2. Deploy Essential Identity and Access Management Controls
Once an agency has foundational security controls in place, it can move on to building out the core elements of an IAM program: PAM, single sign-on and adaptive authentication.
PAM is often seen as the most critical element in reducing cyber-risk and achieving a high return on security investments.
Establishing a single sign-on service provides identification, authentication and authorization services for the enterprise. Moving legacy applications to an agency SSO improves the user experience and adds the protection of adaptive authentication.
3. Operationalize the Agency’s IAM Program
Agencies with mature IAM programs can then turn to a program maturity model to adopt continuous improvement over time. They can embrace zero-trust security, introduce identity governance controls, apply least-privilege and role- based access, and advance to continuous adaptive authentication.
This continuous improvement phase also introduces fresh opportunities to automate identity governance and privileged account management processes. IAM specialists should leverage the knowledge of all subject matter experts.
MORE FROM STATETECH: Assessing IAM policies is critical for agencies.