Dear Healthcare.gov, Please put Privileged Identity controls on that “surge of techies” before there is a serious information breach

October 30, 2013 John Worrall

By John Worrall

I have no issue staying away from the heated debate about the new healthcare program, but I do feel compelled to chime in on the “surge of techies” the President is bringing in to fix the online enrollment site.  Because frankly, from a security perspective, it feels like the perfect storm.

That being said I have one request for the government:  as you move at warp speed to fix Healthcare.gov, please don’t sacrifice the security of consumers’ personal information in the process.

There is plenty of precedence for security to be sacrificed in the name of expediency – and there is also plenty of precedence for contract IT staff to abuse their privileged access.

Remember Edward Snowden?  He was a contract systems administrator with broad privileges to roam about the NSA unfettered and access confidential government information.

The reality is, application developers, systems administrators, and other types of “techies” being hired will require significant access to consumer data and system resources as they build, fix and test the website.  Without the proper controls and monitoring of these privileged users’ access and activities, consumers’ confidential information will be at risk.

So please, on behalf of those consumers, put the proper tools in place that limit the information the contractors and even employees have access to including privileged account controls to prevent another costly government breach.

Fix the site.  Do it quickly. But please do it with the proper, common sense safeguards on consumers’ information.

Previous Article
Update: Dear Healthcare.gov, Please put Privileged Identity controls on that “surge of techies” before there is a serious information breach
Update: Dear Healthcare.gov, Please put Privileged Identity controls on that “surge of techies” before there is a serious information breach

By John Worrall Update: As soon I clicked “post” on this blog, I knew more information surrounding the fail...

Next Article
Mitigating “IceFog” – another targeted attack group from China
Mitigating “IceFog” – another targeted attack group from China

On Sep. 25th Kaspersky Labs unveiled “IceFog”, a Chinese “for hire” group of Cyber attackers. Let’s take a ...

Gartner Names CyberArk a Leader in the 2021 Magic Quadrant for PAM

Download Now