In May of 2021, President Biden signed an Executive Order outlining various rules and regulations regarding cybersecurity measures federal agencies and contractors will be required to put into place in order to protect the data of our federal government from cyberthreats. One of the main requirements of the Executive Order states that “The Federal Government must adopt security best practices; advance toward Zero Trust Architecture.” Zero Trust Architecture provides guidance and best practices when it comes to implementing a cybersecurity plan for your organization, but it does not necessarily provide a step-by-step guide on how you should implement a Zero Trust solution.
However, Biden’s Executive Order does give clear orders in regards to a particular security feature that all federal agencies should implement within 180 days of the signing of the order. All agencies must implement multi-factor authentication (MFA). Time and again relying upon simple password authentication has proven ineffective in protecting data and systems from cyberattacks. One of the simplest things that can be done is require at least one additional authentication factor, i.e. implement MFA.
Now exactly what these agencies are doing to meet the MFA requirement by the deadline is not yet clear. Some of their applications might have MFA built in and they only need to enable and require it. But this can provide an inconsistent and frustrating experience to their users. Having to provide MFA and perhaps different MFA options each time they access a different application can become incredibly time consuming to users. In fact, Jimmy Fallon recently did a bit on how MFA can become out of control at times. Now even though some of the experience he acted out was exaggerated, everyone can relate.
BUT, MFA does not have to be a time consuming and frustrating experience for users. Platforms such as Identity and Access Management (IAM) systems can provide a single interface for users to log in to using a password and an additional authentication factor. From there, an IAM solution can be configured to connect to all the applications and systems that the user needs to do their job. With a simple click on a tile from within a central portal, the users can be automatically logged in to the application they need. All they need to do is log in securely (i.e. with MFA) to the main portal and from then on they don’t have to worry about providing any additional credentials.
By adopting an IAM solution such as OneLogin, all federal agencies can easily meet the requirements of Biden’s Executive Order regarding Cybersecurity. MFA is core to building a Zero Trust Architecture and implementing a centralized IAM solution to control MFA requirements and all logins is the first concrete step these agencies can take towards their Zero Trust goals.