Page 31 - FCW, Nov/Dec 2017
P. 31
The second step is instituting multifactor authentication at all times and on all devices. It typically includes at least two of the following: something the user knows (a password or PIN), something he or she has (a smartphone or Common Access Card), and something he or she is (a fingerprint or retina scan). Multifactor authentication is
critical to ensuring identity and can dramatically improve security.
Third, it’s important to grant conditional access to devices and data. Only devices deemed to be healthy— meaning not infected—can be used to access agency data. In addition, users should have conditional access to information based on their roles and security privileges. For example, if User A sends an email message to User B, the system should block the message if User B does not have the appropriate privileges to view the information in it. The system would then report that User A tried to send a message to someone without the right privileges so an administrator knows that he or she tried to circumvent a security policy.
It’s also important to have consistent logging
and telemetry on all data sources and regardless of whether data is at rest or in motion. That approach applies not only to the network layer, but also to the application layer and the platform itself. Examples include event and application logs, log data from all security devices and solutions, API calls, and user activity logs. With the right tools, security data can be constantly collected, measured, and analyzed
so that administrators can quickly be alerted
about anomalies.
“Telemetry and logging data are important because they allow you to measure the effectiveness of your cybersecurity and know that
the countermeasures you have put in place are functional and operational,” says Matt Rathbun, chief information security officer at Microsoft Azure Government. “It also enables you to measure threat actions to see whether or not
Cybersecurity Best Practices
Effective cybersecurity requires more than cutting- edge tools. Here are some important best practices to keep in mind:
• The most sophisticated technology won’t do its job if your environment isn’t ready for it. Prepare your environment by federating identity, enforcing multifactor authentication, upgrading outdated IT infrastructure, and updating and patching systems and software.
• The biggest threat to effective cybersecurity is rigidity. Understand that environments and threats change, and be prepared to adapt.
• Diversity enhances security. An environment
that is dependent on a single vendor, hardware platform, or piece of code creates more opportunities for significant problems and failures.
• Faster detection of breaches is crucial. It might be hard to believe, but the average time between a breach and its detection is more than 170 days. With that type of lag, it can be difficult to control or even know the extent of the damage. You can dramatically shorten that time by adopting a comprehensive approach to cybersecurity and using powerful tools such as big-data analytics.
Sponsored Content
Zenzen/Shutterstock/FCW Staff