Last year, the U.S. House of Representatives introduced legislation
for states to develop highly secure, interoperable systems enabling digital identity verification. According to the Better Identity Coalition, the Improving Digital Identity Act
is the first step to ensuring the U.S. is up to speed with the developed world on digital identity. Without secure, accessible, interoperable digital credentials, agencies are put at risk for security vulnerabilities, online fraud, and more. Brandon Shopp, SolarWinds group vice president of product, contributed a recent article to GCN
with a few tips for agencies to get ahead and ramp up their digital verification systems:
- Continuous monitoring. With the proper guardrails in place and procedures to monitor IT systems and digital verification, leaked credentials are much less likely to escape the hands of your agency. The unfortunate truth is one leaked credential can lead to a disastrous cybersecurity breach with many downstream effects. Once a hacker gets their hands on an email account, they can propagate spam and malware moving across the entire agency’s network, leading to agency-wide IT vulnerabilities.
Shopp advises “continuously monitor email domains for exposure” to prevent this from occurring. “They should also set up alerts to ensure they’re immediately notified when credentials are found on the dark web or accounts are compromised,” he continues. “Lastly, they should leverage tools to automatically force password resets before they can be misused.”
- Enforce agency-wide access controls. In a perfect world, agencies would be able to secure every network endpoint with a digital verification mechanism, but this isn’t a feasible scenario with limited resources. As such, most agencies look at the most critical endpoints first to ensure they’re secure. But more must be done.
As more data moves to the cloud, agencies must ensure the growing perimeter is secure. Fortunately, this can be done at scale and in an automated fashion. Shopp says agencies can “better secure their growing network perimeter and cloud-based applications by layering in emerging technologies like secure access service edge (SASE).” According to Shopp, SASE is a cloud service converging security and network technologies into a single platform. Taking a zero trust approach, SASE prevents unauthorized access by layering security on top of the network. Using defined policies, SASE dynamically approves or denies access, eliminating the need for multiple-point security technologies.
- Partnerships. There’s no doubt building a secure, modernized, digital ID system will require collaboration, not only within the government but also with the private sector. In fact, the May 2021 Executive Order on Improving the Nation’s Cybersecurity calls for the private sector to “partner with the Federal Government to foster a more secure cyberspace.” The order calls for the Director of the National Institute of Standards and Technology (NIST) to work with the federal government, private sector, academia, and other appropriate teams to identify existing or develop new standards, tools, and best practices for complying with the standards and procedures for software security. The order also states the private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.
“What this partnership will look like is to be determined, but the Executive Order is an important step toward achieving a collective defense posture,” Shopp says. “The coordinated disclosure of incidents and transparent, prompt information sharing—in a ‘safe place’ free from public shaming or criticism—only helps protect us all.”