NW: Gov’t IT Shops: Identity Management Critical for Security

A majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth.

The respondents also said they think identity management is relevant to national security, critical public infrastructure, and personal security; and given the gravity of those issues, that personal privacy could suffer. (Learn more in our Identity Management Buyer’s Guide.)

The findings were part of a survey of 474 government IT professionals conducted by public-opinion research firm Pursuant, and funded by Quest Software. A majority of the respondents were civilians working for the federal government and not in the U.S. Department of Defense, according to Quest.

Slightly more than 33% of the respondents said increased physical, data and information security was the top reason for building an identity-management system. Compliance with such government mandates as HSPD-12 — which lays out a policy for a common identification standard for federal employees and contractors — was the No. 2 reason at 32.1%. Protection of personal information (19%), and simplified internal data systems (2.5%) were the third and fourth reasons.

More than 50% said the three key components in an identity management system are access management (80.8%), directory services (54.9%) and single- or reduced-sign-on (57.8). Nearly 72% said identity management would become more important within their organization in the next five years.

The respondents said identity management was critical because they feared data breaches could have devastating consequences, including loss of personal privacy and data security (92.4%), compromised critical public infrastructure (70.2%), deflated national security (67.2%), and increased financial terrorism (61.5%).

Users are realizing that smart cards held by employees can be used for much more than building access, says Paul Garver, vice president for the public sector at Quest. “It was the realization that the card in the true identity-management scenario represents a lot more,” he says. “It represents the ability to get into the building, it represents the ability to sign on to the workstation, to gain access to applications with the rights and privileges you should have. I think that is why people responded that identity management would become increasingly important because of the realization that the card is more than just a card,” he adds.

The other realization is that identity-management projects are expensive, and respondents are concerned how they will fund their buildouts. Nearly 51% said Congress should provide some of the money.

Nearly 31% of respondents listed lack of funding as the main reason they have not met their objectives. Insufficient staffing resources was cited by nearly 19%, followed by technological complexity (18.1%), lack of knowledge about dealing with operational or technical issues (13.5%), and lack of management support and direction (11.8%).

Regardless, nearly 56% said their organizations were deploying an identity-management system, and 19.1% said they had one in place already. But 37% said they had no idea when they would be compliant with government mandates, and 32% said it would be one to five years before they were compliant. Only 14.8% said they were already compliant.

As far as Congressional intervention, 48.9% said Congress should require greater identity-management planning and collaboration among federal agencies and state and local governments. Only 11.4% said Congress should not have a role.

By  John Fontana, Network World (US)