by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August 2013
IF YOU ARE A FEDERAL systems manager working in government today, chances are good that, over the next 18 months, you will be focusing heavily on identity manage- ment and authentication. This boost in electronic authentication solutions is triggered by several factors, including the growth of new cloud solutions, the migration to enterprise-wide authenti- cation as storage and shared databases are centralized, and the growth of new types of integrated systems --- such as created in mash-up environ- ments. Today s sprawling IT environments mean that it s more important than ever for person-to-machine and machine-to-machine identities to be properly established for each connection. Across the federal government, over $70 million will be spent on iden- tity management solutions in fiscal year 2013, and about the same will be spent in FY 2014, according to the OMB. For those IT managers who are embarking on such e orts, a good starting point for mak- ing authentication decisions is OMB Memo M-04-04, which focuses on e-authentication guidance for federal agen- cies. Even though the memo is nearly 10 years old, it s still the most highly cited directive for authentication, and it provides a useful outline for the decision process agencies are likely to follow when evaluating their needs for e-authentication solutions. E-AUTHENTICATION: WHAT MANAGERS WILL BE FOCUSING ON OVER THE NEXT 18 MONTHS INTERNAUT BY SHAWN McCARTHY At a basic level, such authentication is the process of establishing confidence in user identities electroni- cally presented to an informa- tion system. A key message within the memo is that OMB encourages agencies to make decisions on the type of e- authentication posture they want to enforce. There are di erent levels of need, and it doesn t make sense to pay for the most secure systems if they aren t needed. This is not a decision that should be made arbitrarily. Each agency needs to conduct a risk assessment of their sys- tems, identify and map those risks and make business deci- sions on which assurance level is acceptable for their systems. For example, when allow- ing guest access to the Wi-Fi system, and then to some portions of a public network, Level 1 authentication may be perfectly acceptable. But when allowing access to databases and important business appli- cations, level 3 or level 4 may be more appropriate. Next, the agency must select appropriate authentication solutions based on technical guidance for e-authentication. This will vary significantly based on the types of resources in question. Once the system is in place, organizations should conduct periodic risk assessments of their chosen solution, and map how any newly discovered risks will be addressed. This may require new validation that a solution still meets its required assurance levels. If it does not, new configuration or programming may be needed. As spending plans associ- ated with these types of invest- ments are made, keep in mind that identity and authentica- tion management is a solution that is tracked by the O ce of Management and Budget as a "primary investment area." So if you plan to install or improve a current identity management solution, they will want to know the associ- ated system name and any as- sociated ID number, as part of your agency s annual Exhibit 300 submission. Also, an authentication solution usually requires FISMA compliance, which can vary depending on the type of systems being connected. For this reason, it might be worth enlisting the services of a cloud provider who handles authentication as a service. FISMA compliance is part of their approval process. The Department of Homeland Security has been the most progressive agency for moving in this direction. Last year DHS announced that over 30 applications were using AaaS, and this year that number reportedly has grown to 70. There s also the evolving space of mobile device au- thentication. Recently, Akamai Technologies, working with ID authentication provider Daon, announced the availability of Mobile Authentication as a Service (MAaaS). For the federal government, this solu- tion is available, delivered as a cloud-based application, through CGI Group Inc. Cloud-based AaaS is poised to grow as government demand for a quick authenti- cation solution picks up - espe- cially for connected resources that may be geographically disbursed. And if you haven t considered it yet, the time to do so could be now. • --- Shawn McCarthy is research director for IDC Gov- ernment Insights. Across the federal government, over $70 million will be spent on identity management in 2013, and about the same will be spent in 2014. 16 GCN AUGUST 2013 • GCN.COM