Agencies lack visibility into privileged users. What else are they missing?

Featured eBooks
The State of Trust in Government
Cybersecurity in State and Local Government
Building Data Literacy in the State and Local Workforce
By Michael Crouse,
Director of Enterprise User and Data Protection, Forcepoint
 

Connecting state and local government leaders

By Michael Crouse

|

By investing in tools that help automate processes, understand user behaviors and manage data and system access, agencies can equip users to securely support their missions.

Agencies today face a new “known unknown.” They’re increasingly aware they lack visibility into employees who have privileged user access to data and systems.

Only 11% of government organizations are “very confident” they have enterprisewide visibility and can confirm that privileged users are complying with relevant policies. That’s according to a recent study, “The State of Privileged User Abuse in United Kingdom and United States Government Organizations,” conducted by research firm Ponemon Institute and sponsored by Forcepoint.

The report raises even bigger questions. If agencies can’t see the users who have access to their most sensitive data and systems, where are their other IT blind spots? Especially in an era of remote work, cloud access and shadow IT, how much technology spend and cybersecurity vulnerability remain unrecognized? And how do new organizational processes impact the people behind the keyboards?

Fortunately, the Ponemon study points to tangible steps agencies can take. By automating manual processes, understanding user behaviors and investing in next-generation cybersecurity technologies, organizations can better manage privileged users and close the cloud-visibility gap.

Placing a premium on cloud visibility

Across government, agencies are expected to retain at least a hybrid model in which large numbers of employees continue to work remotely after the COVID-19 crisis wanes. The Cybersecurity and Infrastructure Security Agency, for instance, notes that “organizations have started planning for more permanent and strategic teleworking postures.”

Strategic planning will be vital, since many agencies were forced to quickly cobble together remote-work practices as the pandemic emerged in early 2020. In the rush, employees may have solved remote-connectivity challenges by using devices, applications and cloud services not approved by IT departments.

The result has been a proliferation of shadow IT, which has implications for employee productivity, IT budgets and, most worrisome, cybersecurity. Cloud storage in particular raises security concerns, as even the most popular services can have weaknesses.

For example, in April 2020 Microsoft patched a vulnerability that let cybercriminals who got access to an endpoint to then increase their privileges and take advantage of Microsoft OneDrive to overwrite files. In August, Google admitted to a shortcoming that permitted users of Google Drive to update an existing file with a new version that included a malicious executable.

All these issues emphasize the need for better cloud visibility. A cloud access security broker can offer an effective solution. A CASB enables organizations to recognize and track the use of cloud applications. Situated between the user and the cloud service provider, a CASB is designed to identify high-risk activities and enforce policies and controls for cloud applications. In the process, it can block account-centric threats, meet compliance requirements and protect sensitive data.

Closing the visibility gap

Like CASBs, other practical solutions exist for government organizations to better manage their privileged users and their cloud environments overall.

    Automate manual processes. Agencies recognize that security threats can originate from social-engineering attacks targeting privileged users and from malicious insiders trying to obtain privileged users’ access rights, the Ponemon study shows. But they acknowledge even greater risks from internal processes. For instance, 73% give employees privileged-access rights that exceed the needs of their role.

    Robust automated tools can help agencies not only understand which employees require what level of access but also monitor and manage that access over time. Always-on enforcement can help them home in on risky behavior -- without creating friction for users legitimately doing their jobs.

    Understand user behaviors. Organizations struggle to detect insider threats. Often that’s because their security tools provide too many false positives (57%), more data than can be reviewed promptly (53%) or insufficient contextual information (42%).

    Behavior-monitoring tools can help agencies root out anomalous user activities that could indicate a potential risk. Behavioral analytics can combine IT data, non-IT information and even psychological factors. Correlating data from sources such as user activity monitoring, data leak prevention tools, HR records, security violation databases, physical access records and identity, credential and access management solutions can identify insider risk. It can also help automate risk mitigation at the endpoint or network edge. The ability to shut down attacks before a breach occurs allows agencies to more proactively reduce their overall risk.

    Invest in next-generation cybersecurity technologies. Organizations clearly need a better handle on employee access to sensitive data. In fact, 44% say access to sensitive information isn’t controlled, and 29% are unable to detect sharing of access rights. Often, agencies rely on manual, time-consuming approaches like monitoring and reviewing log files (43%) rather than next-generation technologies such as threat-intelligence tools (28%).

    Agencies can benefit from a zero-trust cybersecurity architecture that replaces outmoded, perimeter-focused methods with a dynamic, user-centric approach. This modern, continuous-monitoring methodology derives user risk scores from a diverse set of unstructured and structured data applied to access-control points. The goal is to determine whether an individual is trustworthy at a given moment in time. The result is adaptive, risk-based security that gives agencies the strongest security where they need it most.

Agencies will always require some employees to have privileged access to data and systems. And as organizations re-evaluate where work will be performed going forward, many employees will still need remote access to workloads in the cloud.

As the study shows, however, these needs also present risks. By investing in tools that help automate processes, understand user behaviors and manage data and system access, organizations can equip users to support their missions while maintaining critical cybersecurity controls.

NEXT STORY: Zero trust moves from vision to reality

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.