Andrew Whelchel is a certified principal sales engineer at Okta, specializing in enterprise security architecture, identity risk, data privacy, cloud, mobile and API security.
The pandemic is speeding up plans of most organizations to embrace the cloud and meet new needs of a remote and hybrid workforce. But for federal agencies, even though the structure of the workplace has changed, federal regulations setting access and identity verification standards have not.
Cloud’s ability to bring greater speed, agility and security to the mission is within reach, as long as agencies can find provide access to cloud-based applications which meet Federal Identity, Credential and Access Management (FICAM) policies.
That’s been a challenge for many agencies. But it’s also the promise of a new partnership between Okta and Amazon Web Services. Okta Identity Cloud is now available through Amazon Marketplace, to give agencies access to a FedRAMP-approved cloud identity platform that supports their modernization goals.
Access tools that minimize cyber risk
The uptick in security threats — like recent ransomware attacks and compromised supply chains — continue to put agencies at risk. Systems are increasingly interconnected. That makes FICAM more than a just a check box to meet federal security regulations. FICAM lays the groundwork for agencies to implement modern identity and access controls and ultimately paves a path forward to architecting a zero-trust environment.
The remote and hybrid workforce increases agencies’ cyber risk as long as employees are not working inside government buildings. It is critical that federal IT infrastructure moves away from traditional credential validation, like PIV and CAC, and traditional remote access security such as VPN, to an access solution that solidifies a zero-trust security posture.
Those organizations which have already fallen victim to a ransomware attack learned that in the event of a breach or attack, IT security teams can benefit from segmentation, to isolate threats quickly. But at the same time, multiple accounts create more access complexity. Organizations with hundreds and thousands of users will exponentially increase the number of accounts per person.
Without a tool like Okta’s Identity Cloud, users have to remember a lot of passwords and credentials. Consequently, IT administrators need to be mindful that with segmentation also comes the need to take a heightened management posture for access and identity verification controls.
Okta’s single sign-on and multifactor authentication solutions comply with a number of FICAM policies — not just for access controls, but for logging, auditing and even providing attestations that someone should continue to have the rights that they have. The universal directory consolidates users, groups and devices into a single directory, giving administrators the ability to manage the lifecycle of users’ access.
Additionally, Okta Identity Cloud operates both on-premises and in cloud environments and supports agencies’ moves to embrace either hybrid or multi-cloud infrastructure. Ultimately, the goal is to create a more resilient infrastructure against cyber threats that doesn’t complicate the user’s experience.
Testing the waters with pilot projects
Using Okta with AWS’ cloud infrastructure offers both speed and agility of access that agencies are looking for their applications today and in the future. By getting users approved for certain capabilities, and then mirroring those attributes inside of AWS, agencies can have certainty that the right people are the right privileges to access federal data. That includes employees, contractors, partners and citizens who interact with the government at different levels.
Those who are hesitant to move forward need only test this concept with a pilot program to get started. Those who’ve already begun testing workloads related to home connectivity, zero-trust connectivity, ticketing management or automation software are seeing the benefits almost immediately. And because these pilot tests are managed in the cloud, there are no setup costs and no provisioning to spin up a Okta’s tool inside AWS.
Once agencies understand how easy it is to move their data and connect their identity to that cloud, it doesn’t take long to begin moving a lot more projects and workloads to the cloud.
Okta is a leader in the identity space, and its broad network of application integrations simplifies the deployment and management of cloud apps, services and infrastructure for those organizations migrating to the cloud.