It’s been more than two months since the Office of Management and Budget released the final policy updating how agencies should address identity and access management.
The memo takes on ICAM in six parts, rescinds several other policies like the 2004 memo on e-authentication or the 2005 one on e-signatures.
And just as important, the memo recognizes that the 15-year old approach under Homeland Security Presidential Directive-12 (HSPD-12) needs to be adapted to meet current and emerging technologies and needs.
Concepts like zero trust that shifts the operating model and security beyond the perimeter must be central to the ICAM discussion.
The need to incorporate identity with cloud and shared services is a growing priority across several agencies.
Really what the memo is encouraging and emphasizing agencies to do is look at their current way of doing things and start thinking about what they need to do differently moving forward as the cloud, mobility and citizen services become more entwined in how agencies meet their missions.
The policy opens the door for a more secure, privacy-enhanced digital identity solution for citizens and businesses.
Current ICAM Strategy for Agencies
We’re looking to extend what we have on premise to the cloud. We’re looking to better standardize our levels of authorization as it relates to cloud to better protect not only our systems, but really to drill down into data protection and understanding that.
Brian Muolo
Director, Infrastructure Modernization, General Services Administration
Cloud and IT Modernization in Relation to Identity Management
Once you have all the people, all the technologies and all the integrations done, your platform should just become the policy engine. You should have a really solid way to be able to determine by group what you get to do and when you get to do it.
Ted Girard
Vice President, Public Sector, Okta
Our strategy is to always develop a zero trust environment and still meet our business needs. That’s a challenge in and of itself. Identity credentialing and access management (ICAM) becomes a catalyst for creating that zero trust environment yet still being a business enabler and getting to the ‘yes’ for our customers.
Togai Andrews
Chief Information Security Officer, Federal Emergency Management Agency
Listen to the full show:
Copyright
© 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.