Sign up to save your podcasts
Or
Share Ep. 70 Identity Management Lays the Foundation for Zero Trust
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Ep. 70 Identity Management Lays the Foundation for Zero Trust
This is a discussion that provides the listener with ideas of how agencies are adopting identification to enable to zero trust and gain some insight into the evolution of access control in the federal government.
The federal government certainly is not a monolithic enterprise; it must manage mundane requests like access to National Parks as well as negotiate atomic energy agreements.
NIST has reinforced the fact that identification is the first component of deploying Zero Trust. When a mandate comes from the White House to target Zero Trust, it makes sense that each agency will have a history of identification systems and have a different level of sophistication when it comes to identity management.
Bryan Rosensteel from Ping gives a remarkable analysis of the evolution of Attribute Based Access Controls. His purview is immense. He begins by examining the historical application of Attribute Based Access Controls. He comments they were effective but tedious to deploy.
To streamline this system, Role Based Access Controls were implemented. Unfortunately, today’s technical climate allows malicious actors to steal identities and defeat the RBAC method. Bryan Rosensteel argues that today’s dynamic system will have to revert to the precise controls that ABAC provides.
The weakness of Multiple Factor Authentication is reviewed by David Temoshok, NIST. He suggests that when a person gets a code via SMS text message, it is transmitted via the public telephone system. He calls this weak MFA. This is another reason today’s Role Based Access Control, can provide the kind of security that some agencies require.
FEMA’s needs for identification are broader than most. Dr. Gregory Edwards from FEMA understands the complexity of cryptographic identification models, but he also recognizes that he cannot give every flood victim a federally issued PIV card. Solutions must be provided where FEMA optimizes quick access to federal assistance while maintaining security controls so vital for federal information technology.
Listening to this podcast will give the listener a terrific overview of innovations in access control and the variety of ways federal agencies are coping with identification with the new focus on Zero Trust Architecture.
View all episodes
By FedInsider
5
55 ratings
This is a discussion that provides the listener with ideas of how agencies are adopting identification to enable to zero trust and gain some insight into the evolution of access control in the federal government.
The federal government certainly is not a monolithic enterprise; it must manage mundane requests like access to National Parks as well as negotiate atomic energy agreements.
NIST has reinforced the fact that identification is the first component of deploying Zero Trust. When a mandate comes from the White House to target Zero Trust, it makes sense that each agency will have a history of identification systems and have a different level of sophistication when it comes to identity management.
Bryan Rosensteel from Ping gives a remarkable analysis of the evolution of Attribute Based Access Controls. His purview is immense. He begins by examining the historical application of Attribute Based Access Controls. He comments they were effective but tedious to deploy.
To streamline this system, Role Based Access Controls were implemented. Unfortunately, today’s technical climate allows malicious actors to steal identities and defeat the RBAC method. Bryan Rosensteel argues that today’s dynamic system will have to revert to the precise controls that ABAC provides.
The weakness of Multiple Factor Authentication is reviewed by David Temoshok, NIST. He suggests that when a person gets a code via SMS text message, it is transmitted via the public telephone system. He calls this weak MFA. This is another reason today’s Role Based Access Control, can provide the kind of security that some agencies require.
FEMA’s needs for identification are broader than most. Dr. Gregory Edwards from FEMA understands the complexity of cryptographic identification models, but he also recognizes that he cannot give every flood victim a federally issued PIV card. Solutions must be provided where FEMA optimizes quick access to federal assistance while maintaining security controls so vital for federal information technology.
Listening to this podcast will give the listener a terrific overview of innovations in access control and the variety of ways federal agencies are coping with identification with the new focus on Zero Trust Architecture.