Identity Access Management and the State of CISOs: Where We Are Now

Arlene King
December 13, 2018
Topic: Government

State governments are the guardians of valuable, sensitive data about their citizens, their employees and their operations. From tax and voter information to employee credentials and department files, all of that data is potentially at risk on many fronts.

It’s no secret, for example, that voter data is vulnerable to attacks by hackers. One recent report found that more than 35 million voter registration records from multiple states had been breached and put on sale at a popular Dark Web hacking forum.[1] Another report found that the computer systems of state governments of Colorado, Connecticut and North Carolina were the victims of ransomware hacks.[2]

Employee data is at risk, too. Recently, the email accounts of 12 state government employees in Kentucky were hacked.[3] This was of particular concern, because the incident affected the accounts of employees at the Department of Revenue, which maintains highly sensitive financial records for citizens.

 

The important role of CISO

According to the National Conference of State Legislatures, all 50 states have created the role of chief information security officer (CISO) “to establish, oversee and facilitate a statewide security management program to ensure information is adequately protected.”[4] And more and more states are implementing state identity credential and access management (SICAM) programs. The National Association of State CIOs (NASCIO) has produced a comprehensive guidance document for implementing a SICAM program.

 

The need for Identity management

State and local agencies have an average of 30 or more applications for employees to manage.[5] That same study found that nearly half (45%) of IT leaders at state and local governments expect more citizen-facing applications will emerge in the coming years, which means more sign-on experiences to manage.

So, where are we? While awareness of cybersecurity threats is growing, adoption of privacy and enterprise Identity Access Management (IAM) solutions are lagging. According to the 2018 Deloitte-NASCIO Cybersecurity Study,[6] with nearly a third of CISOs report monthly to state officials on cyber risk issues. Yet the StateScoop study found that implementation of Identity Access Management (IAM) is slow, with only 28% of IT officials indicating that their states have implemented IAM tools.

With the recent elections, at least 20 states elected new governors and, as is typical, with a new governor comes the likelihood of a shake-up at the state IT level.[7] This can, unfortunately, stall progress on implementing IAM policies.

 

The role of RFID

According to the Deloitte-NASCIO study, CISOs at many state governments are aiming their focus on implementing multifactor authentication, federated IAM, and privileged identity management solutions. Many state governments concerned with secure authentication of employees will turn to solutions that incorporate RFID readers to help in solving these issues.  Leveraging existing ID credentials, an IAM solution that incorporates RFID readers can be quickly and easily deployed.

To meet the IAM requirements of any state government, a solution must provide error-free identification with flexible configurations and multiple form factors.  An IAM solution consisting of partner software and RF IDeas readers, locks down access controls, simplifies the sign-on process and establishes privileged access.

 

For more information, visit www.rfideas.com/solutions/applications/identity-access-management

 

 


[1] https://www.komando.com/happening-now/498324/hacked-tens-of-millions-of-us-voter-records-are-being-sold-on-the-dark-web-what-this-means-to-you
[2] https://statescoop.com/three-ways-state-governments-are-approaching-cybersecurity-well
[3] https://www.courier-journal.com/story/news/politics/2018/09/21/hack-attack-compromised-some-kentucky-state-email-accounts/1352421002/
[4] http://www.ncsl.org/research/telecommunications-and-information-technology/state-statutes-creating-chief-information-security-officer-ciso-positions-in-state-government.aspx
[5] https://statescoop.com/agencies-provisioning-more-applications-should-consider-cloud-based-iam-says-expert
[6] https://www.nascio.org/Portals/0/Publications/Documents/2018/2018DeloitteNASCIOCybersecurityStudyfinal.pdf
[7] http://www.govtech.com/pcio/All-the-States-with-New-Governors--And-Maybe-New-CIOs.html