President Biden’s Executive Order (EO) on Improving the Nation’s Cybersecurity puts security front and center to address some of the worst cyberattacks against the federal government. To accelerate technology modernization, Section 3 of the EO calls for agencies to expedite the adoption of cybersecurity best practices such as Zero Trust and secure cloud services. It specifically mandates the deployment of multifactor authentication (MFA) and encryption for data at rest and in transit by November 8. These capabilities are not only essential to good cyber hygiene, they help ensure that security modernization efforts are built on a strong security foundation.
Is Your Agency Ready for the Nov. 8 Deadline?
If not, Merlin can help. We have formed strategic partnerships with the world’s best-in-class cybersecurity brands to bring market-leading solutions to our customers. Our research has identified four vendors that can immediately help you with MFA and data encryption requirements: Okta, CyberArk, Silverfort, and Netskope.
Okta – One Trusted Platform to Secure Every Identity
The Okta Identity Cloud is a secure, reliable, and scalable platform that provides comprehensive identity management, enabling agencies to leverage a universal directory to secure their users and connect them to technology and applications, anywhere, anytime, and from any device. Okta Adaptive MFA solves the challenges of legacy, stand-alone MFA products by offering enterprise-grade security and a great user experience through policy-driven contextual access management, single sign-on to on-prem and cloud applications, support for a broad set of modern factors, big data analytics, and built-in integrations to all the apps and VPNs that organizations need to protect. Agencies can use Okta’s out-of-the-box functionality to provide seamless access for an extended workforce of employees, partners, and contractors, or leverage Okta’s user management, authentication, and authorization APIs in their own citizen-facing applications.
CyberArk – Privileged Access Management for Critical and High-value Assets
CyberArk is the global leader in privileged access management (PAM), a critical layer of IT security to protect data, infrastructure, and assets across the enterprise, in the cloud, and throughout the DevOps pipeline. The CyberArk Core Privileged Access Security Solution helps federal agencies centrally secure and control privileged account credentials and access rights, proactively monitor privileged account activity, intelligently identify suspicious activity, and quickly respond to threats. Designed from the ground up for security, interoperability, and scalability, the single-platform solution offers a wide variety of out-of-the-box integrations and automatically provides documented, auditable proof of compliance. Automated rotation of privileged credentials (passwords and SSH keys) and/or just-in-time privileged access eliminates time-consuming and error-prone administrative tasks.
Silverfort – Agentless Multifactor Authentication and Zero Trust
Silverfort offers a revolutionary agentless and proxyless authentication platform that enables government agencies to achieve secure authentication and a Zero Trust environment in a holistic and non-intrusive way. The platform extends multifactor authentication, risk-based authentication, and Zero Trust policies in a unified, AI-driven manner across all devices, enterprise networks, and environments, both on-prem and in the cloud, without modification to endpoints and servers. This includes systems that couldn’t be protected before, such as homegrown applications, legacy systems, IT/OT infrastructure, file shares, command-line tools, machine-to-machine access, and more. Agencies have the flexibility to use either Silverfort’s MFA, or leverage integrations with leading MFA providers (Microsoft, Okta, Ping, Yubico, Duo, RSA, etc.). By monitoring all human and machine access requests, analyzing risk and trust levels, and applying adaptive risk-based authentication policies, Silverfort allows agencies to detect and prevent unauthorized access and identity-based attacks, and achieve compliance with industry regulations.
Netskope – Automatic, Transparent, Powerful Encryption
Netskope leverages advanced encryption and tokenization to provide a powerful layer of protection for structured and unstructured data in the cloud. Netskope encrypts structured data at rest and in transit to sanctioned cloud services through Netskope-native format-preserving encryption. Agencies can leverage pre-built integrations with cloud service providers via bring your own key (BYOK) capabilities. Encryption can also be applied as a policy action with API protection, encrypting selected files stored in sanctioned cloud services like Office 365 and Box. Netskope complies with Key Management Interoperability Protocol (KMIP), allowing agencies to retain control of their encryption keys. Advanced key management technology includes NIST-approved AES-256 encryption and a FIPS 140-2 level 3 certified key management service with a hardware security module. Netskope Encryption operates automatically, transparently encrypting and decrypting data behind the scenes to provide users with safe, seamless access to cloud services.
