• Contact Sales
  • Resellers
  • Support
Yubico Header Text LogoYubico Header Text Logo
Why Yubicoexpand_more
Why Yubico
  • Enterprises
  • SMBs
  • Individuals
  • Developers
  • Careers
  • Partner programs
  • Affiliate program
  • Contact Sales
  • Events
  • Press room
  • Yubico Blog
  • Yubico Executive Connect
  • About us
  • The team
  • Investors
  • Innovation history
  • Secure it Forward
Man holding YubiKey
Easy-to-use, secure authentication

With YubiKey there’s no tradeoff between great security and usability

Why YubiKey
  • Public Sector
Google headquarters
Proven at scale at Google

Google defends against account takeovers and reduces IT costs

Google Case Study
  • Public Sector
Hand holding YubiKey behind Apple iPhone
Protecting vulnerable organizations

Secure it Forward: One YubiKey donated for every 20 sold

Learn about Secure it Forward
  • Public Sector
Productsexpand_more
All products
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • YubiEnterprise Subscription
  • YubiEnterprise Delivery
  • Yubico Authenticator
  • Computer login tools
  • Software Development Toolkits
  • YubiCloud
  • Using YubiKey is easy
  • Find the right YubiKey
  • Works with YubiKey
  • Compare YubiKeys
Woman holding YubiKey 5ci
One key for hundreds of apps and services

YubiKey works out-of-the-box and has no client software or battery

Yubico protects you
  • Public Sector
See YubiKeys as a Service
YubiEnterprise Subscription delivers scale and savings

Gain a future-proofed solution and faster MFA rollouts

See YubiKeys as a Service
  • Public Sector
Solutionsexpand_more
Solutions overview
  • Zero Trust
  • Executive Order OMB M-22-09
  • Phishing-resistant MFA
  • Passwordless
  • Compliance
  • Cyber Insurance
  • Secure supply chain
  • Critical infrastructure
  • Hybrid & remote workers
  • Secure privileged users
  • Mobile restricted environments
  • Call centers
  • Shared workstations
  • Microsoft ecosystem
  • Salesforce workspace
  • IAM solutions
  • AWS environment
  • HYPR experience
Hand holding YubiKey behind Apple iPhone
The Bridge to Passwordless

Begin the journey to make your organization passwordless

Get the white paper
  • Public Sector
Lock on a laptop
Accelerate your Zero Trust Strategy

7 best strong authentication practices to jumpstart your Zero Trust program

Get the white paper
  • Public Sector
Government building
Federal cybersecurity requirements

See guidance for CIOs and leaders to prepare for the modern cyber threat era

Get the white paper
  • Public Sector
Industriesexpand_more
Industries overview
  • High tech
  • Federal government
  • Federal systems integrators
  • State & local government
  • Education
  • Financial services
  • Elections & campaigns
  • Retail & hospitality
  • Telecommunications
  • Healthcare
  • Pharmaceuticals
  • Cryptocurrency
  • Energy & natural resources
  • Manufacturing
man working a manufacturing line
Manufacturing and supply chain security

Authentication best practices for manufacturing using highest-assurance security

Get the white paper
  • Public Sector
Person looking at a computer with a government building showing
Phishing-resistant MFA: Fact vs. Fiction

Meet requirements for phishing-resistant MFA in OMB M-22-09 guidelines

Get the white paper
  • Public Sector
Remote workers at a wind farm
Secure energy and natural resources from cyber threats

Best practices for phishing-resistant MFA to safeguard your critical infrastructure

Get the white paper
  • Public Sector
Resourcesexpand_more
All resources
  • Yubico Blog
  • Cybersecurity glossary
  • Authentication standards
  • Resource library
  • Developer program
  • Product briefs
  • Solution briefs
  • Case studies
  • Get a pilot started
  • White papers and reports
  • Webinars
Laptop with a YubiKey inserted
BeyondTrust: secured with a subscription

A leader in Privileged Access Management simplifies YubiKey deployment

How they optimized ROI
  • Public Sector
S&P Global Market Intelligence report: old habits die hard

Only 46% of respondents protect their applications with MFA. How about you?

Read the report
  • Public Sector
Considering Passkeys for your Enterprise?

