One of the foundational tenets of zero trust architecture is Identity – providing credentials for every person and device – in order to manage access to government systems, whether entering from the outside or moving laterally from within. In other words, identity, credential and access management (ICAM) should be addressed as a whole, not as separate point solutions. This applies across all systems, all platforms, and all environm...

As State and Local agencies pursue their zero trust goals taking into consideration the Executive Order 14028, “Improving the Nation’s Cybersecurity,” it is easy to focus on technology solutions. But that overlooks something fundamental about both the challenge and the purpose of moving to zero trust – the human beings that will use the redesigned systems to better meet their agency’s mission. If a zero-trust impl...

After several high-profile cyber incidents resulting from exploited vulnerabilities, the Office of Management and Budget released a memorandum (M-22-09) in 2022 that requires agencies to adopt a Federal Zero-Trust architecture. This new architecture includes a key element: requiring agencies to meet specific cyber standards, including application security testing, by the end of 2024. Two elements of modern software are growing in importance fo...

For government agencies, case management – delivering services to people and businesses – is the heart of their mission. In almost all cases, however, case management systems have gotten more complicated, more difficult to manage, and more expensive. Agencies today depend on legacy, siloed systems that have changed through kludges, “an ill-assorted collection of parts assembled to fulfill a particular purpose.” Rip-and-...

Federal agencies take seriously the cybersecurity of their IT systems. They must observe numerous federal policies and programs, from Executive Order 14028 on down. Many agencies are far less aware of the need to strengthen the security of their operations technology (OT), the equipment that runs many kinds of systems, including healthcare. Historically, that was less of an issue since most OT systems were closed and standalone. But the intern...

The technology revolution that has reshaped consumer markets has now arrived at the state level. Case in point: the State of Ohio, where state, local and educational organizations are moving quickly to integrate innovative technologies that can drive better decision-making while lowering the cost of ownership for IT systems. Incorporating new technologies also creates opportunities to reimagine the future workforce, for both the public and pr...

When the Cybersecurity and Infrastructure Security Agency (CISA) released its Zero Trust Maturity Model Version 2.0 in April, it identified access management as a core function within the Identity Pillar. Identity is the very first of five such pillars, and brings the need for privileged access management into clear focus. Identity is defined by CISA as “an attribute or set of attributes that uniquely describes an agency user or entity,...

The spread of 5G – fifth-generation mobile communications – across all levels of government is being accelerated by its usefulness in high-speed data transmissions and flexibility in customizing network applications. And the range of applications by government agencies made possible by 5G may only be limited by one’s imagination. Some of the innovations supported by this wireless standard were born out of necessity – at...

Cybersecurity professionals are well aware that the threat landscape they live in is volatile and poses ever-changing threats to the systems they defend. One kind of risk is exploding – attacks on APIs. APIs are such attractive targets because their purpose is to allow two or more applications to communicate with each other. Infecting an API drastically expands the attack surface, but most enterprises do not have transparency into their...

Federal agencies have taken the lead in the public sector’s adoption of cloud computing. It has provided many benefits, including flexibility for applications, cost savings as legacy systems have been phased out, and empowering customers in their interactions with agencies – but it also has opened new methods for cyberattacks, such as corrupting elements of the software supply chain. As a result, data protection is more important t...