Despite digital transformation efforts, federal agencies yet to fully embrace identity management

Enterprises in the private sector have undergone tremendous change in recent years — end user mobility, cloud, shadow IT, and substantial digital transformation — and federal departments and agencies have been no different.

In the past few years e-government efforts have digitized and automated many ways citizens interact with local, state, and federal government.  Of course, digitizing processes means introducing new security risks and the applications, network communications, data, and users need to be protected. This, of course, demands organizations know who is accessing, using, and managing these systems.

In fact, identity management is one of those rare security efforts that not only helps organizations to be more secure but to also innovate and more readily embrace digital transformation. Effective identity management is especially essential to digital transformation because digital transformation has further blurred the lines of the enterprise perimeter (well, what was and is left of it at various organizations) — and this leaves many of the traditional ways to secure the enterprise inadequate. This leaves identity management as one of the most viable strategies to gain an adequate level of control over data, apps, and users. It turns out a lot of organizations agree with me, but haven’t yet taken all the steps they could to leverage a good identity management program.

A recent survey by identity management vendor One Identity showed that 58 percent of survey respondents see identity management as an enabler for digital transformation. However, 85 percent admit that their agency lacks the IAM capabilities that they need. And since 2015, 94 percent of agencies reported that their identity efforts improved, but two-thirds said there is room for progress.

Another interesting finding in the survey is how federal organizations view their Continuous Diagnostics and Mitigation Efforts. CDM is the name of the program federal organizations take part in that builds continuous capabilities to identify and respond to threats and vulnerabilities on a persistent basis.  Nearly all respondents, a whopping 97 percent, said CDM has improved cybersecurity, but 94 percent said that they face challenges that stand in the way of realizing the full benefit from CDM. Those challenges include budget issues (52 percent), lack of expertise on staff (45 percent), lack of tool alignment (37 percent).

And roughly 70 percent, or more, respondents say that identity-driven capabilities such as user behavioral analytics, privileged account activity auditing, identity analytics, password vaults, automated enterprise provisioning, and automated enterprise governance are tools and capabilities that enable digital transformation.

Interestingly, only 40 percent of respondents consider themselves “very confident” in their identity efforts, while 25 percent said they are less than confident in those efforts.

Paradoxically, with so many identity management benefits, many of those surveyed still cited many areas where they lack the very capabilities they see as beneficial. That boiled down to many respondents not having identity analytics (31 percent), reporting capabilities (32 percent), unified provisioning and governance (36 percent), or multifactor authentication at 45 percent.

That’s a considerable gap for an area of technology that the vast majority said was crucial to success. My bet is that it’s a gap we see quickly closed.

RELATED LINKS

5 things businesses should know about Identity Access Management

Confronting the cybersecurity challenge in the public sector

Negative consequences of IoT could extend beyond cybersecurity

*** This is a Security Bloggers Network syndicated blog from Cybersecurity Matters – DXC Blogs authored by Cybersecurity Matters. Read the original post at: https://blogs.dxc.technology/2017/11/16/despite-digital-transformation-efforts-federal-agencies-yet-to-fully-embrace-identity-management/