IT modernization is a major focus for government leaders today. That’s unsurprising given the rising costs associated with maintaining legacy systems, as well as increased expectations from citizens and internal users regarding digital service capabilities. At the same time, emerging technologies (particularly cloud computing) are challenging agencies’ ability to keep pace with current security and mobility standards.
It’s not a question of if modernization will happen, but how agencies will achieve that objective quickly and effectively.
At GovLoop’s Gov Trends Virtual Summit, we heard from Nadav Benbarak, Director of Industry Solutions at Okta, and John Harrington, CSRA’s Chief Architect supporting the Office of the CIO. They explained how identity and access management (IAM) can play a central role in every technology strategy agencies must embrace to modernize.
IAM is “the security discipline and resources that enable the right individuals to access the right resources at the right times for the right reasons.” It comprises two components: access management and identity governance and administration.
Identity governance and administration is all about managing user accounts. It’s thinking about the processes that bring a new person into the organization, what privileges they receive, and how those permissions evolve over time. End users are more likely familiar with access management, which considers the user experience in things like authentication, single sign-on, and the policies that manage how and when a person can access resources.
“These topics are merging over time and it’s hard to distinguish between them as mobile devices become more common, the use of cloud grows and the threat landscape changes,” Benbarak explained.
Specifically, identities are becoming the lynchpin for access to government resources. That means they must be maintained, even as agencies embrace new technologies. “Identity s the thing that connects people – whether they are citizens or employees – to the tools they need to do their work,” Benbarak said. “You have to have an identity layer is critical to keeping pace with changes in technology.”
When these identities aren’t managed appropriately, they can cause serious risks for agencies. Consider that of the nearly 1800 total breaches that occurred in 2016 alone, 88 percent were executed by using stolen or weak credentials. However, when identities are appropriately created and monitored, security be increased even as agencies migrate to new technologies.
Of course, IAMs are nothing new. However, legacy IAM systems rarely met the needs of internal or external users. In a recent survey, Okta found that top issues with legacy IAM included:
- No unified view of customers
- Users dissatisfied with the sign-on process
- Vulnerability of passwords
- Infrastructure and code vulnerabilities
- Reliability concerns
Clearly, a better system is needed to engrain effective identity management into agencies as they modernize. That’s where cloud computing comes in.
“Cloud changes everything,” Benbarak said. Cloud-based IAM systems offered as-a-service, like Okta Identity Cloud, provide a 360-degree view of the user. It offers a single-sign on, self-service experience for users. For instance, the Federal Communications Commission uses Okta Identity Cloud to handle both citizen sign-ons to public-facing portals, as well as employee sign-in to critical internal applications both on-premise and in the cloud
Plus, cloud-based IAM is easy and quick to deploy across applications. Once deployed, it’s secure and monitored as a service, offering both high availability and disaster resilience. Harrington from CSRA explained what that looks like in action.
CSRA was created from a merger of two companies, CSGov and SRA International. Both companies came into the new organization with significant technical debt and legacy infrastructures. “We have spent the last two years integrating our systems, including on-premise technologies and a growing cloud footprint,” Harrington said.
After being created, CSRA decided to “ditch the legacy corporate solutions” to instead embrace more effective tools and systems. To achieve that transition, they used Microsoft Active Directory Domains and a single sign-one solution from Okta.
Within 6 months, CSRA had migrated to Microsoft Exchange and Skype for Business, leveraging their new IAM system to migrate and deploy single identities across both systems. Administrators created directory attribute mappings from Active Director to Okta profiles to ensure that characteristics, privileges and tags were consistently used across multiple profiles
Since that initial success, CRSA has integrated 73 applications into the single sign-on solution, including SharePoint, Salesforce, Microsoft OneDrive, Outlook and JIRA systems. That’s largely due to the automation capabilities of Okta, as well as its ability to easily integrate with third-party systems.
Modernization is a must for government organizations today, but they can’t migrate to new systems without considering the impact it will have on user experiences and security. That requires a focus on identity and access management to ensure new applications maintain the privileges and governance processes agencies rely on. A cloud-based IAM can do just that – facilitating the efficient migration of technologies to new platforms and applications without compromising security.