Solving the Security Puzzle

Transcription

1 Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big Data technologies is enabling unprecedented collaboration and IT efficiency, which is fundamentally changing the role of technology in the government enterprise. Now more than ever, IT is interwoven into all mission functions, underpinning many aspects of performance and communications. As a result, there are new imperatives to protect information, access and devices at all touch points from both internal and external threats. This white paper unveils best practices and technology solutions that help government agencies minimize the risk of security breaches by proactively closing vulnerability gaps caused by insufficient visibility into user activity, siloed security systems and manual practices. It provides a unique point of view on the current state of security in government based on analysis from leading security experts, new intelligence on threats, and Dell Software s deep experience with all branches of government. Introduction For nearly a decade, the government has been pioneering a standards-driven approach to cybersecurity through initiatives like the Homeland Security Presidential Directive (HSPD)-12 and the Federal Identity, Credential, and Access Management (FICAM) framework. However, as cybersecurity threats internal and external advance in sophistication and increase in frequency, agencies are realizing that compliance doesn t equal security and there is a need to rethink the security lens. Specifically, for years, security has been centered on protecting an organization s perimeter. However, in today s new IT environment, this approach is no longer adequate organizations need to protect themselves from both external and internal threats. This requires a new approach to security, one that protects the user, the data and the device at the same time. In other words, connecting the security dots requires embedding security in all devices, software and systems.

2 We can t accept a status quo in which data breaches are the cost of doing business. Identity and access management provides a strong baseline that must remain a constant for government security. Paul Christman, Vice President of Public Sector Sales & Marketing, Dell Software Many organizations in the public sector face similar security and compliance challenges, and have begun to create context-aware security practices that go beyond reactive responses. Industry best practices and lessons learned can guide government agencies in building the fundamental processes, monitoring and automation mechanisms, and software assurance needed to enhance the resiliency of their cyber defenses. This white paper explores those best practices and solutions to help government agencies improve their security posture. The challenges of managing privileged accounts Privileged users at government agencies have access to a wealth of information and applications, often including sensitive data for critical national security projects. Cyber criminals are well aware of the access privileged accounts provide, making those accounts a prime target for cyber threats. Therefore, it is missioncritical to: Govern privileged access closely De-provision privileged accounts immediately when an employee leaves Audit each privileged account owner s activities Governance Security and compliance requires ensuring that privileged users have access only to the appropriate systems and only for the time period required. But without the advantages of new identity and access management (IAM) tools, agencies often must undertake a painstaking manual attestation process to verify which users should be able to access specific systems. This results in practices that are prone to errors and inconsistencies, and can yield security gaps, such as privileged users sharing administrative accounts with broad powers. Automating governance enables agencies to better manage privileged users access by establishing and enforcing unified procedures and practices based on granularity of access. Governance tools contribute to better policy application by ensuring consistency of and visibility into enforcement. This is particularly critical for privileged accounts that can potentially expose massive amounts of sensitive data or access to applications. Advancements in privileged account governance technologies allow government agencies to solve the challenge presented by privileged accounts in an automated and costeffective fashion, freeing their resources to address actual mission execution. Automated, real-time de-provisioning According to the 2012 OPM Federal Employment Report, approximately 80,000 federal employees enter and exit the workforce each month many of whom have been granted privileged access to IT infrastructure. However, a 2013 study conducted by Dell and Market Connections reveals that more than half of all agencies take longer than one day to de-provision users, and some take as long as one or two weeks (see Figure 1). During that time, terminated employees or malicious individuals posing as those users retain access to sensitive agency information. 2

