Advanced infrastructures will build on identity
Agencies need to think beyond the traditional approach to infrastructure improvements
If you were to build an agency infrastructure from scratch today, what would be your approach? Chances are it would not turn out anything like most infrastructures now and would be built around identity.
That’s because the advanced infrastructure of the future — the near future — would be one constructed for the post-PC, access-from-anywhere-and-anytime era. Make sure users can get to any data from any device, and then build the physical infrastructure around that one, indispensable need.
There will still be familiar elements from traditional infrastructures — mobile device management and application distribution support, for example — and people will still work with paper so printers will still need to hang off the network. And because access is the main focus of this infrastructure, local-area and wide-area network connections will be important.
But it’s identity that will be the critical component. Without that, no infrastructure will be able to meet users’ demands.
“How do I know who’s supposed to be accessing my data and who has that authority?” said Mike Zirkle, associate director of government solutions at Verizon Wireless. “That’s where I’d start. That’s the first component I’d build.”
Identity is one of the key features of the Defense Department’s Joint Information Environment, an overhaul of the military’s global information network that will be DOD’s core IT backbone of the future.
As the JIE is developed, a set of initiatives will create a single identity standard for both the Secret IP Router Network and the Unclassified but Sensitive IP Router Network that would do away with passwords and all the security problems they present so users can access the networks from anywhere in the world. The JIE will also use standard labels for the data carried over the JIE, which will provide the anchor for credentialed access.
“The connecting of the data, and the tagging and aligning of it, will enable it to make its way to an identity that, along with the necessary roles and permissions, allows the person with that identity to access that data from anywhere around the globe,” said Robert Carey, DOD’s deputy CIO.
Identity and identity management have been raised to a high level on the government’s list of IT needs. In April 2011, the White House issued its National Strategy for Trusted Identities in Cyberspace (NSTIC). It admitted that improvement in identity management alone won’t be enough to fully secure networks but said it had become a necessary tool.
“More secure identification and authentication will both ameliorate existing security failures and provide a critical tool with which to improve other areas of online security,” the strategy states. “The Identity Ecosystem must therefore continue to develop in parallel with ongoing national efforts to improve platform, network and software security.”
Government agencies have found that building identity into their infrastructures is both costly and complex. Translating the need for identity to advanced agency infrastructures that will be built around such things as the cloud, given that agencies might already have extensive identity management schemes for their current infrastructures, also isn’t a simple matter.
“There are various products available that federate identities from an internal authorization schema to an external one such as a cloud service,” said Lawrence Pingree, a research director at Gartner. “However, agencies would be advised to not just throw the old stuff away and move directly to the cloud.”
Agencies would do best in using their tried and trusted security paradigms with simple virtualization within the agency and then slowly move those virtualized instances into a cloud service over time, he said.