According to a recent survey, a majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth.
The respondents also said they think identity management is relevant to national security, critical public infrastructure, and personal security; and given the gravity of those issues, that personal privacy could suffer.
The findings were part of a survey of 474 government IT professionals conducted by public-opinion research firm Pursuant, and funded by Quest Software. A majority of the respondents were civilians working for the federal government and not in the U.S. Department of Defense, according to Quest.
Slightly more than 33 per cent of the respondents said increased physical, data and information security was the top reason for building an identity-management system. Compliance with such government mandates as HSPD-12 -- which lays out a policy for a common identification standard for federal employees and contractors -- was the No. 2 reason at 32.1 per cent. Protection of personal information 19 per cent, and simplified internal data systems (2.5 per cent) were the third and fourth reasons.
More than 50 per cent said the three key components in an identity management system are access management (80.8 per cent), directory services (54.9 per cent) and single- or reduced-sign-on (57.8). Nearly 72 per cent said identity management would become more important within their organization in the next five years.
The respondents said identity management was critical because they feared data breaches could have devastating consequences, including loss of personal privacy and data security (92.4 per cent), compromised critical public infrastructure (70.2 per cent), deflated national security (67.2 per cent), and increased financial terrorism (61.5 per cent).
Users are realizing that smart cards held by employees can be used for much more than building access, says Paul Garver, vice president for the public sector at Quest. "It was the realization that the card in the true identity-management scenario represents a lot more," he says.
"It represents the ability to get into the building; it represents the ability to sign on to the workstation, to gain access to applications with the rights and privileges you should have. I think that is why people responded that identity management would become increasingly important because of the realization that the card is more than just a card," he adds.
The other realization is that identity-management projects are expensive, and respondents are concerned how they will fund their buildouts. Nearly 51 per cent said Congress should provide some of the money.
Nearly 31 per cent of respondents listed lack of funding as the main reason they have not met their objectives. Insufficient staffing resources was cited by nearly 19 per cent, followed by technological complexity (18.1 per cent), lack of knowledge about dealing with operational or technical issues (13.5 per cent), and lack of management support and direction (11.8 per cent).
Regardless, nearly 56 per cent said their organizations were deploying an identity-management system, and 19.1 per cent said they had one in place already. But 37 per cent said they had no idea when they would be compliant with government mandates, and 32 per cent said it would be one to five years before they were compliant. Only 14.8 per cent said they were already compliant.
As far as Congressional intervention, 48.9 per cent said Congress should require greater identity-management planning and collaboration among federal agencies and state and local governments. Only 11.4 per cent said Congress should not have a role.
Related content:
Understanding federated identity
One entity, one identity
Secret identity: Solving the privacy puzzle in a federated model