3 Average time to de-provision a user < 24 hours 4 5 days 47% 1 3 days 26% Source: Market Connections PulsePull TM on behalf of Dell Software, June 2013 Market Connections, Inc. Figure 1. Most government agencies take far too long to de-provision users. Slow de-provisioning is often a result of approaching provisioning in silos or managing it manually. Automating the de-provisioning and governance processes eliminates the time gap between when employees are terminated and when they are deprovisioned, and establishes a clear, unified policy for all users. While automated governance is often included as a part of IAM, it needs to be an integrated part of privileged account management (PAM) solutions as well. Auditing The ability to create an audit trail is critical, particularly for super users and other privileged accounts. Government agencies need this information to comply with statutory and regulatory mandates, and to track irregular activities in order to ensure effective response. 11% 1 2 weeks 17% Without monitoring and automation tools in place to track user activity, an information audit can be a complex process that demands thousands of hours of manpower. This is a significant enough challenge when the audit is conducted for compliance reasons, but it is a serious security problem when agencies need an audit trail to determine why a security breach occurred and respond to the incident the longer it takes to identify a breach, the greater the potential for damage. However, a recent survey by Dell Software reveals that organizations estimate it takes an average of seven hours to identify a threat an unacceptably long time for government agencies. IAM and PAM solutions can keep a record of user activity, simplifying compliance and making it easier for agencies to Automating the de-provisioning and governance processes eliminates the time gap between when employees are terminated and when they are deprovisioned. 3

4 Dell One Identity solutions ensure that you can provide elevated privileges at a highly granular level, through rolebased policies or on an ad hoc basis, without disclosing passwords to the privileged user. quickly identify the root cause of a breach and resolve the issue. Agencies investing in IAM technology should ensure that the solution includes builtin auditing capabilities to streamline management processes and enable swift, targeted response to cyber attacks. Keeping up with the pace of security Government s IT revolution will only continue to change the IT and security landscape. In the coming years, we ll see the impact of cloud and mobile continue expanding, while emerging technologies like the internet of things and wearable tech will add new complexities to securing government networks and data. Security that goes beyond the perimeter to protect data is critical in this IT environment and will depend on a connected approach that combines a strong awareness of external threats with careful management of internal security through IAM, PAM and privileged governance. The problem with standalone privileged account management products As the largest enterprise in the world, government has thousands of employees, many of whom have privileged accounts and access to sensitive government data and apps. Without proper management, this access can end up in the wrong hands, creating a national security threat or revealing citizens personally identifiable information (PII). With stand-alone privileged account management (PAM) products, managers can run a report and understand each privileged user s access. However, this may not give a complete view into their regular, employee access. By connecting PAM products to the governance platform, agency managers can achieve a complete view of systems, files, folders and applications to which privileged users have access. About Dell One Identity The industry-leading Dell One Identity, a suite of products anchored by Dell One Identity Manager, helps civilian agencies and the Department of Defense meet federal cybersecurity demands. The suite optimizes the identity infrastructure already in place through automation and consolidation, while making single sign-on a reality across Windows and non-windows identity repositories. The identity intelligence technology in Dell One Identity ties together identities, roles, rules, workflows, policies and approvals. Dell One Identity gives you all the auditing and reporting capabilities you need for security, compliance and forensic purposes, including keystroke logging and session recording and playback. Dell One Identity products support provisioning, password management and multifactor authentication. Dell One Identity solutions for privileged password management, session management and command delegation ensure that you can provide elevated privileges at a highly granular level, through role-based policies or on an ad hoc basis, without disclosing passwords to the privileged user. The addition of Dell privileged governance solution adds new capabilities, intelligently managing and government privileged user access by automating the system in a single console. Conclusion To ensure security and comply with regulations in today s rapidly changing IT environment, government agencies need powerful identity management solutions, including privileged account management tools. Dell One Identity enables complete control of privileged accounts across systems, including comprehensive governance, automated de-provisioning and enterprise auditing, so your agency can maintain security, compliance and accountability. 4

5 For More Information 2014 Dell, Inc. ALL RIGHTS RESERVED. This document contains proprietary information protected by copyright. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose without the written permission of Dell, Inc. ( Dell ). Dell, Dell Software, the Dell Software logo and products as identified in this document are registered trademarks of Dell, Inc. in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their respective owners. The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN DELL S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document. About Dell Software Dell Software helps customers unlock greater potential through the power of technology delivering scalable, affordable and simple-to-use solutions that simplify IT and mitigate risk. The Dell Software portfolio addresses five key areas of customer needs: data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results. If you have any questions regarding your potential use of this material, contact: Dell Software 5 Polaris Way Aliso Viejo, CA Refer to our Web site for regional and international office information. 5 TechBrief-IAMPAM-US-KS-24049