Dear Healthcare.gov, Please put Privileged Identity controls on that “surge of techies” before there is a serious information breach
| Uncategorized |
By John Worrall
I have no issue staying away from the heated debate about the new healthcare program, but I do feel compelled to chime in on the “surge of techies” the President is bringing in to fix the online enrollment site. Because frankly, from a security perspective, it feels like the perfect storm.
That being said I have one request for the government: as you move at warp speed to fix Healthcare.gov, please don’t sacrifice the security of consumers’ personal information in the process.
There is plenty of precedence for security to be sacrificed in the name of expediency – and there is also plenty of precedence for contract IT staff to abuse their privileged access.
Remember Edward Snowden? He was a contract systems administrator with broad privileges to roam about the NSA unfettered and access confidential government information.
The reality is, application developers, systems administrators, and other types of “techies” being hired will require significant access to consumer data and system resources as they build, fix and test the website. Without the proper controls and monitoring of these privileged users’ access and activities, consumers’ confidential information will be at risk.
So please, on behalf of those consumers, put the proper tools in place that limit the information the contractors and even employees have access to including privileged account controls to prevent another costly government breach.
Fix the site. Do it quickly. But please do it with the proper, common sense safeguards on consumers’ information.