SlideShare ist ein Scribd-Unternehmen logo
1 von 34
Downloaden Sie, um offline zu lesen
Improving
Collaboration through
Identity Management
A Candid Survey of Federal
Managers
February 2014
Purpose
Driven by White House and Congressional directives such as HSPD-12, the National Strategy
for Trusted Identities in Cyberspace (NSTIC), Insider Threat Task Force, and FICAM, federal
agencies are focused on identity management like never before. Agency leaders face a difficult
task in ensuring secure access to agency resources by the right people, at the right time, and for
the right reasons, without restricting the organization’s operational effectiveness.
Understanding the difficult task of balancing these two priorities, Government Business Council
(GBC), Symantec, and HP undertook a study to explore the current state of identity and access
management (IAM) in the federal government.

Methodology
To assess the perceptions, attitudes, and experiences of federal executives regarding IAM, GBC
deployed a survey to a sample of Government Executive’s online and print subscribers in
December 2013. The pool of 975 respondents includes those of GS-11 through 15 grade
levels and members of the Senior Executive Service in defense and civilian agencies.

2
Table of Contents
1 Executive Summary

4

2 Respondent Profile

6

3  Research Findings

10

i.
ii.
iii.
iv.

Current State of Federal IAM
Security Concerns Can Limit Mission
The Need for an Identity Ecosystem
Public-Private Partnerships in IAM

4 Final Considerations

3

11
15
21
26
30
1
Executive
Summary

4
Executive Summary
Federal leaders are confident in identity management within their own agencies
A majority of respondents (72 percent) are confident or very confident in their agency’s ability to
ensure appropriate physical access to resources. Slightly fewer (63 percent) are equally confident in
their agency’s ability to ensure appropriate logical access. For many, the two are linked: 71 percent of
respondents indicate that their agencies have integrated physical and logical IAM.
Outside of one’s own agency, security concerns limit collaboration
Nearly all respondents interact with groups outside of their agency, but security concerns limit their
ability to provide services to these groups over the Internet. While respondents view the growth of
mobile devices as an opportunity to improve collaboration, security concerns have limited their
uptake in federal agencies.
An “Identity Ecosystem” that links an electronic identity across multiple platforms could improve
collaboration and efficiency while lowering costs
The idea of a common framework for establishing trusted identities is a new concept for some federal
leaders, but anticipated effects are largely positive. A majority of respondents expect an “Identity
Ecosystem” to increase efficiency and confidence in using online services, among other benefits. To
create an “Identity Ecosystem,” respondents are open to public-private partnerships, but security,
privacy, and liability concerns will need to be addressed.

5
2
Respondent
Profile

6
Survey respondents are senior federal executives
Job Grade
SES

Reports/Oversees

5%

Over 200
22%

GS/GM-15

GS/GM-14

78%
of respondents
are GS/GM-13
or above

23%

GS/GM-13

3%

51-200

59%

7%

21-50

of respondents
oversee at least
one report

7%

28%
6-20

1-5

21%

16%

GS/GM-12

4%

GS/GM-11

None

2%

Other
0%

10%

Percentage of respondents, n=975

7

21%

20%

30%

41%
0%

20%

40%

60%
Most respondents work in operations
Job Function

▶ 

▶ 

Most respondents work
in operations, a category
that includes program/
project managers and
logistics specialists.
“Other” includes
categories such as legal,
research, management,
technical professionals,
and auditors.

32%

Operations
Human capital

12%

Engineering

11%

Finance

8%

Acquisition and procurement

6%

Legislative

5%

Information technology

5%

Facilities, fleet and real estate
management

3%

Communications and
telecommunications

3%

Other
Percentage of respondents, n=975

8

16%
0%

10%

20%

30%

40%

50%
Most Represented Agencies
Department of Treasury

Office of Personnel Management

Department of Agriculture

Small Business Administration

Department of the Interior

United States Postal Service

Department of Transportation

Department of Homeland Security

Department of Commerce

United States Agency for International Development

General Services Administration

Nuclear Regulatory Commission

Environmental Protection Agency

Department of Health and Human Services

National Aeronautics and Space Administration

Department of Veterans Affairs

Social Security Administration

National Science Foundation

Department of Housing and Urban Development

Executive Office of the President (including OMB)

Department of Energy

Department of Defense (OSD, DISA, DIA, DLA, etc.)

Department of Labor

Department of Justice

United States Government Accountability Office

Department of the Army

Department of State

Other independent agency

Department of Education

Agencies listed in order of frequency

9
3
Research
Findings

10
i.
Current
State of
Federal IAM

11
What is Identity and Access Management?
▶  As

used in this report, identity and access management
(IAM) refers to a security practice that ensures access by
the right people, at the right time, and for the right reasons.

▶  IAM

can be used in reference to both physical access (e.g.,
to facilities, areas, or rooms) and logical access (e.g., to
networks or files).

12
Federal leaders are confident in IAM within
their own agencies
Physical access
(e.g., to facilities, areas, rooms)

29%

Logical access
(e.g., to networks, files)

Very confident

19%

63%

72%
of respondents are
very confident or
confident

44%
43%

Somewhat confident

Not confident
21%
7%
1%

DK

Percentage of respondents, n=975 and n=974, respectively

13

of respondents are
very confident or
confident

Confident

26%
8%
2%
For many, physical and logical access are
interconnected
Has your department/agency integrated physical and
logical IAM?
▶ 

▶ 

A majority of
respondents indicate
that their agencies have
integrated physical and
logical IAM.
Typically, integration
involves using a common
card or device to access
the agency’s building and
computer networks.

Percentage of respondents, n=974

14

No, not
considering
5%

No, but
considering
15%

Don’t
know
9%

Yes
71%
ii.
Security
Concerns Can
Limit Mission

15
94% of federal leaders interact with external
groups, especially other agencies
Groups interacted with through the course of work
85%

27%
56%

56%
49%

of respondents interact with
other federal agencies, citizens,
state/local/regional government
agencies, and industry partners

8%

Other federal
departments/
agencies

Citizens

Percentage of respondents, n=972

16

State, local, Industry partners
regional
government
departments/
agencies

6%

Other

None of the
above
Security concerns limit service provision
A majority of respondents (68 percent) indicate that security concerns limit online service
provision. Even those who are currently providing services to citizens believe they are limited:
72 percent identify limits to online service provision.
Security concerns prevent my department/
agency from offering certain services online.

68%
of respondents agree
or strongly agree

9%

22%

Strongly disagree
Percentage of respondents, n=825
“Don’t know” not included

17

44%

Disagree

Agree

24%

Strongly agree
Mobile devices offer an opportunity to
enhance interaction with external groups
Mobile device usage presents an
opportunity for my department/agency
to enhance interaction with other groups.

81%
of respondents agree
or strongly agree

9%

10%

57%

Strongly disagree
Percentage of respondents, n=863
“Don’t know” not included

18

Disagree

24%

Agree

Strongly agree
…but security concerns limit mobile expansion
Security concerns present an obstacle to
my department/agency using mobile
devices to interact with other groups.

65%
of respondents agree
or strongly agree

5%

30%

Strongly disagree
Percentage of respondents, n=809
“Don’t know” not included

19

46%

Disagree

Agree

19%

Strongly agree
The lack of a common framework for
establishing trusted identities limits interaction
with external groups
The lack of a common framework for establishing
trusted identities limits my department/agency’s
interaction with other groups. 

7%

57%
of respondents agree
or strongly agree

36%

Strongly disagree
Percentage of respondents, n=645
“Don’t know” not included

20

41%

Disagree

Agree

Strongly agree

16%
iii.
The Need for
an “Identity
Ecosystem”

21
The White House has called for the creation of
an “Identity Ecosystem”
▶ 

▶ 

April 2011’s National Strategy for Trusted
Identities in Cyberspace (NSTIC) highlights the
need for an “Identity Ecosystem” where
individuals and organizations leverage
universally-recognized digital identities to
securely interact with one another.
By linking an individual’s electronic identities
across multiple websites, NSTIC envisions that
the “Identity Ecosystem” will provide online
services in a manner that promotes confidence,
privacy, choice, and innovation.

National Strategy for Trusted Identities in Cyberspace, April 2011.

22
Federal leaders expect largely positive effects
from the creation of an “Identity Ecosystem”
Sizable amounts of respondents are unsure of the effect that an “Identity Ecosystem” will
have on efficiency, confidence, cost-effectiveness, citizen service quality, privacy, help desk
calls, and security (23-34 percent select “don’t know”). Of those respondents who have an
opinion, most anticipate positive effects:
Expected effects of an Identity Ecosystem
Efficiency
Confidence in using online services

11%
7%
15%

Security risks
Percentage of respondents, n varies
“Don’t know” not included

23

60%

26%

58%

34%

9%

Privacy protections
Help desk calls

64%

29%

Cost-effectiveness
Quality of citizen services

66%

23%

15%

57%

28%
38%

10%
28%
30%

42%

52%

Increase
No change
Decrease
Respondents identify additional benefits of an
“Identity Ecosystem,” including…

“ Better data quality. ”
security clearance
“ Streamlinedindividuals. processes and better
tracking of

”

effectively outside the office
“ The ability to work moregive me access to sites that I need
environment. It would
to use but are restricted if not on a government system.

“ Improved intergovernmental activities. ”
Sampling of open-ended responses

24

”
“Identity Ecosystem” may be far off
How soon do you think government could achieve an “Identity Ecosystem”?

0-1 years

2%

56%
2-5 years

30%

6-10 years

24%

More than 10 years

Never

Don't know

Percentage of respondents, n=971

25

11%

3%

30%

of respondents
think government
can achieve
Identity Ecosystem
in the next 10 years
iv.
Public-private
Partnerships in
IAM

26
To reach “Identity Ecosystem,” the federal
government supports public-private
partnerships in IAM
“The private sector will lead the
development and implementation of this
Identity Ecosystem, and it will own and
operate the vast majority of the services
within it.”
-National Strategy for Trusted Identities in
Cyberspace, April 2011

"The Obama administration is
committed to supporting publicprivate partnerships that both enhance
consumer privacy and ensure the
Internet remains a driver of innovation
and economic growth."
-Secretary of Commerce Penny Pritzker,
September 2013

National Strategy for Trusted Identities in Cyberspace, April 2011.
NIST.gov, “NIST Awards Grants to Improve Online Security and Privacy,” September 2013.

27
Though few respondents are opposed to publicprivate partnerships in IAM, many are unsure
Opinion of public-private partnerships in IAM
50%
40%

31%

31%

30%

18%

20%

20%

10%
0%

Support
Percentage of respondents, n=970

28

Neither support
nor oppose

Oppose

Don't know
Security, privacy, and liability top the list of
concerns about public-private partnerships in
IAM
Concerns about public-private partnerships in IAM

Security

55%
51%

Privacy
Liability

50%

Changes in work/operational flows

40%

Vendor lock-in

30%

Loss of IT jobs
Other

14%
7%

Don't know
None of the above
Percentage of respondents, n=965

29

15%
5%
4
Final
Considerations

30
When considering an IAM strategy in your
agency…
Make room for mobile.
Though federal agencies may be late mobile adopters, citizens using government services are
more and more likely to be doing so from a mobile device. As this trend continues, providing a
secure, usable mobile interface for citizen services will be essential to mission effectiveness.
Look to agencies already experiencing IAM success.
The Federal Cloud Credential Exchange (FCCX), run by GSA and USPS is a good look into the
future of identity management. FCCX will unify six different civilian agencies using FICAM
authentication standards to allow the public to securely access online services through a single
sign-on. This streamlined authentication will reduce costs for participating agencies, while
providing a “secure, privacy-enhancing, easy-to-use-solution.”
Count all costs, including the hidden expense of forgotten passwords.
Forgotten passwords are expensive. Agencies should look at how they can reduce operational
costs by passing those expenses on to credential service providers—federal or commercial—
who can unify services around a single sign on.
USPS participating in creation of digital Federal Cloud Credential Exchange program

31
Underwritten by
About HP and Symantec
For over 20 years, HP and Symantec have
delivered joint technology solutions and services
that enable organizations worldwide to secure
and manage their most critical information. HP
integrates Symantec into security, storage,
server, and client solutions, and delivers
enterprise services based on market-leading
Symantec solutions.
About GBC
Contact

Our Mission

Zoe Grotophorst
Manager, Research &
Strategic Insights

Government Business Council (GBC), the research arm of
Government Executive Media Group, is dedicated to
advancing the business of government through analysis and
insight. GBC partners with industry to share best practices
with top government decision-makers, understanding the
deep value inherent in industry’s experience engaging and
supporting federal agencies.

Tel. 202.266.7335
zgrotophorst@govexec.com
govexec.com/GBC
@GovBizCouncil

33
Improving
Collaboration through
Identity Management
A Candid Survey of Federal
Managers
February 2014

Weitere ähnliche Inhalte

Was ist angesagt?

Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggonermihinpr
 
Global Scale Identity Management
Global Scale Identity ManagementGlobal Scale Identity Management
Global Scale Identity ManagementGaurav Bhatia
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4Meg Weber
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3Lumension
 
Information+security rutgers(final)
Information+security rutgers(final)Information+security rutgers(final)
Information+security rutgers(final)Amy Stowers
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
Research Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALResearch Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALBenjamin Wyrick
 
Sharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesSharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesThe Economist Media Businesses
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security SurveyBee_Ware
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
2016-Black-Hat-Attendee-Survey
2016-Black-Hat-Attendee-Survey2016-Black-Hat-Attendee-Survey
2016-Black-Hat-Attendee-SurveyRob Raleigh
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 

Was ist angesagt? (17)

Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
Global Scale Identity Management
Global Scale Identity ManagementGlobal Scale Identity Management
Global Scale Identity Management
 
2014 ota databreachguide4
2014 ota databreachguide42014 ota databreachguide4
2014 ota databreachguide4
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
CAPP Conference Survey
CAPP Conference SurveyCAPP Conference Survey
CAPP Conference Survey
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 
Information+security rutgers(final)
Information+security rutgers(final)Information+security rutgers(final)
Information+security rutgers(final)
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van Symons
 
Research Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINALResearch Report Health Informatics 05-2016_FINAL
Research Report Health Informatics 05-2016_FINAL
 
Sharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breachesSharing the blame: How companies are collaborating on data security breaches
Sharing the blame: How companies are collaborating on data security breaches
 
2013 Mobile Application Security Survey
2013 Mobile Application Security Survey2013 Mobile Application Security Survey
2013 Mobile Application Security Survey
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
2014 Executive Breach Preparedness Research Report
2014 Executive Breach Preparedness Research Report2014 Executive Breach Preparedness Research Report
2014 Executive Breach Preparedness Research Report
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
2016-Black-Hat-Attendee-Survey
2016-Black-Hat-Attendee-Survey2016-Black-Hat-Attendee-Survey
2016-Black-Hat-Attendee-Survey
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 

Andere mochten auch

Infrequent Flyer Slideshow Presentation
Infrequent Flyer Slideshow PresentationInfrequent Flyer Slideshow Presentation
Infrequent Flyer Slideshow PresentationInfrequentFlyer
 
Reach the Edge of the Joint Information Environment
Reach the Edge of the Joint Information EnvironmentReach the Edge of the Joint Information Environment
Reach the Edge of the Joint Information EnvironmentGov BizCouncil
 
Three Strategies to Accelerate Your Agency's Migration to the Cloud
Three Strategies to Accelerate Your Agency's Migration to the CloudThree Strategies to Accelerate Your Agency's Migration to the Cloud
Three Strategies to Accelerate Your Agency's Migration to the CloudGov BizCouncil
 
Bringing Federal IT Up to Speed
Bringing Federal IT Up to SpeedBringing Federal IT Up to Speed
Bringing Federal IT Up to SpeedGov BizCouncil
 
Inside Services Contracting: Best Practices for Staff Augmentation and Shared...
Inside Services Contracting: Best Practices for Staff Augmentation and Shared...Inside Services Contracting: Best Practices for Staff Augmentation and Shared...
Inside Services Contracting: Best Practices for Staff Augmentation and Shared...Gov BizCouncil
 
Name That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM EST
Name That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM ESTName That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM EST
Name That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM ESTCassarah Peony
 
A New Network Acquisition Model for the Federal Government
A New Network Acquisition Model for the Federal GovernmentA New Network Acquisition Model for the Federal Government
A New Network Acquisition Model for the Federal GovernmentGov BizCouncil
 
Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2
Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2
Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2Cassarah Peony
 
Duty of Care in Federal Agencies
Duty of Care in Federal AgenciesDuty of Care in Federal Agencies
Duty of Care in Federal AgenciesGov BizCouncil
 
Three Strategies to Improve the Citizen Experience
Three Strategies to Improve the Citizen ExperienceThree Strategies to Improve the Citizen Experience
Three Strategies to Improve the Citizen ExperienceGov BizCouncil
 
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...Gov BizCouncil
 
The Path to Customer-Centric Service
The Path to Customer-Centric ServiceThe Path to Customer-Centric Service
The Path to Customer-Centric ServiceGov BizCouncil
 
Communication Challenges in Federal Telework
Communication Challenges in Federal TeleworkCommunication Challenges in Federal Telework
Communication Challenges in Federal TeleworkGov BizCouncil
 
Inside Federal Outsourcing
Inside Federal OutsourcingInside Federal Outsourcing
Inside Federal OutsourcingGov BizCouncil
 

Andere mochten auch (14)

Infrequent Flyer Slideshow Presentation
Infrequent Flyer Slideshow PresentationInfrequent Flyer Slideshow Presentation
Infrequent Flyer Slideshow Presentation
 
Reach the Edge of the Joint Information Environment
Reach the Edge of the Joint Information EnvironmentReach the Edge of the Joint Information Environment
Reach the Edge of the Joint Information Environment
 
Three Strategies to Accelerate Your Agency's Migration to the Cloud
Three Strategies to Accelerate Your Agency's Migration to the CloudThree Strategies to Accelerate Your Agency's Migration to the Cloud
Three Strategies to Accelerate Your Agency's Migration to the Cloud
 
Bringing Federal IT Up to Speed
Bringing Federal IT Up to SpeedBringing Federal IT Up to Speed
Bringing Federal IT Up to Speed
 
Inside Services Contracting: Best Practices for Staff Augmentation and Shared...
Inside Services Contracting: Best Practices for Staff Augmentation and Shared...Inside Services Contracting: Best Practices for Staff Augmentation and Shared...
Inside Services Contracting: Best Practices for Staff Augmentation and Shared...
 
Name That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM EST
Name That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM ESTName That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM EST
Name That Tune Brunch With Gail And Friends Auction 2/28/2014 1:00PM EST
 
A New Network Acquisition Model for the Federal Government
A New Network Acquisition Model for the Federal GovernmentA New Network Acquisition Model for the Federal Government
A New Network Acquisition Model for the Federal Government
 
Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2
Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2
Rainbow Girls Supply’s and Treasures + Sunday Extravaganza! 2.2
 
Duty of Care in Federal Agencies
Duty of Care in Federal AgenciesDuty of Care in Federal Agencies
Duty of Care in Federal Agencies
 
Three Strategies to Improve the Citizen Experience
Three Strategies to Improve the Citizen ExperienceThree Strategies to Improve the Citizen Experience
Three Strategies to Improve the Citizen Experience
 
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...
Route Fifty: 2016 Top Management Challenges for State & Local Government - Co...
 
The Path to Customer-Centric Service
The Path to Customer-Centric ServiceThe Path to Customer-Centric Service
The Path to Customer-Centric Service
 
Communication Challenges in Federal Telework
Communication Challenges in Federal TeleworkCommunication Challenges in Federal Telework
Communication Challenges in Federal Telework
 
Inside Federal Outsourcing
Inside Federal OutsourcingInside Federal Outsourcing
Inside Federal Outsourcing
 

Ähnlich wie Improving Collaboration Through Identity Management

Envisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingEnvisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingGov BizCouncil
 
Managing complexity in IAM
Managing complexity in IAMManaging complexity in IAM
Managing complexity in IAMBee_Ware
 
Raytheon-NCSA_Millennial_Survey_report_2014
Raytheon-NCSA_Millennial_Survey_report_2014Raytheon-NCSA_Millennial_Survey_report_2014
Raytheon-NCSA_Millennial_Survey_report_2014Blair Gately
 
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...Capgemini
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveyEdgar Alejandro Villegas
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...FireEye, Inc.
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
vision 2020 testimony
vision 2020 testimonyvision 2020 testimony
vision 2020 testimonyRob Arnold
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)PwC France
 
Making the Leap: Exploring the Push for Cloud Adoption
Making the Leap: Exploring the Push for Cloud AdoptionMaking the Leap: Exploring the Push for Cloud Adoption
Making the Leap: Exploring the Push for Cloud AdoptionGov BizCouncil
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summarypatmisasi
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyScalar Decisions
 
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...Melissa Luongo
 
Winning the Cybersecurity Battle
Winning the Cybersecurity BattleWinning the Cybersecurity Battle
Winning the Cybersecurity BattleGovLoop
 
Cybersecurity Risk -- Redefing real risk measurement for the CISO
Cybersecurity Risk  -- Redefing real risk measurement for the CISOCybersecurity Risk  -- Redefing real risk measurement for the CISO
Cybersecurity Risk -- Redefing real risk measurement for the CISODavid Sweigert
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportFERMA
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSilicon Valley Bank
 

Ähnlich wie Improving Collaboration Through Identity Management (20)

Envisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information SharingEnvisioning IC ITE: The Next Generation of Information Sharing
Envisioning IC ITE: The Next Generation of Information Sharing
 
Managing complexity in IAM
Managing complexity in IAMManaging complexity in IAM
Managing complexity in IAM
 
Raytheon-NCSA_Millennial_Survey_report_2014
Raytheon-NCSA_Millennial_Survey_report_2014Raytheon-NCSA_Millennial_Survey_report_2014
Raytheon-NCSA_Millennial_Survey_report_2014
 
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
The Currency of Trust: Why Banks and Insurers Must Make Customer Data Safer a...
 
SANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls SurveySANS 2013 Critical Security Controls Survey
SANS 2013 Critical Security Controls Survey
 
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
SANS 2013 Report on Critical Security Controls Survey: Moving From Awareness ...
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
vision 2020 testimony
vision 2020 testimonyvision 2020 testimony
vision 2020 testimony
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)
 
Making the Leap: Exploring the Push for Cloud Adoption
Making the Leap: Exploring the Push for Cloud AdoptionMaking the Leap: Exploring the Push for Cloud Adoption
Making the Leap: Exploring the Push for Cloud Adoption
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary2016 Scalar Security Study Executive Summary
2016 Scalar Security Study Executive Summary
 
Executive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security StudyExecutive Summary of the 2016 Scalar Security Study
Executive Summary of the 2016 Scalar Security Study
 
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...
Intralinks Ponemon Research Report | Breaking Bad: The Risk of Unsecure File...
 
Winning the Cybersecurity Battle
Winning the Cybersecurity BattleWinning the Cybersecurity Battle
Winning the Cybersecurity Battle
 
Cybersecurity Risk -- Redefing real risk measurement for the CISO
Cybersecurity Risk  -- Redefing real risk measurement for the CISOCybersecurity Risk  -- Redefing real risk measurement for the CISO
Cybersecurity Risk -- Redefing real risk measurement for the CISO
 
Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015Cellebrite Predictions Survey 2015
Cellebrite Predictions Survey 2015
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
 

Kürzlich hochgeladen

31032024_First India Newspaper Jaipur.pdf
31032024_First India Newspaper Jaipur.pdf31032024_First India Newspaper Jaipur.pdf
31032024_First India Newspaper Jaipur.pdfFIRST INDIA
 
The Binance Coin crypto Press Release.pdf
The Binance Coin crypto Press Release.pdfThe Binance Coin crypto Press Release.pdf
The Binance Coin crypto Press Release.pdfprnewswireagency
 
For-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdf
For-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdfFor-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdf
For-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdfbhavenpr
 
Meet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdf
Meet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdfMeet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdf
Meet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdfShashank Mehta
 
N Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari Coast
N Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari CoastN Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari Coast
N Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari Coastanjanibaddipudi1
 
Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...
Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...
Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...Shion Kib
 
Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...
Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...
Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...Marwan Asmar
 
Pesquisa: 2024 NewzooPC & Console Gaming Report
Pesquisa: 2024 NewzooPC & Console Gaming ReportPesquisa: 2024 NewzooPC & Console Gaming Report
Pesquisa: 2024 NewzooPC & Console Gaming ReportPedro Zambarda de Araújo
 
N. Chandrababu Naidu Spearheads 98% Completion of Nellore Water Scheme
N. Chandrababu Naidu Spearheads 98% Completion of Nellore Water SchemeN. Chandrababu Naidu Spearheads 98% Completion of Nellore Water Scheme
N. Chandrababu Naidu Spearheads 98% Completion of Nellore Water Schemenarsireddynannuri1
 
TDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's Vision
TDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's VisionTDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's Vision
TDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's Visionnarsireddynannuri1
 
Peter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AG
Peter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AGPeter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AG
Peter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AGShion Kib
 

Kürzlich hochgeladen (11)

31032024_First India Newspaper Jaipur.pdf
31032024_First India Newspaper Jaipur.pdf31032024_First India Newspaper Jaipur.pdf
31032024_First India Newspaper Jaipur.pdf
 
The Binance Coin crypto Press Release.pdf
The Binance Coin crypto Press Release.pdfThe Binance Coin crypto Press Release.pdf
The Binance Coin crypto Press Release.pdf
 
For-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdf
For-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdfFor-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdf
For-Website-240327-CJP-complaint-to-Zee-News-Budaun-Murder-Case.pdf
 
Meet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdf
Meet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdfMeet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdf
Meet Darshan Hiranandani The Future CEO Of Hiranandani Group.pdf
 
N Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari Coast
N Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari CoastN Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari Coast
N Chandrababu Naidu's Vision: NH-216 Becomes the Lifeline of East Godavari Coast
 
Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...
Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...
Vadim Blaustein: Dutch trust office sneaked Russian bankers and a Playboy mod...
 
Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...
Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...
Arrests of journalists by Israeli soldiers who entered the Al Shifa Hospital ...
 
Pesquisa: 2024 NewzooPC & Console Gaming Report
Pesquisa: 2024 NewzooPC & Console Gaming ReportPesquisa: 2024 NewzooPC & Console Gaming Report
Pesquisa: 2024 NewzooPC & Console Gaming Report
 
N. Chandrababu Naidu Spearheads 98% Completion of Nellore Water Scheme
N. Chandrababu Naidu Spearheads 98% Completion of Nellore Water SchemeN. Chandrababu Naidu Spearheads 98% Completion of Nellore Water Scheme
N. Chandrababu Naidu Spearheads 98% Completion of Nellore Water Scheme
 
TDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's Vision
TDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's VisionTDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's Vision
TDP's Educational Renaissance in Kurnool under N Chandrababu Naidu's Vision
 
Peter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AG
Peter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AGPeter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AG
Peter Virdee of PV Energy & Dieter Trutschler of Meeco Invest AG
 

Improving Collaboration Through Identity Management

  • 1. Improving Collaboration through Identity Management A Candid Survey of Federal Managers February 2014
  • 2. Purpose Driven by White House and Congressional directives such as HSPD-12, the National Strategy for Trusted Identities in Cyberspace (NSTIC), Insider Threat Task Force, and FICAM, federal agencies are focused on identity management like never before. Agency leaders face a difficult task in ensuring secure access to agency resources by the right people, at the right time, and for the right reasons, without restricting the organization’s operational effectiveness. Understanding the difficult task of balancing these two priorities, Government Business Council (GBC), Symantec, and HP undertook a study to explore the current state of identity and access management (IAM) in the federal government. Methodology To assess the perceptions, attitudes, and experiences of federal executives regarding IAM, GBC deployed a survey to a sample of Government Executive’s online and print subscribers in December 2013. The pool of 975 respondents includes those of GS-11 through 15 grade levels and members of the Senior Executive Service in defense and civilian agencies. 2
  • 3. Table of Contents 1 Executive Summary 4 2 Respondent Profile 6 3  Research Findings 10 i. ii. iii. iv. Current State of Federal IAM Security Concerns Can Limit Mission The Need for an Identity Ecosystem Public-Private Partnerships in IAM 4 Final Considerations 3 11 15 21 26 30
  • 5. Executive Summary Federal leaders are confident in identity management within their own agencies A majority of respondents (72 percent) are confident or very confident in their agency’s ability to ensure appropriate physical access to resources. Slightly fewer (63 percent) are equally confident in their agency’s ability to ensure appropriate logical access. For many, the two are linked: 71 percent of respondents indicate that their agencies have integrated physical and logical IAM. Outside of one’s own agency, security concerns limit collaboration Nearly all respondents interact with groups outside of their agency, but security concerns limit their ability to provide services to these groups over the Internet. While respondents view the growth of mobile devices as an opportunity to improve collaboration, security concerns have limited their uptake in federal agencies. An “Identity Ecosystem” that links an electronic identity across multiple platforms could improve collaboration and efficiency while lowering costs The idea of a common framework for establishing trusted identities is a new concept for some federal leaders, but anticipated effects are largely positive. A majority of respondents expect an “Identity Ecosystem” to increase efficiency and confidence in using online services, among other benefits. To create an “Identity Ecosystem,” respondents are open to public-private partnerships, but security, privacy, and liability concerns will need to be addressed. 5
  • 7. Survey respondents are senior federal executives Job Grade SES Reports/Oversees 5% Over 200 22% GS/GM-15 GS/GM-14 78% of respondents are GS/GM-13 or above 23% GS/GM-13 3% 51-200 59% 7% 21-50 of respondents oversee at least one report 7% 28% 6-20 1-5 21% 16% GS/GM-12 4% GS/GM-11 None 2% Other 0% 10% Percentage of respondents, n=975 7 21% 20% 30% 41% 0% 20% 40% 60%
  • 8. Most respondents work in operations Job Function ▶  ▶  Most respondents work in operations, a category that includes program/ project managers and logistics specialists. “Other” includes categories such as legal, research, management, technical professionals, and auditors. 32% Operations Human capital 12% Engineering 11% Finance 8% Acquisition and procurement 6% Legislative 5% Information technology 5% Facilities, fleet and real estate management 3% Communications and telecommunications 3% Other Percentage of respondents, n=975 8 16% 0% 10% 20% 30% 40% 50%
  • 9. Most Represented Agencies Department of Treasury Office of Personnel Management Department of Agriculture Small Business Administration Department of the Interior United States Postal Service Department of Transportation Department of Homeland Security Department of Commerce United States Agency for International Development General Services Administration Nuclear Regulatory Commission Environmental Protection Agency Department of Health and Human Services National Aeronautics and Space Administration Department of Veterans Affairs Social Security Administration National Science Foundation Department of Housing and Urban Development Executive Office of the President (including OMB) Department of Energy Department of Defense (OSD, DISA, DIA, DLA, etc.) Department of Labor Department of Justice United States Government Accountability Office Department of the Army Department of State Other independent agency Department of Education Agencies listed in order of frequency 9
  • 12. What is Identity and Access Management? ▶  As used in this report, identity and access management (IAM) refers to a security practice that ensures access by the right people, at the right time, and for the right reasons. ▶  IAM can be used in reference to both physical access (e.g., to facilities, areas, or rooms) and logical access (e.g., to networks or files). 12
  • 13. Federal leaders are confident in IAM within their own agencies Physical access (e.g., to facilities, areas, rooms) 29% Logical access (e.g., to networks, files) Very confident 19% 63% 72% of respondents are very confident or confident 44% 43% Somewhat confident Not confident 21% 7% 1% DK Percentage of respondents, n=975 and n=974, respectively 13 of respondents are very confident or confident Confident 26% 8% 2%
  • 14. For many, physical and logical access are interconnected Has your department/agency integrated physical and logical IAM? ▶  ▶  A majority of respondents indicate that their agencies have integrated physical and logical IAM. Typically, integration involves using a common card or device to access the agency’s building and computer networks. Percentage of respondents, n=974 14 No, not considering 5% No, but considering 15% Don’t know 9% Yes 71%
  • 16. 94% of federal leaders interact with external groups, especially other agencies Groups interacted with through the course of work 85% 27% 56% 56% 49% of respondents interact with other federal agencies, citizens, state/local/regional government agencies, and industry partners 8% Other federal departments/ agencies Citizens Percentage of respondents, n=972 16 State, local, Industry partners regional government departments/ agencies 6% Other None of the above
  • 17. Security concerns limit service provision A majority of respondents (68 percent) indicate that security concerns limit online service provision. Even those who are currently providing services to citizens believe they are limited: 72 percent identify limits to online service provision. Security concerns prevent my department/ agency from offering certain services online. 68% of respondents agree or strongly agree 9% 22% Strongly disagree Percentage of respondents, n=825 “Don’t know” not included 17 44% Disagree Agree 24% Strongly agree
  • 18. Mobile devices offer an opportunity to enhance interaction with external groups Mobile device usage presents an opportunity for my department/agency to enhance interaction with other groups. 81% of respondents agree or strongly agree 9% 10% 57% Strongly disagree Percentage of respondents, n=863 “Don’t know” not included 18 Disagree 24% Agree Strongly agree
  • 19. …but security concerns limit mobile expansion Security concerns present an obstacle to my department/agency using mobile devices to interact with other groups. 65% of respondents agree or strongly agree 5% 30% Strongly disagree Percentage of respondents, n=809 “Don’t know” not included 19 46% Disagree Agree 19% Strongly agree
  • 20. The lack of a common framework for establishing trusted identities limits interaction with external groups The lack of a common framework for establishing trusted identities limits my department/agency’s interaction with other groups.  7% 57% of respondents agree or strongly agree 36% Strongly disagree Percentage of respondents, n=645 “Don’t know” not included 20 41% Disagree Agree Strongly agree 16%
  • 21. iii. The Need for an “Identity Ecosystem” 21
  • 22. The White House has called for the creation of an “Identity Ecosystem” ▶  ▶  April 2011’s National Strategy for Trusted Identities in Cyberspace (NSTIC) highlights the need for an “Identity Ecosystem” where individuals and organizations leverage universally-recognized digital identities to securely interact with one another. By linking an individual’s electronic identities across multiple websites, NSTIC envisions that the “Identity Ecosystem” will provide online services in a manner that promotes confidence, privacy, choice, and innovation. National Strategy for Trusted Identities in Cyberspace, April 2011. 22
  • 23. Federal leaders expect largely positive effects from the creation of an “Identity Ecosystem” Sizable amounts of respondents are unsure of the effect that an “Identity Ecosystem” will have on efficiency, confidence, cost-effectiveness, citizen service quality, privacy, help desk calls, and security (23-34 percent select “don’t know”). Of those respondents who have an opinion, most anticipate positive effects: Expected effects of an Identity Ecosystem Efficiency Confidence in using online services 11% 7% 15% Security risks Percentage of respondents, n varies “Don’t know” not included 23 60% 26% 58% 34% 9% Privacy protections Help desk calls 64% 29% Cost-effectiveness Quality of citizen services 66% 23% 15% 57% 28% 38% 10% 28% 30% 42% 52% Increase No change Decrease
  • 24. Respondents identify additional benefits of an “Identity Ecosystem,” including… “ Better data quality. ” security clearance “ Streamlinedindividuals. processes and better tracking of ” effectively outside the office “ The ability to work moregive me access to sites that I need environment. It would to use but are restricted if not on a government system. “ Improved intergovernmental activities. ” Sampling of open-ended responses 24 ”
  • 25. “Identity Ecosystem” may be far off How soon do you think government could achieve an “Identity Ecosystem”? 0-1 years 2% 56% 2-5 years 30% 6-10 years 24% More than 10 years Never Don't know Percentage of respondents, n=971 25 11% 3% 30% of respondents think government can achieve Identity Ecosystem in the next 10 years
  • 27. To reach “Identity Ecosystem,” the federal government supports public-private partnerships in IAM “The private sector will lead the development and implementation of this Identity Ecosystem, and it will own and operate the vast majority of the services within it.” -National Strategy for Trusted Identities in Cyberspace, April 2011 "The Obama administration is committed to supporting publicprivate partnerships that both enhance consumer privacy and ensure the Internet remains a driver of innovation and economic growth." -Secretary of Commerce Penny Pritzker, September 2013 National Strategy for Trusted Identities in Cyberspace, April 2011. NIST.gov, “NIST Awards Grants to Improve Online Security and Privacy,” September 2013. 27
  • 28. Though few respondents are opposed to publicprivate partnerships in IAM, many are unsure Opinion of public-private partnerships in IAM 50% 40% 31% 31% 30% 18% 20% 20% 10% 0% Support Percentage of respondents, n=970 28 Neither support nor oppose Oppose Don't know
  • 29. Security, privacy, and liability top the list of concerns about public-private partnerships in IAM Concerns about public-private partnerships in IAM Security 55% 51% Privacy Liability 50% Changes in work/operational flows 40% Vendor lock-in 30% Loss of IT jobs Other 14% 7% Don't know None of the above Percentage of respondents, n=965 29 15% 5%
  • 31. When considering an IAM strategy in your agency… Make room for mobile. Though federal agencies may be late mobile adopters, citizens using government services are more and more likely to be doing so from a mobile device. As this trend continues, providing a secure, usable mobile interface for citizen services will be essential to mission effectiveness. Look to agencies already experiencing IAM success. The Federal Cloud Credential Exchange (FCCX), run by GSA and USPS is a good look into the future of identity management. FCCX will unify six different civilian agencies using FICAM authentication standards to allow the public to securely access online services through a single sign-on. This streamlined authentication will reduce costs for participating agencies, while providing a “secure, privacy-enhancing, easy-to-use-solution.” Count all costs, including the hidden expense of forgotten passwords. Forgotten passwords are expensive. Agencies should look at how they can reduce operational costs by passing those expenses on to credential service providers—federal or commercial— who can unify services around a single sign on. USPS participating in creation of digital Federal Cloud Credential Exchange program 31
  • 32. Underwritten by About HP and Symantec For over 20 years, HP and Symantec have delivered joint technology solutions and services that enable organizations worldwide to secure and manage their most critical information. HP integrates Symantec into security, storage, server, and client solutions, and delivers enterprise services based on market-leading Symantec solutions.
  • 33. About GBC Contact Our Mission Zoe Grotophorst Manager, Research & Strategic Insights Government Business Council (GBC), the research arm of Government Executive Media Group, is dedicated to advancing the business of government through analysis and insight. GBC partners with industry to share best practices with top government decision-makers, understanding the deep value inherent in industry’s experience engaging and supporting federal agencies. Tel. 202.266.7335 zgrotophorst@govexec.com govexec.com/GBC @GovBizCouncil 33
  • 34. Improving Collaboration through Identity Management A Candid Survey of Federal Managers February 2014