Current Identity Management Best Practices
You need to start with secure single sign-on with multi factor authentication as the core tenant of the identity stack.
Sean Frazier
Federal Chief Security Officer, Okta
Getting ID and access management right is important for several reasons. Sean Frazier, the federal chief security officer at Okta points out that the ID and acc...
Whether it’s zero trust specifically for improving cybersecurity, generally agencies need solid and up-to-date identity and access management systems. So-called IDAM systems should incorporate two-factor authentication, incorporate cloud connections for applications hosted off-premises, and allow for secure, single sign-on so as not to make life difficult for end users.
“Over the last, you know, five or ten years, we’ve really thought about identity access management as more of a security construct,” said Sean Frazier, the federal chief security officer at Okta. “But it’s also a usability construct. We have to provide good user experiences so that users, when they log into something, it’s pretty seamless.”
Getting ID and access management right is important for several reasons. Frazier pointed out that the ID and access management “plane” in systems is an attractive place for attackers to gain access to networks and data. That in turn is one reason by current federal policy requires agencies to have specific technical strategies in place for ensuring the identity of people using federal networks.
With growing numbers of applications and databases moving to commercial cloud hosting, Frazier said it’s wise for the ID and access management plane to locate there too. With large percentages of federal employees continuing to work from home because of the pandemic, cloud became an even larger factor.
What about Active Directory or similar services that exist on premise?
“A lot of organizations who have deployed on-prem identity solutions and legacy solutions, like Active Directory, can extend that to the cloud,” Frasier said. “Okta does a really good job of extending that and ‘cloudifying’ the identity and access management, leveraging that repository.”
Cloud ID and access management platforms, he added, can also leverage other databases, such as human resources, as a “source of truth.” A second benefit after enabling secure access, Frazier said, is how cloud solutions can reduce the friction of onboarding new employees and ensuring secure remove of people who leave the agency.
Frazier said a key benefit of cloud computing extends to ID and access management implementations. Namely, the cloud takes care of patching and otherwise updating applications hosted there. Okta partners with Amazon Web Service to host its platform. With respect to server capacity expansions or updates and patches that can tax an IT organization, “they’ve already built and automated all of this capability, including the patching and security infrastructure for what they deliver. So it allows organizations and agencies to focus on what they do for a living, which is their users and their data.”
You need to start with secure single sign-on with multi factor authentication as the core tenant of the identity stack.
Federal Chief Security Officer, Okta
It really doesn't make any sense to run your identity platform not in the cloud, because everything's in the cloud. If you do have some on-resources, a cloud identity solution can protect that securely as well.
Federal Chief Security Officer, Okta
Listen to the full show:
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Federal Chief Security Officer, Okta
Host, The Federal Drive, Federal News Network
Federal Chief Security Officer, Okta
Sean Frazier is Federal CSO at Okta. In his role, Sean acts as the voice of the CSO for Okta's federal business. Prior to joining Okta, Sean spent more than 25 years working in technology and public sector security for companies such as Duo Security, Netscape, LoudCloud/Opsware, Proofpoint, Cisco & MobileIron.
Sean has helped lead numerous projects used by the Department of Defense and Intelligence Community, including the Fortezza Crypto Card, Defense Messaging System (DMS) and many others. He also has extensive experience in identity and public key infrastructure (PKI), network, applications, mobile and IoT. Sean has testified in front of the U.S. Senate Homeland Security and Government Affairs Committee on the importance of public/private partnership in protecting the nation’s digital infrastructure. Sean also advises public/private partnership working groups including ACT-IAC, ATARC and many others.
Host, The Federal Drive, Federal News Network
Tom Temin has been the host of the Federal Drive since 2006 and has been reporting on technology markets for more than 30 years. Prior to joining Federal News Network, Tom was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines. Tom also contributes a regular column on government information technology.