Whether it’s zero trust specifically for improving cybersecurity, generally agencies need solid and up-to-date identity and access management systems. So-called IDAM systems should incorporate two-factor authentication, incorporate cloud connections for applications hosted off-premises, and allow for secure, single sign-on so as not to make life difficult for end users.
“Over the last, you know, five or ten years, we’ve really thought about identity access management as more of a security construct,” said Sean Frazier, the...
Whether it’s zero trust specifically for improving cybersecurity, generally agencies need solid and up-to-date identity and access management systems. So-called IDAM systems should incorporate two-factor authentication, incorporate cloud connections for applications hosted off-premises, and allow for secure, single sign-on so as not to make life difficult for end users.
“Over the last, you know, five or ten years, we’ve really thought about identity access management as more of a security construct,” said Sean Frazier, the federal chief security officer at Okta. “But it’s also a usability construct. We have to provide good user experiences so that users, when they log into something, it’s pretty seamless.”
Getting ID and access management right is important for several reasons. Frazier pointed out that the ID and access management “plane” in systems is an attractive place for attackers to gain access to networks and data. That in turn is one reason by current federal policy requires agencies to have specific technical strategies in place for ensuring the identity of people using federal networks.
With growing numbers of applications and databases moving to commercial cloud hosting, Frazier said it’s wise for the ID and access management plane to locate there too. With large percentages of federal employees continuing to work from home because of the pandemic, cloud became an even larger factor.
What about Active Directory or similar services that exist on premise?
“A lot of organizations who have deployed on-prem identity solutions and legacy solutions, like Active Directory, can extend that to the cloud,” Frasier said. “Okta does a really good job of extending that and ‘cloudifying’ the identity and access management, leveraging that repository.”
Cloud ID and access management platforms, he added, can also leverage other databases, such as human resources, as a “source of truth.” A second benefit after enabling secure access, Frazier said, is how cloud solutions can reduce the friction of onboarding new employees and ensuring secure remove of people who leave the agency.
Frazier said a key benefit of cloud computing extends to ID and access management implementations. Namely, the cloud takes care of patching and otherwise updating applications hosted there. Okta partners with Amazon Web Service to host its platform. With respect to server capacity expansions or updates and patches that can tax an IT organization, “they’ve already built and automated all of this capability, including the patching and security infrastructure for what they deliver. So it allows organizations and agencies to focus on what they do for a living, which is their users and their data.”
You need to start with secure single sign-on with multi factor authentication as the core tenant of the identity stack.
Federal Chief Security Officer, Okta
It really doesn't make any sense to run your identity platform not in the cloud, because everything's in the cloud. If you do have some on-resources, a cloud identity solution can protect that securely as well.
Federal Chief Security Officer, Okta
Listen to the full show:
Federal Chief Security Officer, Okta
Host, The Federal Drive, Federal News Network
