The concept of smart cities has triggered evangelical fervor from planners, engineers and futurists. This concept integrates multiple technological solutions, along with creating a need for a secure environment to manage and control access into a city’s infrastructures. It also brings local information systems, hospitals, schools, transportation systems, and law enforcement under one grid and efficiently uses real-time control systems and sensors from data gathered from people, processes and technology.
Singapore is one the few countries that has mandated a standard to act as a tool to ensure that government, local agencies, and planners understood a common language of development. Similarly, in Switzerland, the ISO (International Organization for Standardization) has developed a tool (ISO 37120) that will provide support for a smart city initiative and lay the foundation for the rest of the world to join.
Smart cities often pose complex challenges and while many governments are excited to turn their city into a smart city, they do not always focus on security best practices. Many important stakeholders still lack an understanding of the cyber threats a smart city represents, particularly when it comes to remote access and supporting critical infrastructure systems. And technology is growing faster than the measures needed to secure it.
With the growth of smart cities, it is important to take a step back and think about security by design. Specifically, how to maintain all of these systems and networks proactively and mitigate risk. When thinking about a smart city, technology mishaps can be life threatening…for instance if a traffic signal malfunctions. As more systems are connected and more devices are introduced to the support landscape, the attack surface becomes larger. Anyone with remote access to systems and privileged credentials are prime targets for cyberattacks. One of the most important tasks when deploying and integrating multiple solutions is to ensure that privileged access for privileged insiders and vendors is properly managed and secured. It is important to use a central, brokered connection to allow access to critical systems from both insiders and vendors.
Using solutions such as Bomgar Privileged Access, organizations can allow security professionals to control, monitor and manage privileged access to critical systems by authorized employees, contractors and third-party vendors. Security professionals can also enforce the concept of ‘least privilege’ within their organization, which ensures that users are only given the level of access needed to perform their job, rather than provisioning access to an entire network – all without sacrificing productivity.
Protecting just the privileged accounts is only half the battle – the access to those accounts is just as important. Remove the risk of shared or default passwords through utilizing an enterprise password management solution, that stores, rotates and randomizes passwords to critical systems. Solutions such as Bomgar Vault take this concept a step further through credential injection, which allows support professionals to inject credentials to a remote system without ever knowing or seeing them. So, if a password is compromised, because it’s constantly rotated and was never know by the user to begin with, it won’t work for that account again. The best passwords are those that privileged users and vendors don’t know, or control.
In today’s connected world, following proper security hygiene and implementing security by design is imperative to reduce the risk of a cyber breach, as you ‘re only as safe as whoever has access to your enterprise. Check out this webinar recording, which features the six steps companies need to take to secure privileged access, while simultaneously improving business productivity.