COVID-19 Prompts Agencies to Accelerate Identity Management
Army, GSA and VA leaders are improving identity management to secure critical employee and customer information.
With the rapid evolution of technology and hybrid work environments, organizations are accelerating identity management solutions to protect critical infrastructure and data.
The COVID-19 pandemic has raised the stakes, increasing cyber risks following the widespread transition to remote work environments. Kenneth Myers, chief federal ICAM Architect at the General Services Administration (GSA) explained during ATARC’s Identity Management virtual summit Tuesday that the pandemic prompted a massive shift in network traffic.
Previously, all the traffic and assets were either in an office or through a virtual private network (VPN) because that’s where security staff and data were located, and individuals had to be on an agency network to access that information.
“What the pandemic showed was that we could no longer be in the office, or maybe agencies hadn’t even planned for remote use cases,” Myers said. “Agencies had to immediately make changes to ensure they could continue their mission, even in the remote environment. That’s really the direction of the Federal Zero Trust Strategy. It will help agencies move their technology along and get out of the moat approach to defense.”
James Medlock, CDM program support manager with the Department of Veterans Affairs, explained that his agency was well positioned to combat emerging cyber threats following the pandemic.
“We’d already implemented personal identity verification (PIV) cards and multifactor authentication (MFA),” Medlock said. “We were far along with that for all our employees and contractors. I think the statistic was around 94% fully compliant with PIV at that point in time, and that differential was approved exceptions or exemptions for like sterile environments, things like that.”
The larger challenge at VA was growing its capacity to support a fully telework environment. VA focused its efforts around expanding its infrastructure to support the new surge and volume. The agency was also responsible for providing remote care services to veterans through tools like telehealth.
“We did have a period where facilities were closed, and we had to really begin to loosen some of those processes and some of those securities to allow for operations and continue customer support for our veterans,” Medlock said. “That’s our primary mission goal.”
The Army is focusing on identity governance, improving provisioning processes and ensuring applications have a single master user record to centralize all identities into one directory.
John Pretz, U.S. Army’s technical director and project officer for Identity Access Management, noted that data is one challenge many organizations don’t take into consideration. When implementing zero trust and identity, credential and access management (ICAM) solutions, data must be organized to effectively secure assets and information.
“We’re doing several efforts, but the main portion is zero trust,” Pretz said. “I think we’re on a good path on zero trust when it comes to MFA.”
Myers noted that his team is currently working on more than 117 use cases for identity access management. Looking ahead, these agencies will continue to collaborate with vendor partners to better define requirements and advance identity management solutions.
“It’s taken us time to define all our requirements, put use cases and build stories around them, so that we really understand what our requirements are,” Meyers said. “Then we start working with the vendors to address those requirements and capability gaps and then rationalize the ones we don’t need that have just built up over legacy.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Facing Evolving Cybersecurity Challenges
New cyber threats to agency operations are constantly emerging. While some are predictable, others can be chaotic and can disrupt mission deliver for extended periods of time. Hear from agency cyber leaders about how they are keeping up-to-date on cybersecurity practices, tools and policy.
30m watch -
DHS Tabs Cyber and AI as Innovation R&D Priorities
The agency’s plan utilizes AI to better address future threats, secure critical infrastructure and improve workforce efficiency.
5m read -
The Opportunities and Challenges of Securing the 2024 Election
The 2024 presidential election is just under 50 days away, and federal agencies are reassuring voters’ concerns about election security.
4m read -
Advanced Computing Holds Promise for Health Care, Ethical Hurdles Remain
Researchers and government officials are creating policies to improve customer experience nearly a year after President Biden’s executive order on digital experience.
3m read