Learn how to avoid the common pitfalls of synced passkeys

Get the Ebook
  • Public Sector
Supportexpand_more
Support home
  • Find the right YubiKey
  • Set up your YubiKey
  • Downloads
  • Product documentation
  • Support articles
  • Support Services
  • Professional Services
  • YubiEnterprise Subscription
  • Works with YubiKey Program
  • Buying and shipping information
  • Security advisories
  • Help center
YubiKeys in lots of form factors
How to set up your YubiKey

Follow our guided tutorials to start protecting your favorite services

Set up your YubiKey
  • Public Sector
YubiKey on a keychain plugged into a laptop
Find the best YubiKey for your needs

Take the guided quiz and see which YubiKey best fits your or your businesses needs

Take the quiz
  • Public Sector
Worker with a calculator and laptop with a spreadsheet
Accelerate your YubiKey deployment

Technical and operational guidance for your YubiKey implementation and rollout

Professional Services
  • Public Sector
SubscribeStore
  • Home » Blog » New administration and Covid-19 aftermath surges demand for next-gen security in public sector

    New administration and Covid-19 aftermath surges demand for next-gen security in public sector

    Shamalee Deshpande

    Shamalee Deshpande

    March 24, 2021
    5 minute read
    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    2021 marks the year that two game-changing events have put onboarding remote employees and strong authentication on the radar for many public sector agency heads. Since March 2020 most government workers, like everyone else, have been forced to work remotely in systems that were not designed for secure work-from-home situations. IT executives scrambled to find ways for workers to continue to be productive at home without “giving away the store” on security.

    In January 2021 the problem got stickier: tens of thousands of new employees that were brought on with the new Biden administration had to be onboarded, and the usual federal government onboarding process involves a fairly COVID-unsafe procedure of visiting physical sites for identity-proofing and personal identity verification (PIV) cards or common access cards (CAC). The challenge of this year came into focus: how do you securely onboard many people at once – and make it easy for the new hire to figure out the federal onboarding process – in a remote worker environment?  

    The good news is that help is on the way. Authentication protocols and standards are adapting to make this process easier. The bad news is that government agencies are not known for lightning speed when it comes to change and security innovation. So while we should expect to see more products this year that are aimed at making the federal government onboarding process easier and more secure, adoption won’t be instantaneous.

    Is this the end of PIV and CAC? Not yet.

    Nearly everyone who works for the government has either a PIV card or CAC. PIVs are used for non-military agencies, and CAC is a Department of Defense standard. These physical smart cards are a familiar, robust way to verify that someone who logs into a system is actually who they say they are. But this system is tethered to the physical card readers that are required to read them, both at the point of validation and the workstation. The pandemic has permanently changed the way agency heads think about where PIV/CAC is most useful. It works well for physical work sites but trusted, next-gen authentication is needed for the remote onboarding process of thousands of workers in the next decade, for non-PIV/CAC eligible users, for mobile devices, and for non-GFE (government furnished equipment) users.

    “The pandemic has raised the urgency levels within the government,” says Fadi Jarrar, Yubico’s Federal Sales Director. “Some agencies need to onboard 500 people immediately to support COVID requirements. They can’t wait for PIV cards to be processed because it often takes two or three months.”

    Any PIV or CAC alternative authentication solution has to be compliant with Federal Identity Processing Standards (FIPS). The YubiKey for example, is FIPS 140-2 validated, and the YubiKey 5 Series with passwordless authentication support, is slated to achieve FIPS 140-2 validation in 2021. Additionally, YubiKeys were added to the DHS CDM program to support “Secondary Authentication” needs as required by OMB Memo M-19-17. With trusted solutions like this in place, and already approved by the DoD, it gives the green light to agency heads to consider an adoption plan for YubiKeys as an alternate authenticator to augment PIV/CAC cards. 

    While the pace of adoption of next gen authentication in the public sector will take awhile as policies get built out, YubiKeys offer a bridge during the transition period. They work in parallel with PIV/CAC for remote workers, mobile devices and non-GFE users, and non PIV/CAC eligible employees, by offering high-assurance strong multi-factor authentication. Plus, YubiKeys don’t require peripheral devices for mobile device users, unlike PIV and CAC.

    There are legends – and not the good kind — about the difficulties government workers face when they must log on to multiple systems, all with their own authentication protocols.

    Jeff Phillips, VP of Public Sector at Yubico, says it’s common that agency employees who work across different government departments juggle many cell phones at once to accommodate separate authentication systems. “I’ve known employees who are carrying five phones just to get through the day,” Phillips said. 

