While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
For both the private sector and federal agencies, requiring employees to keep track of multiple passwords to access mission-critical applications is both a hassle and a security risk (lots of passwords means lots of potential stolen credentials).
The Justice Department wants to embrace both simplicity and security by moving its identity management service to the cloud, and it’s doing so, in part, via a partnership with single sign-on vendor Okta.
Identity management is an issue that has long bedeviled the government. As Federal News Radio reports:
The government has struggled to move to a federated identity management system. The General Services Administration’s 18F organization is leading a fourth effort over the last 20 years to create a centralized identity management service. The initiative, called Login.gov, remains under development and it’s unclear how agencies are responding to its availability.
In the meantime, DOJ is moving ahead with plans to streamline its identity management system. Greg Hall, the assistant director and CISO in the Executive Office for U.S. Attorneys at the department, told Federal News Radio that the DOJ wants to create a single sign-on system for as much of the litigation process as possible.
Hall says that the shift is part of a broader identity and access management strategic initiative the department began about two years ago.
DOJ worked with internal staff members to develop a three-year strategy, he says, which involved acquiring technology, putting together a strategic roadmap and “also trying to understand how we can align with the broader federal government identity and access management direction as well as some of the DOJ-specific identity credential and access management initiatives.”
The Justice Department is using Okta’s cloud-based identity management service to integrate internal and external users. The system allows the agency to “accept information from them and to provision them for access into our enterprise framework to access data sets we have in the cloud as part of our U.S. Attorneys file exchange environment, as well as systems on premise where we have litigation information that is specific to individual cases.”
The DOJ is also using Okta’s technology for aspects of identity management like derived credentials and other capabilities the agency thinks it needs for its broader identity and access management program.
In May, Okta received approval to operate its cloud identity service inside the government under the GSA’s Federal Risk and Authorization Management Program (FedRAMP).
DOJ sponsored Okta’s official FedRAMP certification effort. To support that, Okta says it demonstrated compliance with 300 controls, including vulnerability management, incident response capability and business continuity.
“With integrations to over 5,000 applications, the Okta Identity Cloud delivers an agile architecture and secure solution for many of the world’s largest enterprises,” the company says. “For government agencies, in addition to enhancing security, Okta’s modern identity and access management solutions enable digital transformation by providing a simplified user experience and enabling better performance across employees, partners, suppliers and customers.”
Okta CIO Mark Settle told Federal News Radio that Executive Office for U.S. Attorneys employees “will authenticate to the cloud through their smart identity card or other authentication data,” and that the service can be accessed on smartphones, tablets, laptops or desktop PCs.
“It’s a very scalable service, which has been another appeal to some of our other government customers that we’ve been talking to simply because they deal with very large populations of individuals,” Settle says.
Hall says that Okta’s technology eases the burden on his office’s attorneys and other employees and allows them to focus on fulfilling the agency’s mission.
“That means accessing the data that is scalable, that’s trusted, that’s efficient and gives them access to what they need while at the same time lets us employ the least privileged principle,” Hall told Federal News Radio.