Government agencies are now supporting an expanded remote workforce as everyone does their part to limit the coronavirus pandemic. During this time, agency IT teams must both ensure the continuity of operations and secure access to government resources for both federal employees and contractors.
Zero-trust identity authentication tools that can scale quickly in the cloud offer an effective way to balance a surge in remote user access with the need to manage access privileges, says Sean Frazier, advisory CISO at Duo Security, now a part of Cisco, in a new podcast.
“We now have cloud services so agencies can move very quickly to scale up, scale down services that they need for their telework environment. Zero trust allows us to not forget the security in the bargain,” he explains in a new FedScoop podcast, underwritten by Duo Security.
Frazier provides tips for IT leaders to consider as they look to reprioritize their security tasks to accommodate a surge of workers accessing agency resources remotely:
Prioritize top tasks of remote workers
What are most workers doing in teleworking? Collaborating, says Frazier. He recommends agencies first look at tools like Office 365 collaboration platform, WebEx teams or Slack.
“You look at every technology or every application you’re doing independently and figure out where can I get 80% of my benefit in enabling these technologies to be telework-enabled. Things like single sign-on technologies help, obviously multi-factor authentication is key. Consider that and the basic hygiene of telework security,” he shares.
Frazier adds that CISOs need to take care setting network protection controls, so as not to inadvertently block workers from accessing the applications they need.
Prioritize identity and access management solutions
“We’re in a great spot now where there are technology and open standards coming out to help us solve our security problems specifically around identity. We wanted to get rid of the password for a long time. That was one of the key initiatives around PIV many years ago,” says Frazier.
Looking beyond personal identity verification (PIV) cards, organizations are moving quickly to adopt standards like FIDO2 and WebAuthn, which will be more critical to the enterprise network over the next two to five years, according to Frazier.
Make use of multifactor authentication tools
“A lot of the services and workloads we do are in the cloud. And the attackers are right there with us. They’re kind of in the network neighborhood that we’re in,” says Frazier.
Frazier suggests that agencies need to “make sure you’re applying consistent technologies, like identity protection with multi-factor, endpoint posture assessment. And you need to be able to do this at scale and at speed.”
“You can’t take months to deploy it. It’s got to be able to be deployed and be just as agile as when you’re thinking about continuity, as when you’re thinking about security,” he stresses.
Sean Frazier has worked in technology for 25 years, mostly in cybersecurity. He is a veteran systems engineer dating back to the days of Lotus Development, Netscape, OpsWare and MobileIron before joining Duo Security, now a part of Cisco Systems.
Listen to the podcast for the full conversation on securing the remote workforce. You can hear more coverage of “IT Modernization in Government” on our FedScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by FedScoop and underwritten by Duo Security.