Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.
Identification seemed like an easy topic back in the day. The server was down the hall and people would come into work at 9 a.m., use their credentials and access information.
This week on Federal Tech Talk, Kevin Orr, vice president at Cyber Ark, takes a look at this simplistic (and historical) system and compares it to a federal government rapidly going to the cloud, with 90% remote workers. Where are the credentials stored in a cloud world? They could be stored locally, embedded in scripts, or even in metadata. If a misconfiguration takes place it may allow attackers to steal an identity and move through the network.
To this hot mix we also must add Robotic Process Automation where nonhumans get privileged credentials. Let us not forget hybrid networks, contractors, and the explosion of internet of things devices that have network access. Some estimate that by 2030 there will be a projected 25.4 billion IoT devices connecting to networks.
When you wrap this all up in securing federal data through a forest of regulations, the simple act of identifying who is on the system is complex.
Orr suggests that the perimeter is dead and every agency should take a security first approach. His organization has been around since 1999 and has proven experience in the commercial community that will allow federal information professionals to be able to understand the seemingly simple topic of identification.