While technology develops and evolves, one constant remains: the need for security. As citizens increasingly access government services through personal devices, those in charge of ensuring that these transactions are smooth and secure have to consider how to best keep both their systems and users’ information safe.
One option for agencies looking for a secure and scalable solution is to move security to the cloud. Although some may perceive the cloud as creating more security concerns than it addresses, a recent GovLoop webinar revealed the benefits of using the cloud to handle identity and access management.
“Security is no longer solely about network or perimeter,” said Francisco Salguero, Deputy CIO at the Agriculture Department.
Identity management is now a top-tier consideration, and system safety increasingly relies on deciding whether a would-be user is really who they say they are.
“Identity is the perimeter now,” says Paul Dhanjal, Global Security Practice Director at AST LLC. “Digital identities are an extension to people.”
Given that users come from all over and are often accessing networks from their own devices, organizations and agencies need a consistent and reliable system for managing access. Such digital identity assurance has become a necessary piece of any organization’s security framework, but it is especially vital in government, where a security breach could compromise both sensitive citizen data and critical infrastructure.
Dhanjal is optimistic that cloud-based security can address these needs.
“We’re at the cusp of a golden age for cloud adoption,” he said, suggesting that while government can move at a glacial pace when it comes to new technologies, there’s hope that the obvious benefits of cloud can spur agencies forward.
In relation to this, both Dhanjal and Salguero stressed the potential of cloud as an enabler—of mission, of transformation and of innovation. Dhanjal believes in a user-defined security experience—using adaptive technology to provide customized solutions based on an individual’s specific needs.
With this in mind, one exciting option with cloud-based security is adaptive authentication. Unlike basic multi-factor authentication, adaptive authentication allows for security procedures to intuitively adapt to situations, deploying multi-factor identification when necessary but saving the hassle when it’s not.
Another interesting possibility is moving to Customer Identity Access Management (CIAM) from Identity Access Management (IAM), with CIAM providing a more user-focused security environment. “Your solution should scale in both size and function,” said Dhanjal, noting CIAM makes this swift and easy.
With technologies like these, organizations can find the sweet spot of security—empowering users while reducing risks. Salguero noted that although cloud has been around in the private sector since the early 2000s, adoption has been slower in the public sector because of risk aversion and funding issues.
However, as the government workforce grows younger, he believes that cloud may finally be fully embraced. If this is the case, citizens and public servants alike can look forward to improvements in the functionality and efficiency of identity and access management.