One Identity Survey Reveals Federal Agencies Lack Elements of Basic Cybersecurity Hygiene

  • Survey of over 200 federal IT security professionals uncovers a lack of implementation of federal guidance and identity and access management (IAM) basics
  • All security stakeholders say their agency has room for improvement across focus areas in the Identity, Credential, and Access Management (ICAM) policy
  • Monitoring was recognized as the area with the most room for improvement
  • Fifty two percent of intelligence and defense respondents felt their agency’s current IAM approach is a distraction to the mission

 ALISO VIEJO, CA -- (November 13, 2018) -- One Identity, a proven leader in helping organizations get IAM right, today released study results that uncover a lack of federal government implementation of basic cybersecurity and access management best practices. The study, conducted by Dimensional Research, found that while agency leaders recognize IAM’s importance, a majority of agencies have yet to fully adopt recommended guidelines into their cybersecurity program and some even feel their current approach distracts from agency missions.

Substantial improvements are needed to address identity management basics—a cornerstone of strong cybersecurity

The federal government has increased its focus and support for cybersecurity, including IAM efforts. Established by the Office of Management and Budget (OMB), ICAM emphasizes agency control of user access to information and systems to ensure secure, efficient operations. Nearly all respondents (99 percent) felt the policy has had a positive impact on current identity and access management guidance, while almost three out of five respondents (59 percent) consider it a major positive impact. However, 100 percent of respondents say their agency still has room for improvement. When asked what ICAM focus area requires the most improvement, participants said:

  • Monitoring users (42 percent)
  • Managing users (25 percent)
  • Identifying users (18 percent)
  • Credentialing users (15 percent)

Intelligence and defense communities admit to need for comprehensive IAM solutions to support their missions

Civilian agencies found IAM to be a mission enabler more so than intelligence and defense agencies. When asked if IAM related initiatives such as ICAM and the NIST Identity Guidelines enabled or distracted from the mission, 59 percent of all federal agencies had a positive outlook. However, while 71 percent of civilian agencies considered IAM a mission enabler, 52 percent of the defense community says IAM initiatives make it difficult to achieve their missions. This disparity reveals the need for flexible IAM solutions that allow agencies to securely and efficiently meet their needs.

Agencies struggle to meet deadline related to the NIST Identity Guidelines

Referenced in the ICAM policy and designed to help agencies address their identity and access management needs, the NIST Identity Guidelines lack widespread government adoption. According to the study, only 41 percent of agencies say they have met the deadlines as outlined in the policy. While 49 percent of agencies feel they are making progress, 10 percent have yet to or will not act on the guidelines.

“This research reveals a lack of alignment between IAM requirements and realities at federal agencies. It’s imperative that agency leadership prioritize identity management and leverage guidance already in place to prevent data from falling into the wrong hands,” said Dan Conrad, federal CTO at One Identity. “Effective cybersecurity begins with a comprehensive IAM approach that includes account authentication, authorization, administration and auditing. This way, they don’t have to sacrifice efficiency to protect sensitive government information.”

For more information on how One Identity can help agencies take a modular and integrated approach to addressing these issues: https://www.oneidentity.com/solutions/iam-for-government/

About the One Identity Assessment of Identity and Access Management in 2018 Study
The One Identity Assessment of Identity and Access Management in 2018 federal study consisted of an online survey conducted by Dimensional Research of IT professionals in federal civilian, defense and intelligence agencies with responsibility for security and who are very knowledgeable about IAM and privileged accounts. A wide variety of questions were asked about experiences and challenges with IAM. A total of 203 individuals from the U.S. federal government completed the survey, with 58 percent from civilian and 52 percent from intelligence and defense agencies.

One Identity offers a free online Executive Summary of the data as well as the Full Key Findings Report

About Quest Public Sector, Inc.
Quest Public Sector, Inc., part of Quest Software, provides software solutions for the changing world of enterprise IT.  With 30+ years’ experience, Quest is a global provider to 130,000 organizations across 100 countries. Quest helps simplify challenges caused by data explosion, cloud expansion, hybrid datacenters, internal and external security threats and regulatory requirements. Quest Public Sector, Inc. offers solutions to help government agencies with database management, data protection, unified endpoint management, identity and access management and Microsoft platform management. With Quest, government agencies spend less time on IT administration and more time on business innovation. For more information, visit www.quest.com.

About One Identity
One Identity, a Quest Software business, helps organizations get identity and access management (IAM) right. With a unique combination of offerings including a portfolio of identity governance, access management and privileged management, and identity as a service that help organizations reach their full potential, unimpeded by security yet safeguarded against threats. One Identity has proven to be a company unequalled in its commitment to its customers' long-term IAM success. More than 7,500 customers worldwide depend on One Identity solutions to manage more than 125 million identities, enhancing their agility and efficiency while securing access to their data -- wherever it might reside. For more information, visit http://www.oneidentity.com.

Media contacts
Jennifer Bernas
One Identity AR/PR
858-886-6443
Jennifer.bernas@oneidentity.com

Molly Ryner
Sage Communications
301 233 7006
mryner@aboutsage.com

Anonymous