Morey Haber, chief technology officer and chief information security officer at BeyondTrust, said government agencies seeking to protect remote devices used by employees who are teleworking due to the COVID-19 pandemic should implement cloud-based security tools and privileged access management.
“Cloud-based tools can monitor a managed resource more effectively in all environments,” Haber wrote. “With that always-on approach to security, IT administrators can see and respond to potential threats in real time as they arise.”
To secure access to databases, applications and networks, agencies should “secure privileged accounts and credentials by adding a layer of complexity, never exposing the password to the user and rotating credentials after each use,” he said.
Haber called on agencies to safeguard remote access pathways that link to the company’s network, implement the least privilege and ensure that precise privileges are only provided to every session or endpoint for a limited time period to carry out an authorized activity.
He also noted that agencies should protect the telework environment from security vulnerabilities by using platforms from “trusted vendors that understand the challenges facing government agencies and are certified against the appropriate security controls.”