As reports of cyberattacks become more common—with the estimated cost of a single data breach approaching $4 million—there’s no debate that legacy enterprise IT systems are not built for today’s threats. Everyone needs protection.
Many cyber incidents involve vectors of compromise that could have easily been thwarted through stronger identity mechanisms and better access management solutions. That’s why multi-factor authentication (MFA), for example, is a key component to any modern authentication approach.
“People are reading about expensive data breaches and disruptive ransomware attacks and coming to appreciate the magnitude of cyber risk,” said Lonnie Price, vice president, Cyber and Information Warfare. “There’s an increased awareness about the dangers of weak systems and a reliance on outdated methods, such as passwords. But many cyber breaches and attacks are being handled behind the scenes—what the public knows about is just the tip of the iceberg.”
Identity, credential, and access management (ICAM) is the foundation of zero trust (ZT). ZT relies on an enterprise’s ability to track user identities across a network and ensure data access is limited only to those who can verify their need for it. A successful approach requires agencies to understand their data, the different personas that require access to that data, and deploy proven solutions that can validate those personas and grant appropriate levels of access.
“The benefits of an updated ICAM strategy has been on the radar of government and industry partners for years, but the simplicity of zero trust has really helped more people to understand it,” said Price. “Fewer people these days are kicking and screaming.”
Identity as the new perimeter
Government agencies today need secure, easy-to-use, and interoperable identity solutions that enable access to online services in a manner that promotes confidence, privacy, and choice—while adhering to the rapidly evolving ICAM guidance from CISA and requirements listed in NIST SP 800-63 and OMB M 19-17.
Issues to consider when selecting ICAM solutions as part of a Zero Trust strategy include:
Cloud-smart environments require ICAM.
Moving into the cloud requires a paradigm shift; it can also be an opportunity to adopt a smarter, policy-based approach to data access. Constant vigilance and monitoring can eliminate insider risk and prevent bad actors from infiltrating resources that are outside their purview or permission set.
ICAM extends beyond people.
Anything that can be assigned a digital identity or IP address needs to be accounted for with ICAM, including automated technologies, sensor networks, self-driven cars, software bots, drone delivery services, and Internet of Things (IoT) devices.
Assessment is key.
ICAM assessments can be used on-demand to meet a specific need and are considered as part of an enterprise’s overall digital transformation effort.
By leveraging ICAM solutions, an organization can shift its operating model beyond simply managing access inside or outside of the organization’s perimeter to using identity as the foundation for managing risk.
Proven results with identity protection
Peraton is an end-to-end identity services provider, delivering enterprise-level services to mitigate digital identity risk while achieving federal compliance.
Restricting access to federal facilities and databases remains one of the most important initiatives the government can pursue to prevent cyberattacks or minimize other threats. Peraton currently manages over 85% of the U.S. government’s digital credentials through the Real-Time Automated Personnel Identification System (RAPIDS)—which issues Common Access Cards (CAC)—and the USAccess program that provides Personal Identity Verification (PIV) credentials.
During the COVID-19 pandemic, Peraton developed effective solutions for those programs that kept federal employees safe and data secure—and its field-tested ICAM solutions are proven to support the new reality of cloud-based remote and hybrid work environments. Those ICAM solutions have helped solve problems with:
- User password fatigue
- Slow administrative access application management
- Lack of user compliance visibility
- Inability to manage access across devices
- Tedious application integration maintenance.
Unlike proprietary identity products and solutions, Peraton solutions are vendor and product agnostic—an approach that empowers its teams to develop complete identity frameworks based on Trustmark standards while leveraging best-of-breed components tailored to customer requirements.
“This is an area where the technology and government mandated requirements are rapidly changing,” said Price. “Our customers may need assistance in understanding and adapting to those requirements. It’s not just one solution.”
That’s why it’s crucial to begin thinking smarter—categorizing data, standardizing user credentials, roles, and privileges, managed by ICAM—and building a policy-driven engine in the middle.
The successful journey to ZT could prove the difference between two digital futures: one where Americans adapt to a paranoid reality, constantly second-guessing the safety of their personal identifiable information (PII), or another brighter future where they conduct their digital lives on their own devices confidently, safely, and securely whether at work, making a purchase, or accessing government benefits and services.
Learn more about ICAM and Enterprise-level Services for Mitigating Digital Identity Risk and Demonstrating Federal Compliance.