ICAM and Telework
Leveraging ICAM to help securely enable workforce mobility
Information security incidents, such as compromised Personally Identifiable Information (PII), have led to Congressional investigations, damaging publicity, and an array of other consequences. As federal agencies seek to expand the use of telework in order to realize the benefits that flexible work arrangements can provide, they may also find significant challenges to protecting their sensitive data and information systems as a result of the increased number of remote users. The Identity, Credential, and Access Management (ICAM) capabilities that many agencies are already implementing can help to address telework-related identity data and access management challenges and help minimize the risk of information security incidents.
The increased adoption of telework within the federal workforce brings an increased number of potential ICAM-related challenges, including:
- Securely Authenticating and Connecting through VPN
- Managing Technology Costs to Support Telework
- Meeting Federal ICAM Policy Mandates for IT Access Control
Federal agencies should strengthen information security controls to provide a seamless shift from working in the office to a remote location. ICAM capabilities can help agencies enable telework alternatives by:
- Providing broad user authentication and authorization mechanisms, using strong authentication tokens (e.g., Personal Identity Verification [PIV] and Common Access Cards [CAC]), and strengthening a broad set of IT security controls
- Leveraging existing Federal Identity, Credential, and Access Management (FICAM)-compliant investments to support broader telework initiatives to minimize the need for investing in additional, telework-specific technologies and integrating with existing hardware and secure Virtual Private Networks (VPNs) for logical access to the agency’s IT systems and applications
- Enabling advocates of telework to identify and integrate with existing resources and tie into the existing ICAM infrastructure as a result of a telework implementation that is coordinated with an ICAM program
- Enables secure single sign-on capabilities across various applications and across traditional IT security boundaries
Successful ICAM and telework implementations require a diverse set of capabilities. Deloitte has the demonstrated experience to help agencies implement ICAM and telework initiatives.