Insight by HID Global

How New York and Texas pursue secure identity and access management differently

It’s taken seven years for identity and access management (IAM) to be firmly ensconced on state chief information officers’ radar screens. It landed at number 10 on the National Association of State Chief Information Officers’ “Top Ten Policy and Technology Priorities for 2019.”

And well it should, considering that data breaches and ransomware from unauthorized access by hackers, disgruntled employees or sloppy security is a leading cause of the popular “career is over” reference for “CIO”.

Federal News Network convened the panel “Identity and Access Management: A Top Priority for States in 2019” with several state CIOs to discuss IAM’s newfound popularity. Texas CIO Todd Kimbriel, New York State CTO Rajiv Rao, and NASCIO Executive Director Doug Robinson spoke at the Federal News Network studios after the recent NASCIO spring conference.

As expected at the state level, in these laboratories of democracy, governments are pursuing various pathways to secure IAM. New York and Texas, representing nearly 10 percent of total states’ $101 billion in IT spend, reflect this dynamic. New York’s strategy involves a top-down, enterprise approach directed by the centralized state CIO’s office while Texas, primarily due to its famous, or infamous, government organizational structure, has adopted a more federated approach.

These two dissimilar strategies represent the broad range of solutions that other states are implementing in their quest for secure IAM. NASCIO’s report “State Identity and Credential Access Management” (SICAM) in 2012 represented a prescient observation about an impending challenge state government IT would face near the end of the decade. Plans are, in fact, currently under discussion at NASCIO to update this report to provide states with a more comprehensive roadmap, best practices and lessons learned in IAM strategies.

Identity and Access Management on the State Level

We’re constructing and deploying a digital assistant which will roll out the first release in September. … So, we're going to leverage this new portal capability in digital assistant to not only address a citizen identity management, but also employee identity management in the long run.

Federal Compliance Rules

We started this process of consolidating core services. We brought all of our 46 agencies into a single data center and started identifying core services that could be standardized; and one of them being identity management.

Citizens and Access Management

IAM – it's still about making sure that you know who the people are that are coming in. They have access to the right things; they're authorized to access only those things.

Listen to the full show:

Copyright © 2019 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.