Why Innovation Must Account for the Identity Factor An interview with Morey Haber, Chief Security Officer, BeyondTrust The reach of government services hinges on recipients’ ability to prove that they are who they claim to be. However, with the adoption of social distancing practices, the once routine transaction of identification became a logistical and security headache for many agencies. This adjustment particularly impacted departments of motor vehicles and heavily paper-based agencies that had not embraced digital transformation.
digitize workflows, people, processes, policy and automation must work in tandem. For verification processes that are going digital, consider cases that might require human intervention because of complexity or other factors.
2
“You have all of the initiatives around secure ID being used for travel, but there are still some states that are very far behind,” said Morey Haber, Chief Security Officer at BeyondTrust, which specializes in privileged access management (PAM) software solutions. Then the pandemic hit. Not only were many agencies scrambling to prove identities for large swaths of employees needing remote access to administer government services and benefits, but they also had to provide the same electronic services to the public in need of those services. “Employees still had to operate, but could no longer rely on the same security controls as when everyone was located in government facilities,” Haber said.
Embracing the changes was an example of breakthrough innovation for agencies that were forced to adapt. But what can leaders do to sustain and build on this progress?
1
Consider how human intervention can enhance, rather than hinder, workflows.
“The best thing that agencies can do to make security improvements last, and not just that one-off for this year, is to not ignore the checks and balances that they do today,” Haber said. His advice: As agencies embrace cloud and
“I think the biggest trends for agencies moving into 2022 include making the process more convenient for end users to securely consume services and verify their identity when applying and receiving those services,” Haber said.
Identify and develop current capabilities
From a technology standpoint, BeyondTrust partners with governments to address needs around PAM, such as enabling secure remote access for employees and vendors, providing attended and unattended remote support, managing privileged passwords, and enforcing least privilege across the workforce and IT environment.
There’s increased buzz around these PAM security measures and other practices that are facilitating government’s move to a zero-trust security model. PAM is a foundational technology for enabling zerotrust architectures, which aim to enforce continuous authentication and monitoring, implement segmentation and micro segmentation, and limit access to only the amount and duration that employees, applications and systems require. “Consider zero trust as an architecture, not an initiative, and see if the solutions you have can actually make that happen, Haber recommends. “Start with the basics of asset management. You first must know what you have and what you’re managing — computers, applications, resources, and identities. Then, map out your priorities and plan.”
Lessons From State & Local Innovators on the Ground
21
