Darren Guccione is CEO of Keeper Security.
In February 2016, the White House announced the Cybersecurity National Action Plan, which aims to increase federal cybersecurity funding by more than a third to over $19 billion. One of the key components of the plan was a partnership with the National Cyber Security Alliance called the “National Cybersecurity Awareness Campaign” that will focus on educating consumers and federal employees about how to protect themselves through multifactor authentication.
In an editorial in The Wall Street Journal, President Obama stated, “We’re launching a new national awareness campaign to raise awareness of cyber threats and encourage more Americans to move beyond passwords—adding an extra layer of security like a fingerprint or codes sent to your cell phone.”
A major part of this initiative will include changes to how the federal government will take steps to safeguard personal data in online transactions between citizens and the government through multifactor authentication and identity proofing to reduce reliance on Social Security numbers as an identifier of citizens.
Here are three significant ways the government can integrate multifactor authentication into their activities surrounding the Cybersecurity National Action Plan:
Integrate Multifactor Authentication Capabilities Into Hardware
The White House is proposing a $3 billion fund to kick-start an overhaul of federal computer systems. As part of this upgrade, the government should be thinking about how their new technology will include strong authentication tools, such as biometric scanning and Internet of Things sensors.
For example, imagine how much more efficient high-security financial processes could run within the government if employees could use information determined by physical elements of the user’s body, such as a fingerprint or retina, or proximity to wireless devices, such as a smart thermostat, smartwatch or Wi-Fi network.
Provide Multiple Options for Multifactor Authentication
As the White House gets ready to name its first federal chief information security officer, he or she must consider how to provide the most options possible for multifactor authentication integration to encourage accessibility and customization within specific agencies.
At the moment, there are many forms of two-factor authentication options available to businesses including SMS text messages, RSA SecurID, Duo Security, Google Authenticator and more.
Will the government choose to integrate with an existing service or create its own?
No matter what, it will be important to provide many different options to suit different workplace scenarios. As the authentication program becomes more sophisticated, the government could even explore how to use employee personal devices, such as a smartwatch, to confirm identity.
Work with the DevOps Community to Open Source Multifactor Authentication Integration
Recruitment of IT talent continues to be a major initiative in the federal government. As more talented individuals enter the government workforce to work on authentication efforts, APIs and app development standards will become increasingly essential for mass adoption and customization.
This move to increase emphasis on multifactor authentication comes at a critical time of digital transformation within the government and beyond. IoT makes access management much more of a complex issue and two-factor authentication will add more convenience and additional layers of security.
A blended approach to security via password management, employee education and multifactor authentication remain as the best ingredients for success.