FCWPerspectives
The quest for seamless,
secure access
With hackers increasingly targeting users, federal agencies are turning to identity management to protect their systems
 When FCW convened identity and access management leaders from across the government
on Oct. 12, they agreed that authenticating users is the
new frontier in cybersecurity, with one saying the latest attack vectors “are all about identity.” Agencies have made signi cant progress in moving beyond simple username and password constructions, but
the work is far from done. Challenges include educating senior managers, convincing a wary public and  nding ways to securely share the burden of identity-proo ng.
The discussion was on the record but not for individual attribution (see Page 33 for a list of participants), and the quotes have been edited for length and clarity. Here’s what the group had to say.
Reframing the discussion
“My day-to-day focus is making sure that the identity infrastructure is work- ing well and keeps the lights on,” one participant said. “At the same time, we’ve done a pretty good job of deploy- ing smart card technology, but just as we got that settled down, we’re mov- ing into the cloud, we’re moving into mobile.”
Another executive agreed that the increasing complexity of the IT envi- ronment is making identity manage- ment even more challenging, and agen- cy leaders are not necessarily keeping up. “This space is inscrutable to a lot of people, especially those in leader- ship roles,” he said. “They’ve got some experience with username and pass- word for logging in. That’s what they think of when they think of identity.”
A third said his No. 1 focus has been moving users to certi cate-based access via personal identity veri ca- tion cards, but despite his agency’s progress, “there are a few folks out there still — and most of them are very important people — who are sticking to username and password.”
The importance of management buy-in struck a chord, but the discus- sion centered on the IT team’s respon- sibility for encouraging that.
“We need to change the conversa- tion from a defensive cybersecurity- focused conversation” to identity man-
agement as an enabler, one participant said. “If I were an agency head today and I’m worried about better serving my constituents, my citizens, identity management should be in the top three on my agenda. I’m not sure that’s the case across the board. Changing the conversation — being crisp and clear with communication to the leadership — is going to be key.”
Another executive added that “the big challenge of everything we do gov- ernmentwide is how do you make a compelling business case to the mis- sion owners versus trying to foist it on them. How am I going to make a compelling case that this is the right thing for the mission — maybe not in the short term, but in the long term they’re going to be better off?”
Others, however, said two factors make the conversation about long- term bene ts dif cult in government. “One is we’re all human, and we all really want short-term bene ts,” one participant said. “Two is that we’re just not good at selling within government. It’s not natural, it’s not a skill set we recruit for. We hire people in our pro- grams who are highly technical, but we don’t really think about how impor- tant that kind of business acumen is and how important it is to be able to sell concepts and ideas and to market internally.”
Another participant cited the enor-
 30
November/December 2017 FCW.COM