Risk management and Cyber Intelligence is key to public sector security

Blog By: One Identity

This year the UK government broke new ground in protecting national infrastructure by launching the GovAssure programme. The GovAssure programme promises to be transformative change in government cyber security, by bringing rigour and objectivity to the table.

In short, this initiative aims to audit all government departments by semi-independent entities. GovAssure will use the Cyber Assessment Framework, developed by the National Cyber Security Centre to review the assurance measures all government departments have put in place. The framework sets out indicators of good practice for managing security risk and protecting against cyber-attacks and was designed for making critical national services resilient to threats.

A level-headed approach to cyber security risk

The first main objective of the NCSC Cyber Assessment Framework is managing security risk. This calls for putting appropriate organizational structures, policies, and processes in place to understand, assess and systematically manage security risks to the network and information systems supporting essential functions.

Diving into the requirements of the framework, the theme is quite clear: organisations are expected to develop a deep understanding of the threat environment, the potential impact of attacker actions and the security gaps or vulnerabilities currently present in the system.

Identity in the centre

Recent data shows that around 80 percent of all successful attacks originate with compromised credentials – a surprising number that lead some experts to claim that attackers don’t hack the infrastructure anymore, they just log in!

No wonder identity and access management is core to achieving the baseline set out in the CAF. What’s surprising is how specific some requirements are in the otherwise high-level document: MFA (multi-factor authentication) is mandated for all remote users and all privileged access, with a requirement to regularly review the list of users with access to the systems. Privileged users get a whole section to themselves in Objective “B”, privileged access now requires separate accounts that are monitored and managed, with temporary, time-bound rights.

Expanding attack surfaces

Organizations worldwide are struggling with the trend of attack surface expansion, the trend of an ever growing IT stack adding more technology layers to legacy infrastructure. Most of the time, these new technologies are additions – usually not mature enough to simply replace the existing tech, which means the organization now needs to secure both stacks, usually with the same resources. In the second decade of the cloud revolution, these multi-stack environments are everywhere, and increasingly hard to protect. The expanding attack surface is a very real headache for all organisations, including the public sector.

While there is no quick fix for this phenomenon, recognizing that identity (and access management) has become the new perimeter of the organization does help. By refocusing on identity security and making sure every resource is protected by a zero-trust approach, the attack surface becomes manageable.

Identity intelligence

Identity however is much more than the perimeter of an organization. Since account-based access is woven into every piece of software, identity is increasingly seen as the fabric that brings together all the policies protecting your environment. Identity brings business context and visibility to every level of your IT stack, from applications to infrastructure, from business processes to privileged access from internal to external third parties and your supply chain The ultimate goal is to achieve complete identity intelligence by measuring Key Risk Indicators for access and usage data, detecting anomalous behaviour and gaps in the security posture, and remediating issues with ease. This is how we can reduce risk, restore compliance, and stay safe.

With traditional analytical and statistical technologies, the identity security vendors already achieved much. But with the advent of modern AI and machine learning, new horizons are opening. From enhancing UX to generating advanced log queries to automating complex rulesets with a click of a button, AI can help in lots of ways to bring identity security to every organization.