Following the high-profile breach of the US Office of Personnel Management (OPM), which exposed the personal data of millions of Americans, the House of Representatives’ Committee on Oversight and Government Reform issued a report on the attack in 2016.
That report provided an exhaustive account of the events leading up to the breach, illustrating how a hacker posing as an employee of an OPM contractor was able to use false credentials to log into the system, install malware and create a back door into the network—a back door that was exploited for four years before it was discovered.
The report makes for interesting reading for any security professional, and its impact has reverberated across the public and private sectors. Among its key conclusions: It’s time to move federal security efforts toward a Zero Trust model, centered on the concept that users inside a network are no more trustworthy than users outside a network.
Had a model of Zero Trust already been in place, it would have been virtually impossible for the hacker to have gained access time and again over a four-year period. Moreover, a corresponding policy of least access would have severely limited the amount of data the hacker was able to access, even from within the OPM infrastructure.
Zero Trust isn’t a new idea. In fact, the concept has been percolating for some time. But the OPM report reignited the conversation and since then, the approach has been gaining steam, though not rapidly enough. After all, a policy of Zero Trust centered around continuously verifying users and their devices, limiting access and learning from user behavior would likely have stopped this breach in its tracks. Yet, here we still are, years later.
Centrify Talks “Zero Trust” at ICIT Winter Summit
The Zero Trust approach resonates deeply with us at Centrify. It has always been our goal to look beyond the porous, indefensible perimeter to secure organizations with best-of-breed technologies via a unified, identity-focused platform that serves all users and their access to all resources — including apps and infrastructure. This process involves four key elements:
- Verifying the user
- Verifying their device
- Giving just enough access
- Learning and adapting
The Centrify approach to Zero Trust Security is based on our unified platform comprised of privileged access management (PAM), enterprise mobility management (EMM), multi-factor authentication (MFA) and machine learning.
When combined and implemented across the entire organization, these technologies help to ensure secure access to resources while significantly reducing the possibility of breaches. At the upcoming ICIT Summit, Centrify CEO Tom Kemp will provide attendees with an understanding of what Zero Trust Security is, why its adoption is critical, and how it can be achieved.
The ICIT Winter Summit
The 2018 ICIT Winter Summit will be held on January 29 in Arlington, Virginia. The Institute for Critical Infrastructure Technology (ICIT) is a highly reputable and trusted organization whose research is used by security professionals around the globe. Additional speakers will include:
- Ray Letteer, Chief, Cybersecurity Division at the US Marine Corps, who will discuss how technologies that automate decision making and incident response processes are enabling entire sectors to overcome the challenges associated with the lack of financial capital and skilled cybersecurity practitioners.
- Rick Ledgett, former Deputy Director of the NSA will discuss breach response strategies as a critical element of the offensive cyber continuum.
- Jerry Davis, ICIT Fellow and CIO at NASA Ames Research Center will discuss the importance of security-by-design and how the community can effect change in the current paradigm.
Additional topics to be discussed:
- A Modern Definition of Cybersecurity Offense
- Access Management & Derived Credentials
- Risk Mitigation Strategies
- Automation through Machine Learning and Artificial Intelligence
- Securing Hybrid Cloud Environments
- Encryption & Data Protection
The 2018 ICIT Winter Summit will feature influential cybersecurity leaders helping attendees to redefine cyber offense, equip themselves to move faster than bad actors and strengthen their security posture with innovative prevention-focused capabilities.
Visit here for more information about the event.