If your agency doesn’t have an identity and access management (IAM) strategy, it should. IAM strategies cover the policies and technologies agencies use to ensure the right entities are accessing the right resources. Without strong IAM, agencies may be vulnerable to disruptive security incidents.
For evidence, look at users. Most users have a login and password, and the government variety is no exception. If cybercriminals steal these credentials, the resulting breaches can interrupt agencies’ missions and leave the public without critical products and services.
On Wednesday, during GovLoop’s latest online training, three government thought leaders explained why agencies should immediately draft IAM strategies. The group featured:
- Lester Godsey, Chief Information Security Officer (CISO) for Maricopa County, Arizona.
- Michael Hulisz, a Solutions Engineer for OneLogin, Inc., a cloud-based IAM provider.
- Sid Joshi, a Solutions Architect for Amazon Web Services (AWS), an on-demand cloud computing platform provider.
The trio shared three reasons why identities – and the access and security issues related to them – are more important than ever:
1. Rising cybercrime
Cybercriminals are the bad guys for a reason – they will attack agencies regardless of how it impacts other people.
Unfortunately, the COVID-19 pandemic has made agencies do more with less. For every public demand, agencies may have tighter budget, workforce and technology constraints too.
“We are seeing a huge spike in cybercrime, especially after COVID-19,” Joshi said. “Think of everything that can access your network as an identity.”
Whether computing entities cover devices, users or something else, cybercriminals have numerous weaknesses to exploit.
IAM plans can make crime harder for cyberthreats by explaining how agencies manage and secure the identities under their watch.
2. More hybrid work
Today, hybrid work mixing on-site and remote employees seems routine. While hybrid work is convenient, this arrangement can leave agencies with many new identities to handle.
“If you haven’t addressed or accounted for identity, you’re really doing yourself a disservice,” Godsey said.
Why does robust IAM matter for hybrid work? The answer is endpoints. Endpoints are the devices like laptops and smartphones that connect to agencies’ networks. With more people working from home, the number of endpoints agencies must defend is rapidly growing.
3. Potential process improvements
Refining public-sector operations is perhaps the best reason for creating comprehensive IAM strategies.
“Identity is not solely a security issue,” Godsey said. “It helps government employees by helping our residents.”
Both employees and constituents have identities to manage, so streamlining IAM governance can help agencies satisfy both demographics.
The bottom line
Once agencies have an in-depth IAM strategy, there is less risk, more security and smoother operations.
“The beauty of an identity and access management solution is that it helps simplify and streamline access, security and compliance programs,” Hulisz said.
This online training was brought to you by: