This blog post is an excerpt from GovLoop’s recent guide “Your Guide to Identity and Access Management.” Download the full guide here.
Agencies are searching for cohesive solutions to their identity and access management (IAM) needs, especially as they contend with the siloed approaches that led to this need in the first place. According to the National Association of State Chief Information Officers (NASCIO), some states have turned to federated ID frameworks to avoid duplication by using a shared services model for identity and access. Most states are either creating frameworks independently or neglecting the issue altogether.
NASCIO’s findings were noted in its 2012 strategic vision for state-based identity, credential and access management (ICAM) efforts. But the lack of federated ICAM models across state and local governments persists.
The nonprofit ACT-IAC, which focuses on improving collaboration between government and industry, found that “sharing among external states is currently limited due to challenges, such as funding and the lack of a common platform.” At its core, a federated government framework provides centralized services to citizens, businesses, employees and other government entities across state, local and federal jurisdictions.
“It illustrates how government entities can share services across independent information technology domains and federation with states,” according to a 2018 ACT-IAC report.
When you consider the law enforcement sector and how often cases span cities, counties and even state lines, it’s imperative that governments can coordinate and easily share information. A federated identity system could lay the groundwork for new systems that allow for these seamless connections.
Why Is IAM Especially Important Now?
At a time when ransomware and other attacks are on the rise, state and local governments must do all they can to secure their data and systems. Increased security within a state correlates with diminished identity theft incidents, fewer data breach cases and better levels of trust. IAM bridges the weak points in an agency’s efforts to identify and authenticate users, encrypt sensitive data, and log and audit information.
States are required to measure and report the results of federally funded programs in areas like health, job creation, voting and welfare. For example, the Education Department’s State Longitudinal Data Systems involve the ability to measure student performance and the moving parts that affect educational outcomes from preschool to age 20. State governments must analyze student and teacher data across multiple state departments that are involved with delivering educational services, such as human services, K-12 education, workforce development, corrections and higher education.
There has to be a unique identifier to make sure that students are linked between systems, and that’s where identity management can play a significant role.
Communicating identity information among departments is also important so that new updates are easily shared from one agency to the other.
How Does IAM Support IT Modernization and Other Efforts?
Law enforcement and public-safety organizations, in particular, are working together to increase efficiencies and improve information sharing to better meet community needs. However, there are many risk management considerations for modernizing and applying new technology approaches to drive better outcomes.
Leaders need to be aware of current thinking around digital and data trust, cloud-based services, and analytic and machine learning as they prepare for the next generation of technologies that support a secure, safe, resilient homeland of the future.
That’s why investments in IAM are critical. Efforts around the development of FirstNet, a dedicated broadband network for public-safety workers, are a prime example of the important role that IAM plays in enabling first responders.
Registration, verification, authentication and authorization of public-safety officials and other approved users are vital to protecting the integrity and safety of the broadband network. This is not a one-time event, but rather an ongoing exercise to account for changes in roles and responsibilities and changes in employment status.
Delaware is eyeing innovative ways to share opioid information with police departments statewide, according to ACT-IAC. “State agencies are potential building blocks for a national opioid ‘data lake’ that can be accessed by law enforcement officers throughout the nation.”
Consolidating an agency’s processes and workflow under the overarching objective of following IAM guidelines can reduce costs for security IT infrastructure. Plus, the entire IT enterprise could be improved, and personally identifiable information (PII) better protected.
You may also be interested in Identity and Access Management in the Federal Government Today and Mitigating Threats While Enabling the Citizen Experience.