Ramsey County, Minn., is willing to take the risk that it is over-securing user access, said Dean Morstad, its identity and access management manager.

Before the COVID-19 pandemic, county offices provided services in person, and employees made minimal use of multifactor authentication, but that changed last year, when everyone shifted to remote work, Morstad said Nov. 30 during SailPoint’s “5^th Annual Government Identity Security Summit.” Within 30 days he and his team had expanded the virtual-private network and remote connection capabilities – and they revamped security, making MFA mandatory.

“We worked diligently to review all of the outstanding gaps that we had — to protect our perimeter from a security perspective — making sure we had the right tools in place, making sure that we were protecting all of our assets as well as all of our data, and then also moving and improving on our identity and access management,” Morstad said.

The county does still have a perimeter – “a clearly defined separation that we need to protect” – but he recognizes that it’s blurring as the county adopts cloud platforms in support of the new work environment. “We’ve had to extend our access management into that as well, moving into federation and using SAML authentication … as well as understanding all of those cloud endpoints where we have access,” Morstad said, adding that the goal is “to secure as much as possible and take the risk that we might be over-securing.”

Read more at – GNC: How identity and access management enabled county’s remote work