State governments are responsible for delivering social services, infrastructure and more to their residents. To provide these programs, they must manage considerable resources and hold sensitive information. Unfortunately, state governments face a challenge. The federal government has a long history of programs, technologies, and staff with deep expertise in security through the intelligence and military communities. The state governments don’t have that advantage. Let’s take a closer look at the cybersecurity challenges facing state governments.
Inside the State Government’s Security Management Challenge
What does a successful hack on a state government look like? Take this example reported by Deloitte:
In South Carolina, for instance, sometime in late summer 2012, Eastern European hackers hit servers at the state’s Department of Revenue, sucking up Social Security and credit card numbers in bulk… By the time the state discovered and closed the breach on October 10, the hackers had vacuumed up 3.6 million Social Security numbers and 400,000 credit card numbers.
Think about all the state government agencies that accept payments through credit cards. This includes everything from license fees to fees at state universities and even taxes. Databases of such payment information represent major targets for hackers. Why? There is a ready and willing black market to purchase such data. What would life be like if state governments could avoid such mistakes?
The Dream of Secure State Government Services
When state governments can achieve higher security protection, what will the benefits look like? First, we will see more focused government. State officials will have more time to focus on innovation and service delivery rather than responding to hacking incidents. Second, residents will have one less security concern to weigh on their minds. How do we get there from here? Part of the solution lies in implementing a single sign-on (SSO) solution.
How Implementing SSO Improves State Government Security
Of all the security improvements state governments can make, implementing SSO (single sign-on) is one of the most important. Why? Single sign-on security eliminates time-consuming security administration activities so managers and employees can focus on high priority work.
1) Improve password security without irritating state workers
Question: what is holding back your department or agency from mandating stronger passwords?
You might think that technical barriers are a prime consideration. While those play a part, there is a larger issue. Your employees may resist adopting more complicated passwords. After all, state governments already have to operate under close public scrutiny and regulation. The solution lies in adopting single sign-on (SSO) solution. When you adopt SSO, state employees will have fewer passwords to remember, so they are more likely to accept more demanding passwords.
2) Decrease security vulnerabilities from employee offboarding
When an employee leaves a state government agency, there is much work for managers to do. Managers tend to focus on hiring a replacement for the departed employee and arranging short-term coverage of responsibilities until the role is filled. In the scramble to fill the vacancy, managers may forget to resolve cybersecurity responsibilities relating to access.
Here is the nightmare scenario. A manager fires an employee for misconduct. A few hours after leaving the organization, the ex-employee uses their access to copy sensitive data for private gain. Once information is leaked, it may be sold, disclosed by Wikileaks or end up in the news media. When those events occur, many will point the finger at the state’s cybersecurity managers and wonder what they could have done to prevent the situation. Don’t let that embarrassment happen to you.
How does implementing a SSO solution help with employee offboarding? With SSO, managers can disable a single login and remove the majority of security risk. Without SSO, managers are stuck with the challenge of identifying and removing every system access their employees have. Nobody likes to plan for employee offboarding. However, you owe it to your stakeholders to have tight processes in place for those circumstances.
3) Focus security staff time on high-value issues
The increased attention on cybersecurity issues is a mixed blessing for state government cybersecurity experts. On the one hand, they no longer have to struggle to gain a hearing. On the other hand, they have more security work than they can manage. What if your state’s cybersecurity departments had more time to work on high-risk security matters?
Let’s assume that you cannot easily get an increase in your budget. What’s the alternative? Find ways to increase efficiency. Implementing a SSO solution simplifies the security environment. With Avatier’s Single Sign-On, new users are automatically provisioned with the access they need. If a user’s needs change, they can request those changes on a self-serve basis.
Tip: If your IT security department had five fewer hours of administration per week, just imagine what projects they could take on!
4) Meet reporting and audit requirements easily
Government organizations are under heavy pressure to act transparently and protect the assets in their care. For cybersecurity, many states have specific laws that must be followed regarding reporting. For example, the Georgia Technology Authority has the power to “conduct technology audits of all agencies.” There are similar audit powers for many other state governments.
Beyond audits, states also require reports. In Virginia, “every agency and department is responsible for securing the electronic data held by his agency or department and … shall report all known incidents that threaten data security.” Fulfilling these requirements and reporting incidents requires detailed security records.
The Next Step In Adding SSO to Your State
If you see the value in adding SSO to your state government, what should you do next? Learn how to create a SSO business case so that you can get the funding you need. As you start the project planning process, make sure you avoid these four SSO software implementation mistakes.