With the government locking down all federal agency systems until mid-July in what’s being dubbed an emergency “sprint” to get all systems to better meet secure compliancy.
Richard Parris, CEO of Intercede commented on Govt Cybersecurity Compliancy:
“The mandated 30-day sprint by The White House has confirmed that the data breaches of various government agencies have become the rule rather than the exception. Despite years of talk and billions of dollars invested in upgrading the nation’s cybersecurity infrastructure, federal agencies are as prone to cyberattacks now as ever before. According to a recent SCA conference speech by Trevor Rudolph, 52% of federal civilian cybersecurity incidents could have been prevented by strong authentication implementation. The emergency 30-day sprint procedure denoted by The White House is an immediate call for action to implement a gold standard for federal identity and credential access management (FICAM) that can already be supported by the infrastructure in place within the next month – any further delay is unacceptable if we are to keep the information of the nation and its citizens protected.
It is not a case of reinventing the wheel; all federal employees have already been issued with personal identity verification (PIV) credentials. This allows agencies to immediately meet two of the four standards outlined by the sprint: tighter control of “privileged user access” and “multi-factor authentication.” However, this doesn’t address the growing appetite for mobile working from federal employees. The White House need to be certain that this mandated sprint to better secure the federal workplace is not negated by the potential ‘out of control‘ growth of mobile devices. This is where derived credential management plays a key role in addressing evolving working habits through secure mobility. This is not something limited to the federal environment – derived credentials can be applied in any organization with an existing smart card system in place.
Intercede is the first company to offer a derived credential management system to control the issuance, maintenance and revocation of mobile credentials in compliance with both the Federal Information Processing Standard 201 (a response to Homeland Security Presidential Directive 12 that created a common identification standard across federal agencies via smart cards) and the standard’s update addressing mobile deployment. With successful deployments to multiple agencies in both the UK and the US, we can confidently state that the technology exists to quickly reduce the number of breaches that have rocked the foundation of cybersecurity in the United States – now it’s just an issue of deploying the tools at our disposal to stop any further hacks from occurring.”
[su_box title=”Richard Parris, CEO, Intercede” style=”noise” box_color=”#336588″]
Intercede is a software and service company specialising in identity, credential management and secure mobility. Its solutions create a foundation of trust between connected people, devices and apps and combine expertise with innovation to provide world-class cybersecurity.Intercede has been delivering solutions to high profile customers, from the US and UK governments to some of the world’s largest corporations, telecommunications providers and information technology firms, for over 20 years. Intercede’s MyID software is an identity and credential management system that enables organisations to create and assign trusted digital identities to employees, citizens and machines and in turn allows secure access to services, facilities, information and networks. MyID adheres to international standards, while remaining simple enough to be deployed onto consumer devices such as smartphones, tablets and other devices in the Internet of Things.In 2015 Intercede launched MyTAM; enabling trusted applications to be loaded into a mobile device’s Trusted Execution Environment (TEE), providing hardware-level security for Android apps. The cloud-based service provides a cost-effective and convenient way for developers and corporations to protect their apps and users’ sensitive data.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.