How important is identity management and authentication for securing Federal networks? It depends on who you ask.
If you ask me, it’s critical. The fact is, the perimeter is no longer the enterprise network firewall. Rather the identity of every person or device accessing corporate workloads and data.
Ask Federal IT decision makers, and they will likely cite other technologies as more critical.
About half of the Federal IT decision makers polled in a recent Ponemon study did not list it among the top eight most effective technologies in improving their agencies’ security posture.
On top of that, only 40% said user behavioral analytics is an effective technology for improving security. That number was not as surprising to me since the connection between identity management and user behavior is a missing piece in cybersecurity.
I would like to see 100% of CISOs citing identity management and behavioral analytics as the most effective technology, and this article looks at why.
Today’s identity complexity
In the last decade, the BIG PROMISE with identity controls is that people can have access to the things they need immediately. The BIG PROMISE with security controls is that someone is monitoring all those users and will stop anyone doing something they shouldn’t be doing.
Those two promises have never come together. And in our complex identity landscape, that is not going to just magically happen.
Think about any federal agency human resources environment: there are remote workers, contractors, partners, and consumers. Technology management includes IoT, APIs, machine2machine, and service accounts—and determining who has access to what and when. All of this results in volumes of data too vast to monitor in real time (without the right tool, but we’ll talk about that later).
Identity management and authentication has become complex.
Security Operations Centers (SOCs) are doing their best to keep up with it. In most agencies, they are looking at what is happening on the network minute by minute. They have dashboards lighting up alerts they need to track down. In fact, the SOC team gets so many alerts a day, most agencies can only triage a single digit percentage of them.
They spend their days hunting, but for what? A squirrel, a deer, or a polar bear? It’s important to know because you hunt each of those animals differently.
I call that being business blind.
Being business blind
Here’s the thing, on the SOC team side, it’s easy to see activity on those dashboards. But without context, it’s not always possible to tell if the actions are risky or malicious. And with thousands of potential flags a day, there is no time to track them all down. Hence the bad hunting analogy.
There are people who do know, however. That’s the team responsible for provisioning and deprovisioning people and so they can perform their jobs. That team, usually human resources, has the business context—person A is a new hire, person B just gave notice, person C is on a contract that is ending in 45 days. They know who should be where, doing what, and when.
But they rarely provide that data to the people in the SOC to aid in security operations—either because they don’t think so or because there is no simple way to do it.
This is a problem.
Without that context, the SOC team is blind. They can’t make the types of reasonable deductions that could prevent a breach.
Think about it. If security operations knows that person C is on a contract that’s going to end in the next 45 days and are therefore probably not going to have a job soon, they may want to start taking the stuff they built for the agency.
And yes, that happens. According to an article in InfoSecuirty Magazine, almost three-quarters of departing employees admit to taking company data. And 70% of intellectual property theft occurs within the 90 days before an employee resigns.
With that context, security operations can be on the lookout for the behaviors that indicate that the contractor is taking something they shouldn’t be taking.
It’s not only departing employees or contractors. You see a new hire poking around in files they should not be in. Is it malicious, or are they just trying to get their payroll information uploaded?
These scenarios are a combination of identity management and authentication and behavioral analytics. Together, they can radically improve an agency’s security posture without requiring an overhaul of the entire enterprise.
Gaining 20/20 Business Sight
Everyone believes security is everybody’s job, but the nontechnical business operations have never had any insight into how to do it. And without the business context, the SOC can only really look at the riskiest of behaviors.
We’ve built the bridge piece between these two functions. So not only does a solution to business blindness exist, it is also easy to roll into your organization. And you can see the value within a matter of six to eight weeks.
By using machine learning and AI, we have removed the barriers to contextual visibility. Now agencies can tap into user behavior patterns to compare people to their own personal history with the organization and with their peers. They don’t have to wait for months when a huge breach is detected. They can see the smaller steps that lead up to the BIG infraction; those small steps criminals take to test the system.
Imagine being able to alert a manager to a potential issue in moments. And then if that user continues with the risky behavior, require the manager to certify the user’s access.
The timing is right with people working from home. Remote work is great for productivity, but a challenge for the SOC. You don’t have the physical indicators of risky behavior, like the person who closes the browser when you walk by. And you have people working in the middle of the night when nobody is paying attention.
Our Private Tenant Managed Service is helping agencies close those security gaps we’re seeing. We like to call it SIEM on steroids.
The tools and technology we use allow CISOs to securely manage the network on-premises and pull logs for SaaS and cloud providers. We’re bringing security control and visibility back to the agency.
You don’t have to deploy anything new. Our tool pulls the data from the services you are already using and collates the data, providing a dashboard view that lets you detect issues and trends in moments. As a subscription, you can try it for two months and then turn it off if there is no value.
That has never happened. One client caught a breach in the first two weeks, paying for the service before they were even out of the pilot phase.
Final Thoughts
The Ponemon research was rich in insights that directly pertain to Federal agencies.
Almost two thirds of respondents had a data breach involving the loss or theft of more than 1,000 records containing the agencies’ sensitive or confidential information within the last two years, and more than half had an incident that resulted in a significant disruption to their agencies’ IT and agency processes.
Those numbers are likely to rise if agencies don’t proactively follow all courses of action that can keep data safe.
And since 61% of the study respondents say it is important to understand human behavior in order to proactively detect risks and secure data to mitigate security risks remote work creates, that means looking at a way to integrate those analytics with identity management and authentication. We can help.
About UberEther
UberEther is a leading technology integrator dedicated to innovating solutions for government clients. Based in Sterling, VA, we specialize in transforming security and access control needs into strategic advantages. Our accolades include numerous awards and recognitions, and we have achieved FedRAMP High + DoD IL-5 Authority to Operate (ATO) for our Integrated Managed Identity Platform. Learn more about our cutting-edge solutions at uberether.com.