Our customer is an independent agency of the U.S. Federal Government overseeing investments and finance. The IT group manages Silo for their investigations team to ensure that the agency’s digital footprint remains hidden when researchers visit social media sites and that the organization’s assets are protected.
“Nothing on the internet is anonymous," explains an IT specialist and program manager at the agency. “When we visit websites, we try to not disclose the agency’s IP address; when we are looking at something that’s happening in, say, Russia, we don’t want the Russian site owners to know that the traffic is coming from us. But any link that you click online can be traced back to you, so we must be careful because the nature of our investigations demands anonymity.”
By law, government researchers must disclose their agency’s affiliation when browsing social media sites. And while it’s required to inform Facebook or LinkedIn that an agent is connecting from a government agency’s address, it would jeopardize the investigation if an individual or organization were alerted that their profile is being scrutinized by a federal analyst.
The agency needed a solution that would hide the identity of its researchers while giving them an easy way to access social media sites for observation, comply with strict cloud-based network security requirements, and allow for full control and management of access credentials.
“Any link that you click online can be traced back to you, so we must be careful because the nature of our investigations demands anonymity."
- IT specialist and program managerManaged access to social media through shared login, no passwords to remember
Zero Trust Application Access with Silo provides the needed protection and oversight for all the agency’s web-based activities. It helps to obscure analysts’ actions and movements on the web, while fulfilling the attribution requirements. The IT team credits Silo’s granular controls and ability to define and enforce access policies at both user and group levels for enabling secure browsing for hundreds of analysts. “Before, we had 500 users with individual logins to social media sites,” explains the IT specialist. “Today, we have a single sign-on that gives all online researchers access to a portal that securely connects them to social media sites.”
Each user is placed into one or more groups with automatically populated credentials and pre-provisioned, strictly controlled access privileges (at the agency level); some are allowed to visit all social media sites, while others are limited to select pages. An administrator can move users from group to group, instantly updating their access rights, depending on job requirements.
“To manage access, we create a subgroup for social media,” says the IT specialist. “When I move people into this group, they have access; when I move them out, they lose access. All credentials can be easily changed and managed here. This is one of Silo’s greatest features. Any credentials that I need to change, I only change them in one place.”
With Silo, individual users no longer need to remember their login credentials, and admins don’t have to worry about lost or compromised passwords or periodically review all accounts. The admin also controls Silo’s data transfer policies, restricting data uploads, but permitting downloads when required by the investigation. Silo helps isolate the agency’s online activities from the infrastructure. With no web code reaching end-user devices, the threat of malware infecting the agency’s assets has been greatly reduced.
When the agency’s analysts come across information that requires more in-depth research, they can pass their findings to other groups who use Silo for Research to perform more active and thorough investigations. Silo helps preserve the audit trail to make sure that the agency’s labs that specialize in collecting evidence for prosecution can easily locate the same data. All user activity and browsing history are securely logged and stored.
