The race is over and the results are in. In a recent blog post, Federal CIO Tony Scott reported on the results from the 30-Day Cyber Sprint, highlighting marked federal cybersecurity improvements. Though Scott applauded agencies for their efforts, he underscored that there is still more work to be done. The sprint is complete, but the Marathon is just beginning and the finish line is far from sight.
Prior to Tony Scott’s 30-Day Cyber Sprint, federal agencies' use of two-factor authentication was alarmingly low. As of December, nine federal agencies didn’t require two-factor authentication for privileged users at all and only 42 percent of all users needed smart identity cards to log-on to the network. Lack of such protections leaves sensitive agency data vulnerable and opens up potential opportunities for cyber criminals.
Spurred on by the sprint, agencies have made significant progress when it comes to implementing strong authentication. In fact, 14 major civilian agencies surpassed Scott's goals for privileged user authentication, increasing use of strong authentication for privileged users to 72 percent. While the results show that federal networks are now more secure than they have ever been, federal IT security gaps remain.
So how can agencies keep up the momentum generated by the sprint?
Increased use of two-factor authentication is the first step in a long process towards enhancing government cybersecurity. Agencies need to implement robust identity and access management (IAM) extending beyond multi-factor authentication. Though the cyber sprint focused on HSPD-12 driven personal identification verification (PIV) card usage, we cannot confuse PIV cards with complete access control. Limiting strong authentication to just the device leaves agencies’ applications vulnerable to cyber attack, as bad actors may enter through another route and take a shortcut to win the race. Effective IAM governs data access and ensures not only that the right people have access to appropriate devices, but also the right information, at the right time.
IAM can also play a role in creating a more proactive security environment. Agencies can achieve this through improved visibility and control. With greater visibility into user behavior, agencies are empowered to proactively identify abnormalities that may indicate a potential breach or misuse of sensitive information. Quest offers a robust set of IAM solutions that include access management, identity governance and privileged account management, helping agencies to prevent future cyber incidents with a complete approach to IAM.
What is in store for the next cyber sprint? Cyber efforts shouldn’t stop with IAM. IAM needs to be coupled with complete, end-to-end security, as outlined by the sprint. By emphasizing the need for an approach to security that focuses on a broad range of critical security efforts – from immediately patching vulnerabilities to taking advantage of Next-Gen Firewalls - the sprint set a path towards enhancing government cybersecurity, a path that needs to continue for many miles ahead.
Learn more about Dell’s end-to-end security offerings here.