    SolarWinds aftermath still being sorted

    The SolarWinds security debacle exposed a soft underbelly for all of the federal agencies that use it. It happened so recently that most agencies are still in triage mode, trying to collect more information about what needs to be immediately patched. While SolarWinds was a breach of an on-premises installation, the inevitable reviews that will come this year and next will surface many proposed cloud security upgrades as well. While agencies are moving to secure the supply chain they might transfer more processes to the cloud, making strong authentication solutions an even higher priority.

    2021 marks the convergence of two unforeseen events – COVID and the rush to a remote work environment, plus SolarWinds – and one predictable event: the political transition in Washington D.C. and other government entities after an election. These three trends have lit a fire – or at least added fuel to a fire that was already burning – under many agency leaders to get serious about securing the cloud and providing simple, easy-to-use strong authentication outside of traditional PIV/CAC for remote workers.

    Investing in a remote onboarding solution like the YubiKey is a recommended approach for agencies or companies that want to streamline their employee onboarding process, and has the added benefit of keeping you in compliance. 

    Join Jeff Phillips, VP Public Sector Yubico, Alexander Forti, US Department of Treasury, and Danelle Barrett, Retired Rear Admiral US Navy on April 8, for a roundtable discussion Federal government authentication lessons from 2020.

    Share this article:

    Share on FacebookShare on TwitterShare on LinkedInShare via Email

    Recommended Posts

    • Q&A with CEO Mattias Danielsson: Yubico’s next stage of growth as a public company and what investors can expect

      Today marks an exciting, historic day in Yubico’s history: the company is now publicly traded under the ticker symbol YUBICO on Nasdaq First Growth North Market in Stockholm. As the cyber threat landscape continues to evolve rapidly through increasingly sophisticated attacks like phishing, the need for phishing-resistant MFA with the YubiKey are at an all-time […]

      Read more
      • Investors
      • Q&A
      • thought leadership
    • Five foundational cybersecurity controls to mitigate 90% of breaches

      During my 16 years in the cybersecurity industry, and after discussions with numerous CISOs and cyber security experts, they all agree that there are five easy steps all organizations can take to mitigate over 90% of all cyber breaches1.  Just like cars were not initially designed for safety, the internet was not designed for security. […]

      Read more
      • best practice guide
    • Okta + Yubico: Better together

      Modern cybersecurity needs to be phishing-resistant, but it also needs to incorporate a great user experience for employees, IT teams and customers. We know traditional authentication methods are perceived as user-friendly, but they are not secure and vulnerable to most attacks  – in fact, 59% of people still rely on username and password to authenticate […]

      Read more
      • Okta
      • Partner Program
    • Works with YubiKey Spotlight: How Yubico works with industry leaders who share the commitment to strong authentication

      As the cyber threat landscape continues to evolve rapidly in the form of more sophisticated attacks like phishing and ransomware, the need for industry collaborations and partnerships are more critical than ever to help businesses and consumers stay secure online. We first launched the Works with YubiKey (WWYK) program in 2018 with this in mind […]

      Read more
      • Works with YubiKey
      • wwyk
Yubico Text LogoYubico Text Logo
  • RSS
  • Twitter
  • LinkedIn
  • Facebook
  • Instagram
  • YouTube
  • GitHub
  • Product finder quiz
  • Find set-up guides
  • Buy online
  • Contact sales
  • Get Yubico updates
  • Careers
  • Events
  • Press room
  • About us
  • Investors
  • Partner programs
  • Affiliate program
  • YubiKey 5 Series
  • YubiKey 5 FIPS Series
  • YubiKey Bio Series
  • Security Key Series
  • YubiKey 5 CSPN Series
  • YubiHSM 2 & YubiHSM 2 FIPS
  • Yubico Authenticator
  • Zero Trust
  • Phishing-resistant MFA
  • Passwordless
  • Cyber insurance
  • More solutions
  • Industries overview
  • Yubico blog
  • Resource library
  • Cybersecurity glossary
  • Authentication standards
  • Developer program
  • Works with YubiKey
  • Help center
  • Downloads
  • Product documentation
  • Support Services
  • Professional Services
  • Contact support
Yubico © 2023 All Rights Reserved.
  • Sitemap
  • Cookies
  • Legal
  • Privacy
  • Patents
  • Terms of use
  • Trust