer greater potential for collaboration, regardless of their location. However, remote access can open a Pandora’s Box of security and authentication challenges for IT managers who are tasked with protecting sensitive data and preventing vulnerabilities and intrusions.
A typical government agency uses a wide range of personnel with varying levels of security clearances in offices across the nation. Add to that a large number of contracted employees and consultants, and federal IT managers are left with a daunting task: maintaining the balance between securing the network while promoting collaboration across a group of workers using multiple endpoint devices. The need for authenticated network access control is essential to ensure individuals are granted sufficient access to tools and information to effectively collaborate 24 hours a day, using several kinds of technology.
So Many Users, So Many Authentication Challenges
Federal agencies are confronted with the challenge of providing exclusive levels of access for a seemingly ever-expanding group of users. The government must ensure access to the network from a wide range of mobile devices, both managed and unmanaged. That task can quickly become unwieldy and ineffective from an identity management perspective.
Government agencies must employ a holistic security approach to controlling remote network access by integrating authentication, data encryption and data protection. Two critical elements of identity management must be considered:
1. Establishing effective authentication policies
Properly regulating the flow of information can ensure that only authorized users can access the appropriate applications. Endpoint security compliance is also increasingly relevant because many users access the network from personal laptops that may not meet security standards.
Managing user identity is vital for government agencies because sensitive data could be compromised if the wrong user is given a higher level of access than necessary. The first step in identity management is to create a set of policies establishing explicit clearance levels. These parameters must apply regardless of user location or endpoint device.
2. Deploying appropriate technology "gatekeepers"
As government users require access to sensitive data from multiple locations -- carefully managed networks or vulnerable wireless "hotspots" -- the network must employ technology to support authentication policies. Comprehensive network policing of end users and equipment ensures appropriate authorization to protect against viruses and security breaches.
Secure Sockets Layer Virtual Private Networks (SSL VPNs) gather user identities and establish endpoint security while requiring adherence to granular user access policy. Coupled with firewalls and intrusion detection and prevention (IDP) solutions, they can provide comprehensive network protection to create insight beyond just IP addresses. They can determine who is traversing the network perimeters and what specific applications are being accessed. Further, SSL VPNs can collaborate with IDP solutions to ensure that malicious or non-compliant users are quarantined and taken off the network, thereby proving end-to-end, real-time network protection.
While remote access can enhance inter- and intra-agency collaboration, federal IT managers must also ensure that users do so securely and reliably. Boosting technology to guarantee sufficient access only to authorized users will create a responsive and trusted environment that can accelerate the delivery of intelligence and protect vital resources.
Karthik Krishnan is the Director of Product Management for access solutions for Juniper Networks. He can be reached at: .
- Add your comment
- trackback url: http://www.gsnmagazine.com/cms/trackback/690-2
