Formulating Solutions To Stay Close To The Users
Things done while tuning and elevating IT's relationship with the government functions process transformation efforts
Our focus is to stay close to the users and involved with the improvements they wish to make. When we have technology solutions available, we develop and propose solutions that could be adopted by and championed by someone who wants to improve the process. We have been more successful having users champion the change than we in the information technology organization. To stay close to the users:
• We have embedded Information Management Officers in the Operations Center
• In each of our 9 directorates we have an Information Resource Manager, Information Technology Representative, Information Assurance Representative and several Information Management Officers.
• We have an Knowledge and Information Management Branch that works with the executive office and each directorate to develop process improvement solutions and the attendant IT tools to support
Addressing pain points for which solutions do not exist
• I think the biggest gap in available solution to need is in the identity assertion, authentication and authorization area. It’s my biggest need, and frankly it’s the biggest need for the general public and commercial business as well. In cyber, it doesn’t matter how good your system and data security is if you can’t control those who access and use the systems and data. In my case, the more I depend upon virtualization technology to use single systems with multiple users who don’t have access to all the data, I have to be very sure that I know who can access and process what data. It is too easy to spoof identities and passwords have become ridiculous with the need for umpteen characters, different passwords for different apps all needing to be changed every 60-90 days.
• What is needed is standardized identity assertion devices that use biometrics, like a finger print, or whatever the user wants to use, a hardware-based token, a pin or rememberable password and some environmental factor like temperature or location to make each credential unique and not subject to a pass-the-hash attack. There’s a lot that has to be done with regard to credential stores to reduce “bit rot” or to allow users to get at their old data that is encrypted with old credentials.
• Then there must be enterprise (national) trusted directory services to authenticate the assertions to give application and information service providers high assurance of the identity.
• Finally, the application and information service providers must employ an authorization and access control system that understands the assertion and authentication to make authorization and access decisions on their associated services.
• The Identity Management has a long way to go and it’s losing the race with the hackers.
Impact of social media, mobile, cloud and tablets on business environment
Because of our security requirements it is difficult for us to fully take advantage of mobile, cloud and tablets. However, the advantages of being able to move around the building; from meeting place to meeting place and, of course to travel and have access to needed data is extremely desirable. We are in the process of consolidating our data servers in accordance with the Federal Data Server Consolidation Initiative with the end goal being to have less expensive, more robust and more secure data services that will be the foundation for cloud and mobility services.