To be efficient and effective, government agencies need interoperable systems that securely connect employees, constituents and partners to the resources they need across the enterprise. But many agencies rely on a patchwork of legacy Identity Credential and Access Management (ICAM) systems, and that creates security gaps and provides an uneven user experience.
Those individual ICAM systems might work well with some applications, but they lack the interoperability needed to support key capabilities such as federated single sign-on and zero-trust network access, said Bryan Rosensteel, Ping Identity’s U.S. Federal Chief Technology Officer. The company’s solutions make digital experiences secure and seamless for all users.
With a modern system, agencies can overcome legacy approaches’ limitations and gain greater flexibility and more granular controls around identity management.
Here are three concepts that are key to modern identity management.
Federated Identity Management
To ensure seamless access to their ever-expanding landscape of applications, agencies need a unified approach to identity management. Federated identity management (FIM) enables diverse users to access networks, applications and resources using a single set of credentials. In FIM, a thirdparty identity provider stores user credentials and authenticates users across organizations.
This approach “will greatly reduce what that user needs to remember,” Rosensteel said. It will also provide IT teams with greater visibility into network activity: With authentication-logging in one place, “they can better understand what’s going on,” he added.
Policy-Based Access Controls
Agencies are looking to technology to seamlessly implement access policy, especially as they roll out zero-trust security. To do that, they need identity management to be rooted into centralized policy engines.
Policy-based access control helps here. It uses policies to determine user access privileges, putting additional criteria on top of user role and associated permissions, providing finer-grained control. This makes it possible to shift from role-based access control to attribute-based access control.
Role-based controls consider who you are and what you do at the organization, while attribute-based controls may add, for example, “the context of how you’re coming in,” Rosensteel said. That becomes especially important given the rise of mobile devices and remote connectivity. And attribute-based solutions may also consider user-behavior analytics. “We can start plugging those into our authentication and authorization engines,” he said.
Centralized Policy Management
In a heterogenous IT landscape, agencies need a way to create and implement policy across all their applications, APIs and data. To that end, they can move away from application-specific authorizations and instead adopt centralized policy management.
In a modern identity management system, “federation allows me to have centralized authentication and to abstract that away from the application,” Rosensteel said. This ensures both enhanced security and the ability to meet regulatory requirements efficiently.
Many in government recognize the need to modernize ICAM. With a platform that empowers organizations to easily orchestrate secure identity experiences, “Ping Identity can help accelerate that adoption,” Rosensteel said.
This article appeared in our guide, “How to Build a Cyber-Savvy Workforce.” To read more about how agencies are raising their cyber game, download it here:
Leave a Reply
You must be logged in to post a comment.