As CIOs push to secure the surge in remote workers at agencies, they also have an opportunity to deploy future-ready security solutions that can be quickly implemented and managed from the cloud, say IT experts in a new podcast.
It’s a particularly difficult time for government agencies, some of which have moved to almost 100% remote work over the course of days. The number of users accessing their networks and applications from outside the organization’s perimeter has created an urgent problem, says Bart Green, vice president for SLED at Duo Security.
As IT leaders consider the security tools available to them, they are going to want to look for “technologies that are going to be that connective tissue to the next generation,” says Sean Frazier, advisory CISO for Federal at Duo Security. “So, the next time you evaluate that application, it may not be an on-prem application. It may make sense to go to a cloud-service provider. But you want that consistent security, so the end-user experience really doesn’t change.”
State, county and municipal agencies can accelerate their overall security efforts, while addressing the immediate surge in demand, using easy-to-deploy, cloud-based identity and access management platforms, the two IT experts say, in a new podcast series on “Speed to Security,” produced by StateScoop and underwritten by Duo Security:
What are essential steps to secure remote workers?
Green outlines three steps for agencies to secure their workers. First, “develop a list of those critical applications that your users are going to need access to things obviously like email, anytime like ERP systems if you got thinks like permits and licensing solutions.”
Second, focus on how workers access agency resources. “Are they going to come directly into the application for things like cloud applications? Do they need to go through a VPN? Do they need to go through a single sign on solution?”
Lastly, IT leaders need to consider where to apply multi-factor authentication to safeguard how remote workers gain accesses to those applications, he explains.
Three aspects of a modern security tool
Green also recommends essential capabilities that IT leaders should look for when evaluating identity and access solutions, first being speed. “Make sure that the solution can solve all of your use cases, just not single use cases,” he says.
Second, Green says, “you want to make sure that the modern solution is going to have open API’s that’s going to allow organizations to connect quickly to these applications. So, they’re pre-built and ready to go — you just need to configure the solution.”
Third, Green shares, “you want to make sure that the user authentication is the same no matter what application they’re accessing. They want the user experience to be the same for a cloud application as it would for an on-prem application, a VPN or a single sign-on.”
How agencies can fast-track security
Frazier recommends that agencies look to partnerships to help them develop strategies to build out modern security.
“You need someone to say the technology we’re applying today is not a dead-end technology. What we’re doing is building a framework, or a building block, where we can build other innovation on top of that. A good example would be password-less authentication,” Frazier says.
These partnerships are helpful when an organization wants to move quickly, Green says. A recent example: A university with a legacy solution in place needed to roll out a multi-factor authentication solution to new applications and new users.
“We spent a Saturday, helping them configure to multiple solutions, got it all set up, helped them set up in a test environment with some test users to get everything off and running. That following Monday they rolled it out, and now they have over 2,000 remote employees utilizing the system today across multiple applications and solutions,” Green shares.
Bart Green has more than 20 years of experience in public sector technology, including executive roles and J.D. Edwards, Lawson Software, Workday and most recently Duo Security, now a part of Cisco Systems.
Sean Frazier is a veteran systems engineer dating back to the days of Lotus Development, Netscape, OpsWare and MobileIron before joining Duo Security.
Listen to the podcast for the full conversation on modern IT security solutions. You can hear more coverage on the “Speed to Security” series on our StateScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by StateScoop and underwritten by Duo Security.