ICAM Consolidation Underway as Federal Agencies Move to Zero Trust – MeriTalk


As identity management figures prominently in agency zero-trust security journeys, federal and industry leaders agree that the Government’s Identity, Credential, and Access Management (ICAM) framework government is a critical part of enforcing zero-trust architectures, as well as consolidating ICAM. approaches within agencies.

Identity management is not just about people, but also about devices and data, explained Ken Calabrese, ICAM program manager in the Office of the CIO of the Department of Energy (DoE), during a January 5 Federal News Network event.

“Originally, it was about people. And now, especially with zero trust, we know it’s way beyond people, it’s devices, it’s data. So it’s actually a fun time…a lot of us have been building the foundation, if you will, and it’s kind of exciting now that we’re expanding beyond the traditional people-based ICAM programs,” Calabrese said. .

However, implementing the ICAM framework can be a challenge for some agencies, especially when individual offices within an agency all purchase their own ICAM solutions.

Andre Mendes, CIO at the Commerce Department, said that was the case at Commerce when it started about 18 months ago. Since then, Mendes has launched a program that consolidates 13 separate identity and access management systems across the agency, which has many subcomponents.

“I expect that in the next six months we’ll have pretty much all of our applications and all of our desktops in one system – a federated system of course – but one that’s way more advanced than what we had at barely 18 months ago, with a common solution,” Mendes said.

Sean McIntyre, director of solutions delivery in the Federal Aviation Administration’s Office of the CIO, said his agency was also undergoing an ICAM consolidation effort.

How to close blind spots in infrastructure. Learn more.

“One of the things we’re trying to get to grips with is the fact that one program might establish its own identity solution, and then another will come out and establish another. And what we’ve asked them to do is start looking at it holistically and take a one-size-fits-all solution,” McIntyre said. “With this, we also plan to integrate our workforce into this same solution so that we can use any of our applications with this same solution.”

The consolidation of ICAM solutions has helped federal leaders on their zero-trust journey, enabling them to more easily modernize identity and access management approaches.

“How do you get to zero trust without an identity? I don’t know how to get there,” said Aubrey Turner, executive advisor at Ping Identity. “And if you’re saying how to achieve least privilege without an identity, and least privilege is part of zero trust, there’s just no way to get there without an identity.”


Comments are closed.