Agencies have a hard time balancing accessibility for employees logging onto their networks and keeping out malicious actors with stolen credentials.
Part of the challenge stems from agencies dealing with a siloed, fragmented identity ecosystem, which makes it hard to establish a single source of trust with its user profiles.
Bryan Rosensteel, a federal solutions architect with Ping Identity, said that fragmented identity landscape makes it easier for malicious actors to gain entry into agency networks.
“The first thing that we need to do is we need to understand what’s in our environment in the first place. And that’s accepting that we’ve got these fragmented identity silos,” Rosensteel said on Federal News Network’s Cloud Exchange.
To get identity management right, agencies need to understand why those siloes exist in the first place. Where possible, agencies should modernize and move to a central user repository.
But Rosensteel said that only solves part of the problem. Agencies need to have partners, contractors and foreign nationals, in the case of some agencies, that need to log in and gain access to certain applications and resources.
And as part of a growing demand for public-facing services online, agencies also have users logging into their networks to gain access to government services or look at certain parts of an agency’s data.
“That puts us in a position where we don’t want them logging in against the same user repository as our primary employees coming in to do their day-to-day jobs. So we need to maintain separate user stores. All we need to do is maintain them in a way that breaks down that silo,” Rosensteel said.
Rosensteel said agencies can overcome these challenges by building a master user record and synchronizing data across user repositories. By setting up this infrastructure, agencies will have an easier time automating the process of granting and revoking credentials.
“It makes it a lot easier when an employee leaves or when they change their role in an organization, rather than having that human administrator going out and reconciling their access permissions everywhere, which we know almost never happens. Instead, we can automate that and make that process a lot simpler to go through,” Rosensteel said.