Identity management is a key component to enabling remote access of data in a hybrid work environment for the Department of the Army.
Dovarius Peoples, Chief Information Officer at the U.S. Army Corps of Engineers, said identity, data, mobility and shared services all support USACE mission delivery.
Peoples said it’s important to fit identity management into a zero trust strategy. It’s vital to understand who has access and who needs access when deploying new tech capabilities.
“We've been looking at how to deploy or implement a zero trust based concept from an identity perspective to give those who need to have access the ability to do so,” Peoples said during an ATARC Modernizing Authentication Through the Use of Identity Management event.
USACE has also been exploring federated management of identities in Microsoft Teams, which would give those who may not be a DOD entity or DOD personnel the ability to leverage DOD data.
“Being able to allow federal partners from DHS and FEMA and give them the ability to come into our environment, share and collaborate through the Teams capability, and collaborating and sharing documents during a natural disaster and having access are critical to what we are doing,” Peoples said. “Leveraging an identity-based zero trust concept methodology is critical to our success.”
Ross Foard, ICAM Subject Matter Expert with the Continuous Diagnostics and Mitigation Program at the Cybersecurity and Infrastructure Security Agency, said the federal government has been taking steps to help agencies and industry understand the importance of identity management when transitioning to a zero trust architecture.
“You need to know where your users are and manage them well. You should take an enterprise view of your users and manage the ones you are managing well and that includes making sure that they get multifactor authentication which is critically important,” Foard said during the ATARC event. “Zero trust is about taking different pieces of information, putting them together in context and then making good decisions so that if one signal is compromised it doesn’t invalidate the entire trust chain.”
The Army has fully adopted the “Bring-Your- Own-Device” approach to mobile IT, which allows soldiers to take their cell phones on missions. BYOD is a convenient approach, but comes with its own security risks, which zero trust is uniquely poised to address.
Peoples said zero trust and a DevSecOps approach to operational technology will be major goals for USACE in FY 2023.
“When you think about the Corps of Engineers and natural disasters, when you think about of blue roofs on tops of houses when storms blow them over, when you think about places in Kentucky with boots on the ground helping remove debris, mobility enables all of those missions to be done,” he said.