Identity is key to a modernized government experience. As a means of protecting IT systems, identity security also supports a smooth, simplified and secure employee experience. Externally, a coherent and deliberate approach to identity can help drive improved constituent engagements, meeting rising citizen expectations around their government encounters.
“Identity’s not just the credential we use to represent ourselves. It’s the metadata that makes up the identity. That’s what makes it so important as the foundation of zero trust,” said Frank Briguglio, Public Sector CTO of SailPoint. He spoke during a recent GovLoop panel discussion with government and industry executives.
A Complex Security Landscape
Many federal agencies still struggle to implement effective identity management as they seek to secure systems while supporting a seamless user experience.
Data accuracy: Data drives security; information about devices and end users can be used to design and implement identity-based safeguards. Yet accurate data is not always available, “and without data accuracy, zero trust doesn’t work,” Briguglio said.
Hybrid work: With the rise of remote and hybrid work, traditional identities aren’t enough. “I have to better secure my infrastructure and my resources, so that I’m not dependent on a physical location,” said Rebecca Nielsen, Specialist Leader or Risk & Financial Advisory at Deloitte.
Lack of coordination: In an increasingly interconnected IT environment, it’s no longer practical to take a siloed approach to security. “Cyber is now a team sport,” Briguglio said. The engineering team, the application owner, the compliance officer, the data officer – “all these people have to be in unison.
Key Elements of an Identity Security Solution
What are some of the key characteristics of an effective approach to identity security?
Centralized identity management: Agencies need a strong understanding of users’ responsibilities and authorities. “Centralized identity management is an ability to verify those users’ identities when they attempt to access the system,” said Kenneth Myers, Director of Identity Assurance and Trusted Access Division for the General Services Administration Office of Government-wide Policy.
A user-centric model supporting zero trust: In zero trust, the focus shifts from the physical perimeter to data, devices and users themselves. “Is Frank suitable for the access that he’s trying to use? Is he really a privileged user?” Briguglio said. “All of this comes from a very mature identity ecosystem.”
A risk management approach: IT leaders need to know what the threats are and where they come from. This applies to identity management, too: understanding how personal attributes are assigned and validated. “It all comes down to risk management,” Nielsen said.
Unmatched intelligence: Leverage artificial intelligence and machine learning to provide 360-degree visibility, insight and remediation so you can adapt and ensure the security of every identity.
Comprehensive integration: Extend your ability to embed identity context across your hybrid environment and centrally manage and control access to all data, applications, systems and cloud infrastructure — for all identity types.
To learn more about identity-based security, download our ebook, “How an Identity-Centric Strategy Can Drive Government Security.”
Leave a Reply
You must be logged in to post a comment.