Data Security Challenges in Government: A Discussion with Michael Saintcross

Presented by BeyondTrust & Carahsoft

This interview originally appeared on Innovation in Government from DoDIIS.

Summary: In a compelling interview hosted with Francis Rose, Michael Saintcross, Sr. Director, Federal at BeyondTrust delves into the complex issues surrounding data security in government agencies, particularly in the context of Defense Intelligence. Saintcross sheds light on the critical need for protecting privileged access to guard against threats posed by nation-state adversaries, as highlighted by recent significant security breaches. He points out the growing internal threats and the amplified risks accompanying the transition to cloud-based systems, which create more vulnerability points. Emphasizing the importance of implementing zero-trust identity controls, as per DoD program office guidelines, Saintcross discusses measures to counteract privilege escalation, advocating for practices like granting privileges on a just-in-time basis, revoking unused privileges, and application whitelisting to mitigate local and shadow admin threats.

Key Takeaways:

1. Emphasis on Protecting Privileged Access: The interview underscores the paramount importance of securing privileged access, both human and non-human, in the face of sophisticated attempts by nation-state adversaries to infiltrate and compromise sensitive data.
2. Rising Internal Threats Amidst Cloud Migration: Saintcross highlights the increased internal security risks and the proliferation of threat vectors that come with shifting to cloud-based infrastructures, necessitating robust protection of mission data’s confidentiality, integrity, and availability.
3. Advocating for Zero-Trust Identity Controls: To enhance defense mechanisms against various security threats, Saintcross recommends adopting zero-trust identity controls. This includes implementing strategies to prevent privilege escalation, such as just-in-time and revocable privileges, and reinforcing security with application whitelisting techniques.