Embracing zero trust with Hyland’s Alfresco platform

As government agencies navigate an increasingly complex cybersecurity landscape, the importance of robust security measures and compliance with federal mandates cannot be overstated. Hyland's Alfresco platform offers a solution that not only helps meet the most stringent cybersecurity requirements but also seamlessly aligns with zero-trust architectures outlined by the National Institute of Standards and Technology (NIST) and the U.S. Department of Defense (DOD). 

Realities brought forward by the pandemic and recent economic developments saw the prevalence of digital and cloud technologies in the way government agencies work and serve constituents. While this addressed certain challenges, it led to new ones, especially around ensuring security and preventing data breaches. As a result, the federal government issued executive order 14028, which outlines the need to improve the nation’s cybersecurity. 

More than just a federal mandate, the transition to “zero trust” became a roadmap to a strong and secure cyber infrastructure while enabling digital modernization — critical for protecting the integrity of public-sector data. Following this order, risk and vulnerability management became the top strategic initiative for information security in 2022. This trend continues in 2023 as government organizations work to implement zero-trust architecture. 

As a long-time partner of government agencies at the local, state and federal levels, Hyland recognizes the need to support our customers to ramp up their cybersecurity in line with a zero-trust framework. 

The Alfresco platform is ready-made to empower your agency to enhance security, streamline operations and protect critical assets in today’s rapidly evolving digital landscape.

Improving security and compliance

The Alfresco platform addresses the most stringent cybersecurity requirements and ensures compliance with federal mandates. The platform can operate in both classified and nonclassified infrastructure, offering a comprehensive solution for all your agency’s security needs. 

It’s the only open source product certified to DOD 5015.02 and DoD 5015.03 standards for records management, a testament to our commitment to security and compliance. 

Complying with federal zero-trust mandate

When it comes to meeting the federal zero-trust mandate, Alfresco platform offers features that help you not only meet but exceed identity management requirements:

• Centrally managed system: The platform integrates with identity and access management services, reducing the burden of managing individual accounts and credentials. This centralized approach ensures efficient administration and enhances security.
• Enhanced security policies: Alfresco platform enables enforcing security policies that limit access to authorized personnel. This helps prevent unauthorized access attempts and protects your sensitive information.
• Multifactor configuration: The platform supports multifactor authentication configurations, adding a layer of protection against unauthorized access.
• Session logging and anomaly detection: Alfresco platform enables detailed session logging, allowing quick detection of anomalous behavior and enabling timely action to mitigate potential security incidents.
• Role-based access control (RBAC) and attribute-based access control (ABAC): Our platform supports RBAC and ABAC, enabling fine-grained control over access permissions based on user roles and specific attributes. This ensures that only authorized individuals can access critical resources. 

Meeting application and workload requirements

Hyland understands the unique needs of government organizations and the importance of meeting stringent application and workload requirements. Alfresco platform provides easy testing and security validation of controls and can seamlessly inherit cloud infrastructure security parameters, ensuring the protection and integrity of your agency's data and mission. 

By adopting best-in-class software development life cycle practices such as continuous integration/continuous deployment (CI/CD) and infrastructure as code (IaC), we enable reliable, predictable and scalable application development based on immutable workloads. Our platform follows DevSecOps approaches, integrating automated security scanning analysis tools into development pipelines. 

Additionally, Alfresco platform provides rigorous automated scanning and independent third-party penetration testing, ensuring external validation of our security design.

Supporting compliance and industry standards

Alfresco platform also offers a range of features to support compliance with various industry standards and mandates. The platform enables objective categorization and tagging of data, ensuring compliance with executive order 14028 requirements. It also aligns with prominent standards and frameworks such as:

• OMB M-21-07, OMB M-19-17 and OMB M-15-13
• CISA's Zero Trust Maturity Model
• CISA's Cloud Security Technical Reference Architecture
• NIST's SP 800-207 Zero Trust Architecture
• Department of Defense's Zero Trust Reference Architecture 

Embracing zero trust

Hyland is committed to supporting government agencies in their pursuit of robust security and compliance in the zero-trust era. Our Alfresco platform is designed to address the unique challenges faced by government agencies and help them become future proof. Partner with us to enhance your security posture, meet federal mandates and confidently embrace zero trust.

Learn more about Alfresco platform