Going Mobile with ICAM
Applying opportunities for mobile authentication
Mobile devices, including smart phones, tablets, and embedded devices, change the way that the workforce communicates and collaborates. These devices take advantage of local, remote, and cloud-based applications and services to deliver information and resources directly to users. This delivery is significantly increasing the demand for mobile devices in the public sector, which provides opportunities for Federal agencies to create a more efficient and productive workforce. Incorporating mobile devices into the workplace, however, triggers significant risks that must be considered by an agency’s leadership.
Agencies should consider broadening their Identity Credential and Access Management (ICAM) programs and incorporate a mobile security plan to safeguard against threats that could impact a mobile environment. By incorporating a mobile-focused strategy into an ICAM program, Federal agencies are best positioned to:
- Ensure identity proofing by developing governance requirements, including the capability to determine assurance levels for resources and matching it to the levels of proofing and credentialing the user receives;
- Control key management by using mobile devices as authenticators;
- Use a mobile device rather than a key or keyless entry device to grant physical access a Federal facility; and,
- Mitigate unauthorized access through a central mobile authentication control system that can automatically grant and revoke access by using a derived credential on mobile devices.
Deloitte is deeply experienced in helping agencies create secure frameworks and achieve compliance with Homeland Security Presidential Directive (HSPD) 12, Federal Information Processing Standard (FIPS) Publication 201-2, and other Federal regulations. As a leading professional services firm, Deloitte offers superior mobile security and privacy related services, including those for physical and logical access control, risk management, governance, and compliance. Deloitte’s Mobile Security Initiative examines mobile environments for Federal agencies to help a Federal agency’s leadership craft security initiatives to reduce risk and achieve its mission. In its service to Federal clients, Deloitte has significant expertise developing and implementing effective ICAM programs and is ready to assist you with your mobile security challenges.
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.