By Michael Chertoff, Executive Chairman and Co-Founder of The Chertoff Group and secretary of homeland security from 2005 to 2009
Recognizing the importance of identity in securing critical IT assets, the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program focuses improving federal identity governance capabilities so agencies have greater visibility into the users on their network, the attributes those users maintain, and the accounts they are authorized to access. The Report to the President on Federal IT Modernization also calls for an evolution in IT investments — moving from traditional perimeter security protections to an emphasis on defense-in-depth capabilities that will “prevent malicious actors from moving laterally across linked networks” with the ability to access large amounts of information.
The transient nature of the federal workforce and the complex web of employees, vendors, and contractors involved in critical missions make identity a fundamental component of an overall strong federal network security program. Federal agencies struggle with an excess of “over-privileged users” — individuals with access to more resources than are necessary to perform their job functions.
Identity governance solutions such as SecurEnds CEM provision users to access the right applications and revoke that access when it is no longer needed. They help organizations define and enforce user-access policies, such as separation-of-duty (SoD) and automate the process of reviewing user-access rights across the organization by initiating campaigns for business managers to approve or revoke access as part of a centralized governance program. These processes limit the extent to which identity presents an exploitable threat vector among attackers looking to disclose sensitive employee or classified data.