Widespread remote work means the security perimeters agencies typically placed around their networks are obsolete. With traditional network perimeters disappearing, government IT personnel are under increasing pressure to mitigate risks and protect their agencies’ security.
Enter identity and access management (IAM). IAM frameworks provide agencies with the policies and tools they need to verify the users and systems accessing their networks are trustworthy.
“Identity is not just about protecting people, it is about protecting things like servers that matter to your agency because they are mission-critical,” said Molly He, Senior Product Marketing Manager at Okta, Inc., an IAM provider.
Unfortunately, IAM technology is aging across the public sector, and myths abound about modernizing IAM tools.
He and Rob Forbes, Senior Cloud Architect at Okta, Inc., explained away three myths about IAM modernization.
1. Myth: IAM applies only to people
Typically, agencies have associated IAM with verifying users’ identities. Going forward, however, IAM will also authenticate the devices and resource endpoints that are essential to agencies. Endpoints are any device that connects to a network remotely, such as laptops or smartphones.
“Think of the broad picture of identities and how they’re being used and leveraged,” Forbes said of applications, devices and users. “It is the methods and avenues they are taking to access the data.”
Subsequently, Forbes recommended agencies consider a single platform for managing access to their networks and identifying the connections across these systems.
2. Myth: More tools ensure more security
Complicated IAM can create security risks for agencies. Reducing the amount of IAM tools agencies govern can help protect their data, He said.
“Having a central point of control is critical,” she said. “Right now, identity is fragmented at a lot of federal, state and local organizations. Security is a major threat to business continuity if you don’t do it right.”
For example, many cybercriminals are not penetrating agencies’ cyberdefenses. Instead, many hackers are stealing users’ access credentials and menacing agencies’ data that way.
3. Myth: Cloud cannot hold data
Forbes suggested that many agencies are unaware of cloud computing’s potential for modernizing IAM. Cloud’s decentralized, on-demand IT means agencies can scale IAM services as needed.
“Stepping away from the notion that data can’t be in the cloud is a mind shift,” Forbes said. “Stopping modernization due to that thought process is not productive. It is a competitive disadvantage to be stuck in your own data center if you haven’t modernized already.”
Ultimately, providers such as Okta, Inc. can help agencies practice IAM intelligently using cloud’s affordability and flexibility. Whether in-person or remote, cloud-based IAM can aid agencies with monitoring their networks and the entities traveling on them.
“You’re modernizing not just to mitigate security risks or reduce costs,” He said. “You’re future-proofing by making your technology flexible and inexpensive.”
This article is an excerpt from GovLoop’s new guide, “Agency of the Future: Common Misconceptions Holding You Back and How to Break Free.” Download the full guide here.