cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Three Steps to Improve Identity and Access Management Without Undermining Productivity

Level 12

Today’s government IT professionals set rules to provide users with access rights, improving workflows while protecting agencies against threats. Unfortunately, the prevalence of mobile devices and cloud-based applications has made it increasingly difficult to establish those controls. This has led to security and compliance challenges, particularly surrounding identity and access management (IAM).

 

Mobile devices and cloud services have made it tougher for IT teams to get a handle on network activity. Employees are turning to many different applications—some of which may be considered unsanctioned “shadow IT” apps—and will often request access rights to get around what they consider security roadblocks.

 

These factors contribute to an increase in accidental or intentional insider threats that can pose significant risk for data loss. According to the 2018 SolarWinds federal cyber security report, careless or untrained insiders are the largest source of security threats for government agencies.

 

Here are three steps managers can take to gain better control of their agencies’ security postures without impeding their colleagues’ workflows.

 

  1. Audit who has access and what they’re accessing. Automated monitoring can help teams gain a good perspective on which applications are being used and who’s using them.

 

Managers can start by scanning their Active Directory and file servers to analyze user access to systems, files, and data to identify unknown users and users who may no longer work for the agency.

 

  1. Set up role-specific templates aligned with security policies and enforce a policy of least privilege. Inevitably, users will get promoted, move to different teams, and increase their responsibilities. In anticipation of these events, IT managers should incorporate an overall policy of least privilege enforceable on a case-by-case basis. Providing access privileges for only what’s necessary can go a long way toward keeping things under control.

 

  1. Shine a light on shadow IT. It’s not just users IT needs to worry about; it’s also the applications they’re using. Monitoring can also shine a light on the applications users might be accessing without knowledge of the IT department. Applications posing risks can be disallowed, while those deemed safe can continue to work yet be closely monitored to ensure they remain secure.

 

Shining a light on all the applications in use can offer a clear understanding of what’s going on, so they can better secure their networks. This is particularly important for file-sharing services that could increase the risk of data loss.

 

Avoiding Unwanted Friction and Preserving Productivity  

Managers can be forgiven for wanting to block wide swaths of applications, users, and devices, but it’s not a practical approach—it can lead to unwanted friction between government employees and IT staff and undermine agencies’ ability to take advantage of the many benefits provided by cloud-based applications.

 

Creating a solid IAM program is a much better option. It ensures the right users have the right access to the right applications without compromising security. That’s a win-win for everyone.

 

Find the full article on Government Computer News.

 

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

5 Comments
Level 15

Thanks for the write up!

Level 13

Thanks for the article!

Level 12

I really like that you numbered these 1, 1, and 1. Each is very important and there's a big problem if any one is missing.

MVP
MVP

This article was another stinger .... There are only 4 of us with super human rights to rule the world... we have continued to neglect the privileged called domain admins.  I passed on an article the other day and we quickly fixed our accounts!!! We have been on this mission for a couple of years... I don't know if COVID-19 had anything to do with it or not!!!!

CPI Ransomware Attack

(March 5, 2020)
 Electronics manufacturer Communications & Power Industries (CPI) suffered a ransomware attack in mid-January 2020. The infection spread quickly to all CPI offices as the company’s computers were on an unsegmented network. CPI paid a ransom of US $500,000, but is still working on recovering its systems. CPI customers include the US Department of Defense and the Defense Advanced Research Projects Agency (DARPA).

Editor's Note
The root cause appears to be a domain administrator clicking on the malicious link. Controlled use of administrative privileges, including running with the lowest level of privilege is CIS Control 4. Network segmentation, particularly for older operating systems such as XP, is key to not only restrict lateral movement but also mitigate shortfalls in legacy system security.

MVP
MVP

 

AND...

We are looking at adding ARM to SEM!