Posted by GovernmentMatters on May 28, 2019:

Lt. Gen. Bob Ferrell (USA, ret.), former Army CIO and vice president of public sector strategy at World Wide Technology, and Scott Smith, managing director at Sila, discuss the updated identification guidance from OMB, and what it means for security at agencies.

The Office of Management and Budget has a new policy for managing credentials in the federal government. According to a memo, the changes to the Identity, Credential and Access Management policy will add some bots to the list of privileged users at agencies. Lt. Gen. Bob Ferrell (USA, ret.), former Army CIO and vice president of public sector strategy at World Wide Technology, says that the changes reinforce the need for risk management in security.

“[Identity management] is really key for good security, But as you look at the evolution of change when it comes to moving to the cloud as well as mobility, that policy needs to change. It is kind of really outdated,” Ferrell said. “When you look at identity management, what the memo says is that we need to do the risk assessment, risk management, if you will, when it comes to looking at security. It is really outlined in the SP800-63 NIST-wise.”

Scott Smith, managing director at Sila, says that the concept of the “dissolving perimeter” means that verifying identity has become one of the most important concepts in securing networks.

“Identity is the new perimeter. There’s nothing wrong with having firewalls and various gates to keep outsiders on the outside. But the importance of the identity and managing the lifecycle of the identity is very clear. It comes through in this guidance,” Smith said. “The CDM program… large federal contract, it is looking into the foundational elements around, what is on the network, who is on the network, what are those users doing? This guidance dovetails nicely into that CDM program.”

  • Innovate At The Edge With Intel-Based Red Virtual Central Office

    WWT has collaborated with Red Hat to build the Red Hat Virtual Central Office (VCO) solution that provides a blueprint for modernizing service provider operations at the network edge via an open, software-defined infrastructure platform.
  • Deploy New Services More Efficiently With The Next-Gen Central Office

    WWT’s NGCO solution enables service providers to increase agility and operational efficiency to improve customer service and reduce costs.
  • Reduce Costs, Enhance Flexibility With White Box Solutions

    Global service providers are under immense pressure to transform into more agile operators while continuously driving costs out of their business models. White box stand as a solution to accomplish both and best position service providers heading into the competitive 5G economy.
  • Next-generation Firewall Workshop

    WWT’s Next-generation Firewall (NGFW) Workshop can help identify and install the right firewall platform for your business.
  • Patch Management Assessment

    WWT's Patch Management Assessment evaluates and improves your organization's ability to fix bugs and other vulnerabilities in a workshop setting.
  • Security Incident Tabletop Exercise

    WWT's Security Incident Tabletop Exercise is a workshop designed to help your business improve its response to and recovery from cybersecurity events.
  • Red Hat VNF Certification

    Virtual Network Functions are critical to NFV deployments. WWT is partnering with Red Hat to validate the functionality of leading OEMs' virtualized Evolved Packet Core (vEPC) and virtualized IP Multimedia Subsystem (vIMS) solutions installed on Red Hat OpenStack Platform version 13.
  • Patch Management as a Service

    WWT created Patch Management as a Service to close the gap between knowing about vulnerabilities and actually patching them.
  • ServiceNow Automation & Orchestration Brochure

    Leverage WWT's ServiceNow Automation & Orchestration expertise to accelerate your company's ServiceNow journey. Our ITSM practice and Services Catalog of more than 50 no-touch automations can help you get the most out of this exciting technology.
  • 2018 Professional Services Commercial Rate Card

    WWT presents our 2018 Professional Services Commercial Rate Card. Please note that the price points listed do not take into account the impact of travel hours and budget costs.
  • WWT & Syncurity Patch Management Overview

    WWT and the Syncurity IR-FlowSOAR platform solve the patch management challenge with a comprehensive solution that delivers rapid response and reduced cyber risk.
  • Host-based Segmentation Pilot

    Implement segmentation protection with a host-based pilot capability and demonstrate success in 90 days.