Taking in the 2019 NASCIO Conference: How We’re Helping Government Agency CIOs Stay Secure and Compliant

Having just attended and sponsored the 2019 National Association of State Chief Information Officers (NASCIO) Annual Conference in Nashville, I was struck, though not surprised, by the prevalence of security-related themes throughout the event. Many of the discussions among presenters and attendees centered on topics such as ransomware, identity and access management, and how to securely deliver citizen services. When state CIOs and other IT leaders at the conference were asked to list their top concerns, identity management topped the list.

Considering the increased frequency of headlines about security breaches and ransomware attacks occurring at the state and local government level, this should come as no surprise. In NASCIO’s annual survey of state CIOs to identify and prioritize the top 10 policy and technology issues facing state government, “Security and Risk Management” was again cited as the number one priority for 2019, as it has been for the last several years. This concern correlates with several other top 10 priorities among state CIOs, including embracing the cloud, rolling out more digital services, and bolstering identity and access management.

Okta, the industry leader in identity and access management, is highly aligned with these priorities and uniquely addresses many of the challenges that state government IT operations confront. For example:

• We work well with legacy, mobile, and heterogenous IT environments. Okta delivers robust, consolidated identity and access management capabilities, regardless of whether those government digital services rely on older, on-premises systems or modern cloud-based environments—or both. We also work closely with other vendors across the security stack to help agency leaders build strong identity and access security controls into their holistic security programs.
• We deliver comprehensive solutions for citizen and workforce identity management. This includes Universal Directory to manage user attributes; single sign-on to free end users from the hassle of managing numerous passwords; lifecycle management to automate user onboarding and offboarding; and multi-factor authentication to deliver robust security. I should point out that, this summer, the Okta platform was recognized for the third year in a row as a Leader in the Gartner Magic Quadrant for Access Management and placed the furthest for ability to execute and completeness of vision.
• We help dramatically mitigate risks associated with the most common types of user-oriented attacks, including broad-based phishing campaigns, spear-phishing campaigns, credential stuffing, password spraying, and man-in-the-middle attacks. Our solutions, like Adaptive Multi-factor Authentication and Lifecycle Management, help shrink the attack surface as well as minimize the risk of phished credentials, including phishing reverse proxies. Solutions such as Advanced Server Access and API Access Management extend our strong authentication across applications and even to critical parts of the agency’s infrastructure, such as servers and APIs. To learn more about how Okta uniquely mitigates risks of ransomware and other user-oriented cyberattacks, read through Enhance Security Posture for State and Local Agencies whitepaper.
• We help state agencies achieve their goals of providing both robust identity and access management, as well as a rich, modern user experience for citizens, employees, and other stakeholders.
• We help states lower their technical debt by offering a single solution that delivers industry-leading identity and access management for their entire portfolio of digital services.
• We take a comprehensive approach to security and support many of the federal- and state-level security standards and policies, including HIPAA, PIV/CAC cards, FIPS 140-2, and FedRAMP. We can also assist with compliance assessment for Criminal Justice Information Services (CJIS), as they are especially important to state-level law enforcement agencies. Okta can help these agencies meet CJIS requirements by enforcing strong access control, advanced authentication, and logging.

At the NASCIO conference, I heard one speaker make an important insight: security should be viewed like the brakes on a car — they’re not there to stop a car from moving, they exist so the car can go fast. After all, who would go fast in a car if they knew there were no brakes? Likewise, cybersecurity is not in place to prevent or slow digital interaction — it’s there to make sure that digital services and interactions can take place safely.

This is also how Okta views its own mission. Understandably, state governments are placing greater priority on rolling out more digital services, moving workloads to the cloud, and investing in IT modernization to meet rising citizen expectations of how modern government services should look and feel. Okta provides government services with robust identity and access management capabilities that mitigate much of the cybersecurity risk out there. This coverage enables state government agencies to do what they need to do: serve their citizens, employees, and other stakeholders with rich, digital services and experiences.

For details on how Okta assists state governments with their identity and access management needs, check out our Okta for Government page.