April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
From access control to preventing data leakage: How agencies can secure their infrastructure from the inside out
Faced with a new generation of network threats, the government now spends an equal amount of attention and resources on cybersecurity and physical security. With the Federal Identity, Credential, and Access Management (FICAM) roadmap passing the one-year mark, identity and access management is a top concern for federal CIOs.
Agencies are no longer only battling a rogue individual trying to “brute force” a firewall password or hack into a single perimeter system, but a long-term, sustained attack or penetration attempt by organized cyber criminals. Cyber attacks are much more sophisticated. They often look to exploit systems through a combination of methods, (including some that are non-computer-related), such as social engineering, telephone interception, etc. Because of this, organizations are looking to reduce their “attack surface” and one effective way of doing this is by securing communications, ensuring that those accessing the systems from the outside are known and trusted.
One of the challenges in securing government IT systems is providing secure access for those outside the organization and authenticating non-native users who are accessing the IT system. In many cases, the entire supply chain is receiving more scrutiny, down to small suppliers. In other cases, there is concern that partner organizations may be weak links, with state and local governments, healthcare organizations and other groups being subjected to increased review and screening.
To address these vulnerabilities, agencies are trying to develop a comprehensive view of the sources of security breaches, beyond password management and provisioning. To that end, when deploying the next-generation of cyber solutions, federal CIOs will be looking for technologies that offer a holistic approach to securing their government systems.
Currently, there is a strong shift toward logical access controls (LACs) to secure the IT infrastructure from internal data leakages and outside breaches. The shift is not only driven by the FICAM roadmap, but also because most federal users have already been issued a Common Access Card (CAC) or Personal Identity Verification (PIV) card. Initially, those cards provided the ability to authenticate the user, but were used for PACs (Physical Access Control). The cards provide a set of encryption keys, which can be used not only to establish the user’s identity, but also to secure the data being sent to and from the user’s account. Thus, agencies are using the smart cards to ensure logical access control and provide secure communications after the authentication is performed.