How agencies can mitigate cyber risks from unmanaged devices

Though agencies loosened “bring-your-own-device” policies last year, they can still stay ahead of cyberthreats by integrating dynamic access policies.
(Getty Images)

The remote work experience over the last year has brought many changes to state and local agency networks. One of the most prominent developments — and of top concern to agency CISOs — is the sheer number of unsecured devices now connected to government resources.

According to a new StateScoop report, government security leaders need the ability to establish flexible security and access controls in order to strengthen resilience against modern threats and adapt more easily to changes in their infrastructure.


Read the full report.

One of the biggest challenges to overcome today is finding a security solution that gives CISOs visibility into every single device accessing their network — especially when so many of those devices are unmanaged, according to Bart Green, vice president of state, local and education at Duo Security, now a part of Cisco.

That is why more organizations are turning to modern, cloud-based security platforms that enable easy control of dynamic policies dictating which devices are allowed to connect enterprise resources, says the report, underwritten by Duo Security.

Green describes how these policies establish non-intrusive security controls, based on certain criteria that establish trust, and which ultimately help organizations lower the cost of security and improve their overall cyber risk score.

He recounts how this January, Cisco and Duo Security benefitted from the efficiency of their own tool when Apple announced a vulnerability in its iOS 14 operating system.

“In a matter of minutes, we set a policy change for all endpoints and devices accessing our network to get the iOS 14.4 update in no more than 48 hours if they wanted to continue to access our system,” says Green, adding that the number of endpoints accessing Cisco and Duo resources were in the tens of thousands.

Whether a user has a managed device or not, dynamic policies allow security teams to establish an enterprise-wide standard for access control. Responsibility is then placed on the user to accept or ignore the terms. Simultaneously, CIOs and CISOs will be able to establish an assurance of trust for devices connecting to the system based on the criteria they set.

“When you don’t have unlimited funds, when you don’t have unlimited support or personnel to build and maintain your IT, you need to focus on what you actually have,” adds Wendy Nather, head of advisory CISOs at Duo Security, in the report.

Though enterprise security controls were traditionally designed on the assumption that IT would deploy and control how technology is used, organizations can no longer afford to manage every device. Nor can they make requests to look into those devices if they are not owned by the organization.

With Duo’s out-of-the box platform, agencies can establish stronger authentication and dynamic policy controls to prevent unauthorized access to both cloud-based and on-premises applications from any device and make sure they are protecting all their data at different classifications, gain visibility across the network and establish trust in devices.

Read more about how your agency can enable secure and compliant security controls.

This article was produced by StateScoop and sponsored by Duo Security.

Latest Podcasts