New OPM Security Strategy Expands Monitoring and Widens Two-Factor Deployment
While there’s plenty of dismal news unraveling in the wake of the epic OPM breach, there’s a lot of positive learning to be had as well. The agency released an OPM Cybersecurity Action Report outlining specific steps they planned to take to remediate and strengthen their internal security posture.
The first action listed is to complete deployment of two-factor authentication, extending the implementation beyond all privileged users to include unprivileged users as well. As of the end of the second quarter of this year, about half of unprivileged users were using two-factor authentication, according to the news update. The agency intends to accelerate and widen deployment to all of their users by August 1.
Facebook is another large organization that initially deployed two factor to protect their engineers and production environments, as well as their financial and remote corporate VPN systems. Today, they’re migrating away from token-based two factor to a cloud-based solution that allows them to easily expand and support more than 10,000 employees.
One concern related to expanding two-factor authentication to all users, not just privileged ones, include inconveniencing users that frequently log into different applications during their workday to do their job. However, an advanced authentication solution can allow you to set different use policies and controls for different users.
For example, you could set up a policy that requires your marketing and sales teams to complete two-factor authentication only once every 30 days, as long as they log in using a trusted device or network. This is more convenient for your users that don’t have privileged access to sensitive company information; ensuring quick, easy and secure access - a double win for both your overall security and business productivity.
An advanced authentication solution also allows you to set up a separate policy to ensure that privileged users that log into systems containing sensitive data, like, oh say, the personal data of 16 million people are required to complete two factor every time.
Another action the agency is taking is to expand continuous monitoring via the Dept. of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) program, in addition to mandating continuous monitoring of contractor systems.
Nextgov.com reports that investigators can’t gauge the extent of the government and their contractors’ hacks since they didn’t have sufficient computer logs. Although they do know a contractor’s employee login was stolen, the contractor is not exactly sure how the event is linked to the OPM breach since they had no logs to analyze after the fact.
This is another example of a security best practice they failed to implement, and its effects are felt long after a breach. To help your security team detect, identify and remediate security incidents, an advanced authentication solution should have detailed security logging capabilities to report on your users’ authentication activity. Logs can be difficult to parse, but a quick at-a-glance dashboard can tell you where your users are logging in from, when, and with what device, and from which network.
Find out more about how two-factor authentication can help reduce the risk of a data breach, and the different solutions available in our Two-Factor Authentication Evaluation Guide.