Randy Wood, vice president of federal sales at application delivery networking platforms provider F5 Networks (Nasdaq: FFIV), has said federal information technology leaders should prioritize security at the application level in order to protect networks from cyber threats.
Wood wrote that there are three principles in application security that federal agencies should adopt and one of them is to apply multi-factor authentication to network infrastructure devices in addition to applications and users.
“The trend in application access is to trust no one, no connection, and no traffic flow; and relying on advanced encryption and identity management to establish trust, ” he noted.
He urged federal IT managers to monitor encrypted traffic and field Secure Sockets Layer-based inspection tools in an effort to prevent what he called “security blind spots.”
Wood added that federal security personnel should also work to facilitate application access and single sign-on functionalities through the implementation of identity architectures based on network awareness and users.
“Federal agencies must create and deploy consistent, tailored policies and services – on an application-by-application basis – based on risk, context and visibility at the application level.”