Page 9 - FCW, July/August 2018
P. 9

                                  OMB Rethinks Digital Identity
Any doubts about the government’s level of concern over identity management were dispelled this spring when the Office of Management and Budget released a draft of new guidelines for identity, credential and access management (ICAM) across the entire federal government.
The draft memo, underscoring the gravity of identity management, notes that the way in which “agencies conduct identity proofing, establish digital identities, and adopt sound processes for authentication and access control will significantly impact the security of their digital services.”
Released April 6, the guidance stipulates that “agencies must be able to identify, credential, monitor, and manage user access ... across their enterprise in order to ensure secure and efficient operations.”
The draft guidance requires agencies to incorporate digital identity risk management into existing processes and to automate enterprise-level performance reporting. The National Institute of Standards and Technology’s Special Publication 800-63 underpins much of the guidance.
“It is increasingly important that all agencies adopt identity validation solutions that enhance privacy and mitigate negative impacts to delivery of digital services and maintenance of online trust.”
Shifting Identity at a Glance
• Identitymanagementshouldensurethattherightpersonhasaccesstothe right resources at the right time.
• On-premisesolutionsaren’toptimalinacloudcomputingenvironment.
• Puttingidentitymanagementinthecloudallowsforseamlessintegrationand upgrades, with deployments happening in days and weeks versus months and years.
• Legacyidentitymanagementsystemsrequiresconstantpatchingtomaintain perimeter security.
• Oktaisthefirst“identityasaservice”providerstoachieveFedRAMP certification.
manage it themselves because they feel it’s more secure, but the reality is that’s probably less safe than a modern cloud identity service.
With legacy ICAM systems, the government is in a constant state of catch-up when patches come out for security bugs that the government has to implement.
“When you’re talking about hundreds of servers, this is the problem the government has faced,” Jones said. “Your perimeter is not going to be secure.”
Mobile devices also have taken the security perimeter “and extended it outside of the firewall, and made it infinitely more complex on all levels,” Jones said. Okta uses adaptive multi- factor authentication that can recognize it’s you, on a recognized device, coming from an accepted spot, and allows you to access everything you’re entitled to based on intelligent policy and your role within the organization.
Jones added that mobile technology also has changed the game for usability and customer experience. In the past,
if organizations cranked up security, it would be at the expense of customer experience, and vice versa. Now it’s “more vital than ever that world-class security and customer service are blended for your employees and your customers,” he said.
“If you think of organizations like the VA, with nine million veterans and family members that need services, they’re moving to a digital experience. The last thing they want to do is make it difficult for their customers to access the services that they’re entitled to,” Girard added.
Interoperability is another goal
highlighted in the OMB draft policy. For example, an agency might want Amazon for infrastructure-as-a-service and Microsoft Azure for platform-as-a-service. Or it might want to switch from one email client to another. A vendor-agnostic identity cloud like Okta, which has more than 5,600 pre-built integrations, can
connect them all and easily switch if one isn’t working as planned.
“In the real world, there’s not going to be one cloud vendor delivering a multitude of services for any agency,” Jones said. “Agencies and customers are going to do what they’ve always done. They’re going to go with best of breed.”
   











































































   7   8   9   10   11