EXECUTIVE INSIGHTS: MANAGING IDENTITY
 In the Cloud, Managing Identity Can Be a Breeze
On-Premise Solutions Seem Clunky to Some Users
IT infrastructure has adapted in recent years to handle the demands of mobile technology and benefit from the agility
of cloud computing. But not much has changed over the past decade in the way the federal government approaches identity management.
That is beginning to change. As accelerating technology trends pull agencies forward, identity management finally is coming along for the ride. A solution known as ICAM (Identity, Credential, and Access Management) combines tools and processes to ensure that the right person has access to the right resource at the right time. As agencies modernize, they are beginning to realize that on-premises ICAM systems – built well before cloud or mobile technology existed – aren’t up to the task.
“These platforms just aren’t built for modern cloud computing,” Brian Jones, Federal Manager for identity cloud provider Okta, said. “They do not extend easily to cloud, and everything you need
to do to make that happen is now a customization. What you lose are some of the great benefits of the cloud, which are agility and speed to market, speed to value.”
Integration projects that connect legacy, on-premises ICAM systems with commercial cloud applications can take years to implement. The same is true for upgrades.
“All of these platforms do multiple releases a year where they upgrade their service and turn on more features. They’re in a constant state of agility,” Jones said. “What that causes now is all of those integrations that you just spent lots of money building, they break. You literally have to go back to recoding and rebuilding that.”
If ICAM is moved into the cloud, those integrations and upgrades can happen seamlessly. Deployments can happen in days and weeks versus months and years, and employees can focus on higher-value tasks.
Putting ICAM in the cloud “is a massive mind shift, culture shift, and technical shift,” Ted Girard, Okta’s vice president for public sector, said.
Founded in 2009 to provide expertise in cloud security, Okta is the first
“identity as a service” provider to achieve FedRAMP certification. Okta received its FedRAMP moderate certification after the Justice Department sponsored it last year.
When Girard joined the company and began preaching the benefits of cloud-based identity management to government customers three years ago, the message frequently wasn’t well- received.
“They’d say, ‘I’ve already got an [on- premises] identity management system. I’ve had it for 10 years. I’ve sunk millions
into it. We’re good,’” Girard recalls. Since then, there has been a dawning
recognition that ICAM systems need a reboot. While one group at the Veterans Affairs Department told Girard it was fine with the existing ICAM, another told him the system was terrible and slowing everything down.
“So we’re seeing it at the department level. We’re seeing it at the agency level. This is the first time we’ve seen it at a government-wide level,” Girard said.
The Office of Management and Budget earlier this year released a draft policy
to modernize ICAM and strengthen cybersecurity. The OMB’s proposal rescinds five previous directives and aligns with digital identity guidelines of the National Institute of Standards and Technology (NIST).
“I see the OMB memo as recognition that they’re realizing this pain,” Girard said. “It’s the first time publicly anywhere from a very high level that the government has identified the ICAM systems as needing a modernization itself in order to accelerate all the rest of the modernization that they’re trying to do.”
Another factor that could drive adoption of cloud-based ICAM is the recent spate of security breaches at the Office of Personnel Management and State Department. IT departments may want to keep ICAM on premises and
 PRODUCED BY: SPONSORED BY: