by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : March 2013
AS CLOUD SERVICES GROW, so does the need for reliable authentication and access control methods. This has led to the emergence of mul- tiple authentication services from a variety of providers. Besides cloud growth, other disruptors are emerging. They include: • The growth of mobile con- sumer devices (BYOD) in the enterprise. • Legacy system challenges relating to change manage- ment, incident management, mobility and cloud integra- tion. • The growth and maturity of authentication standards, including OpenID Connect, OAuth, Simple Cloud Identity Management [SCIM], Security Assertion Markup Language [SAML], and others. They have helped drive interoper- ability between internal and external identity systems. As the number of IT servic- es grows across an enterprise, government IT managers may find themselves evaluating a broad range of available iden- tity technologies. So it s worth focusing on those that can deliver secure and scalable authentication services across a range of IT environments. To that end, government e orts are underway to stan- dardize and simplify access control. One high-profile e ort is the multiagency initiative called the National Strategy For Trusted Identities In Cyber- space. The NSTIC goal is to accelerate progress toward in- teroperability between legacy identity management systems and trusted online credentials. The initiative encourages the creation of a framework for an "Identity Ecosystem." The e ort s goals, as out- lined in the original April 2011 NSTIC statement, are lofty. But technical specifics for how the concept will become a reality are still in flux. The best way to see what s planned is to look at pilot projects that received funding last fall. Each takes a di erent approach for building and pilot-testing digital identity management across multiple systems. Besides these initial proj- ects, NSTIC managers have issued an Announcement of Federal Funding Opportunity to help develop additional on-line identity solutions that "embrace and advance the NSTIC vision." POLICY MACHINE TO THE RESCUE? Government agencies may also want to take a look at the Poli- cy Machine initiative from the National Institute of Standards and Technology, whose basic premise is that each IT service on a government network usually is part of a set environ- ment. Such environments typi- cally include a server and its operating system, middleware and possibly a database and an associated set of database applications. Most of these sys- tems have built-in solutions to help control their capabilities and interactions with other systems and data. But they must be properly configured and maintained. NIST s Policy Machine proposes a centralized way of setting rules for such interactions. These types of services (or groups of integrated ser- vices) usually have a routine for identifying and authen- ticating the users of other IT systems that seek to connect and interact. Besides such authentication, the environ- ment might include rules to limit which types of opera- tions may be performed via each connection. Because many such IT services exist as stand-alone environments, it can be a true challenge to develop enterprisewide access control policies and operational limits. Solutions must interact across multiple domains and control policies must be globally enforceable, which is di cult to coordinate. The Policy Machine includes access control data and rules that can be used to set control policies and deliver comput- ing capabilities when ap- propriate, including a set of functions for enforcing such policies. This helps to establish an enterprisewide operating environment that can "imple- ment and execute capabilities of arbitrary data systems" according to the solution s description, and also "specify and enforce mission--tailored access control policies." Policy Machine develop- ers say, for example, that an e-mail application sometimes might distribute files to users regardless of the OS protec- tion settings on those files. The Policy Machine can help properly set and enforce rules that will prevent that. AUTHENTICATION AS A SERVICE Authentication-as-a-Service (AaaS) is gaining momen- tum. Companies such as Symantec, CA Technologies, RSA, Gemalto, Authentify, SecureAuth and SafeNet o er such solutions. Partnerships are developing to o er full ecosystems that government agencies can tap into, includ- ing new mobile solutions. But remember that legacy systems will require a mix-and-match approach for the products and services needed agencywide, especially if they want to man- age federated identities and support correct multifactor authentication. Also, context (and associ- ated awareness of context) will play a role in user and device identities. For example, organizations may want to support single sign-on for end users working internally but enforce other rules for users connecting remotely, or who are connecting through an unfamiliar device. Government agencies would do well to familiarize them- selves with the ongoing e orts of NSTIC, the NIST Policy Ma- chine and the ongoing AaaS partnership ecosystems. • --- Shawn McCarthy is research director for IDC Gov- ernment Insights. WITH CLOUD AND BYOD, IDENTITY AUTHENTICATION GETS COMPLICATED INTERNAUT BY SHAWN McCARTHY 18 GCN MARCH 2013 • GCN.COM