How agencies are modernizing IT infrastructure with attribute-based access control
- By Gerry Gebel
- Jan 26, 2021
In many ways, the federal government’s IT challenges are similar to those of commercial businesses. Both sectors know that as technologies and data sources grow and evolve, updating legacy IT technologies is critical. As a result, government agencies have been investing in modern technologies for several years.
However, an increase in spending has not resulted in agile operations, more secure data or almost any return on investment. Why is that? According to a recent Accenture research report, federal agencies are “deploying technologies in pockets, with limited tools for scaling and delivering sustained impact.”
Piecing together separate tools for IT modernization is not only ineffective, it’s more costly. In fact, the report said, “during 2014–19, spending on the maintenance of legacy IT systems rose by 13%, to consume nearly 80% of the U.S. government’s total IT spending.”
Fast forward to today. Federal agencies have had to rapidly evolve operations, manage risk and digitize their workforce due to COVID-19. They also were working to modernize their IT infrastructure, move additional resources to the cloud, deal with capacity issues and protect systems against serious vulnerabilities and sensitive information from getting into the wrong hands.
The impact of COVID-19 on government IT operations
The pandemic exposed a number of challenges to government IT infrastructure. With many agencies moving to a predominantly remote workforce (at least temporarily), legacy systems that have been part of government infrastructure for multiple decades quickly caused problems.
In June 2020, Sen. Maggie Hassan (D-N.H.) attempted to intervene. She sent a letter to 10 agencies urging officials to modernize their IT infrastructure, pointing out several issues.
“Legacy IT systems, as you know, are outdated systems that are no longer supported by the vendor, require highly specialized personnel to maintain and often do not support current software or current agency needs,” Hassan said.
She went on to say that “the public health emergency caused by COVID-19 underscores the need for federal agencies to invest in modernizing current IT systems that cannot meet mission expectations in a crisis. Failing to do so could result in costly errors, security vulnerabilities and inability to serve the American people.”
It’s clear that federal agencies must embrace digital transformation and modernize their IT infrastructure, especially in a post-COVID world. But where should officials start?
Multi-dimensional data security solutions
In agencies’ legacy systems, data and access policies are often hardcoded into the application. Any change to access policies can require a weeks-long process of manual code changes, which is slow and increasingly difficult in a remote work environment.
Instead, government agencies should implement more innovative technologies like attribute-based access control. ABAC is a comprehensive access control model that enforces enterprisewide access based on business policies and regulations. ABAC leverages attributes to describe any access-control scenario and provides external authorization.
Additionally, ABAC separates software code from the function it serves. Developers simply establish core functionality and reuse common elements across software systems. As a result, the software development lifecycle is separate from authorization requirements and access control policies, making ABAC a truly multidimensional security model.
ABAC also eliminates the need to revise code every time there is an agency, regulatory or internal policy change. It introduces a centralized mechanism to control who has access to what information, under what circumstances, coded once and applied across the software ecosystem. Ultimately, the ABAC model simplifies authorization requirements, provides a more flexible IT architecture and saves significant development time.
As 2021 begins, more government agencies will invest in modernization efforts. Officials must consider an ABAC model to provide flexible access control and meet the evolving IT needs of the federal government.
Gerry Gebel is vice president of business development at Axiomatics.