Skip to main content

Implement Access Control and Encryption

Learning Objectives

After completing this unit, you’ll be able to:

  • Describe how to protect public sector data with access controls and policies.
  • Explain the importance of implementing strong authentication.
  • Define account management.
  • List considerations for implementing least privilege.
  • Identify the importance of account maintenance.

Access Control

Public sector data is a powerful resource that can be used to deliver services to citizens, and improve government functions and capabilities. But it also must be protected. Access control is one tool your organization can use to manage who is authorized to access public sector data and resources in the cloud. Examples of access controls for public sector data in the cloud are as follows.

  • Develop, document, and disseminate an access control policy.
  • Assign account managers for information system accounts.
  • Employ automated mechanisms to support the management of information system accounts.
  • Require that users logout after a defined period of inactivity.
  • Restrict the use of shared groups and accounts.

Secure access control in the cloud typically uses technical enforcement policies to provide fine-grained control over who has access. This works by associating a user or role with context-specific conditions to determine what access to grant, and verifying a user is who they claim they are. Identity and access management processes including strong authentication, account management, and least privilege can help better secure public sector data in the cloud.

Let’s dive deeper into a few of these topics.

Identity

Access control starts with strong identification policies and processes, through a combination of identity proofing, background checks, and more. Enrolling and verifying user identities is a key process before granting them the right level of access to workplace systems and information. Central to this is a process known as identity proofing, in which an applicant provides evidence reliably identifying themselves, such as a passport, driver’s license, or fingerprint. The level of identity proofing necessary is commensurate with the sensitivity of the data that the user accesses.

Strong Authentication

Whether you work at a public sector organization or a cloud service provider (CSP) providing services to a public sector organization, always implement strong, multitiered, multifactor authentication (MFA) to access all environments—but especially production environments. 

Note

MFA requires the use of two or more different factors to achieve authentication. The factors are defined as (i) something you know (for example, a password or a personal identification number (PIN); (ii) something you have (for example, a cryptographic identification device or token; or (iii) something you are (for example, a biometric). For example, the US federal government uses Personal Identity Verification (PIV) cards and the Department of Defense (DoD) Common Access Cards.

A public sector employee inserting a PIV card into a laptop and typing in their PIN on the screen to log in

Authenticator Hygiene

It’s critical that your organization’s information systems can uniquely identify and authenticate organizational users who access public sector data in the cloud. Use passwords, tokens, or biometrics—or in the case of MFA, some combination of these—to authenticate. 

Password sharing and password reuse pose serious security risks, especially with your work passwords. When you share passwords, you lose access control over your account. And if you reuse your password for other services, your work account can become compromised if those services are hacked. To make your life easier, consider using an organizational-approved password manager and protecting it with a unique, strong password. 

It’s also important that your organization audits information systems for password changes, failed logins, administrative privilege usage, strong authentication credential usage, or third-party credential usage. 

Account Management

With account management, you can tie a specific person to an action made while logged in to a cloud environment containing public sector data. Your organization should have policies in place that detail requirements around user identification, production access controls, administrative access, and user access. Include:

  • Account management: Manage who is responsible for approving and creating accounts.
  • Account privileges: Assign users to roles with appropriate access permissions to ensure employees access only information they need to do their jobs and can’t access information that doesn’t pertain to them.
  • Session management: Implement activities such as account lockouts and session termination.

Least Privilege

It’s a good idea for your organization to follow the principle of least privilege. This entails provisioning access with as few permissions as possible while still providing sufficient access to perform the job. If you’re an administrator with elevated access rights to perform privileged actions, remember to only use this account to perform administrative functions. For all other functions, use your non-administrative account. 

Administrative accounts have the power to make changes to an application (app) or cloud environment that a typical user is not able to make. Using administrative accounts for daily activities can lead to potential compromise, such as malicious actors gaining unauthorized access to the account and capturing credentials. Because of the elevated power administrators have, an attacker can wreak havoc on your systems and networks. 

Keep the principle of least privilege in mind whenever you determine access levels or share information with others. This principle also applies to setting permissions for documentation, code, or system configurations.

Similarly, you can mitigate risk by following the principle of segregation of duties. This separates the tasks and associated privileges for a specific security process among multiple people.

Account Maintenance

If you have access to sensitive cloud systems containing public sector data, it’s especially important to keep your account active. Inactive accounts, like empty houses, are particularly vulnerable to criminals, who look for the easiest and quietest way to gain unauthorized access. It’s imperative that your organization has compliance standards that require regularly cleaning up stale accounts. Automate this process as much as possible. Deactivate stale accounts automatically after exceeding a threshold (for example, if you haven’t logged in to your account in over 30 days). 

Let’s look at an example of access control implementation.

Akiko is a cloud security engineer at a CSP that manages public sector customer accounts. She receives a request to create a new account and assign appropriate permissions for a new user. To create the new account, Akiko logs in with her administrative account.

She creates the new account (inclusive of a username and password) and enables MFA using a software-based authenticator app, such as Google Authenticator, that offers a time-limited, one-time personal identification number (PIN) to verify the user. Next, Akiko assigns the person to a role with permissions to perform their job, keeping in mind the principle of least privilege. Like all accounts in the role, Akiko configures the session management settings as follows, in line with the organization’s access control policies and standards.

  • The user has three attempts to successfully log in within a 15-minute timespan before the account is locked.
  • Only an administrator can unlock locked accounts.
  • The user can only be idle for 15 minutes while logged in before the screen locks out and requires the user to log in again.
  • Accounts inactive for longer than 30 days are automatically disabled.

By configuring the new user’s account this way, Akiko employs multiple security mechanisms to protect the CSP and the public sector organization.

Encryption

One way to control the flow of information is by using encryption, which is especially important for implementing remote access to cloud environments.

Whether you work at a public sector organization or a CSP that stores and processes public sector data, it’s imperative that your organization’s policies document standards for encryption. Select the encryption strength mechanism based on the security categorization of the information processed, stored, or transmitted. Do not allow custom encryption algorithms or techniques, unless reviewed by qualified, independent experts outside of the vendor in question and approved by your organization’s applicable personnel.

Depending on the jurisdiction in which your organization operates, there can be certain requirements for cryptographic implementations. For example, the US government specifies approved algorithms, key lengths, cipher models, and more as part of The National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131A Rev2. Provide connections between public sector organizations and cloud services via the encryption standards outlined in your organization’s policy using certificates from a trusted authority. Note that some governments or government agencies maintain their own certificate authorities and trusted roots.

Knowledge Check

Ready to review what you’ve learned? The following knowledge check isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the description in the left column next to the matching term on the right. When you finish matching all the items, click Submit to check your work. If you’d like to start over, click Reset.

Sum It Up

In this unit, you learned about how access control and encryption can help you protect public sector data in the cloud. 

Next, let’s turn our attention to how to securely handle public sector data in the cloud. 

Resources

在 Salesforce 帮助中分享 Trailhead 反馈

我们很想听听您使用 Trailhead 的经验——您现在可以随时从 Salesforce 帮助网站访问新的反馈表单。

了解更多 继续分享反馈