Going Mobile with ICAM
Applying opportunities for mobile authentication
The demand for federal agency personnel to use mobile devices such as smart phones and tablets for agency business continues to grow. Whether a user logs on to an application from a mobile device, laptop, or desktop, the application has to uniformly enforce access control across all types of hardware. In many cases, applications require users to authenticate with user names and complex passwords. Given the difficulty and inconvenience of entering complex passwords on mobile devices, though, users may resort to simpler passwords and PINs or may reuse the same credentials more frequently across many applications, potentially exposing an agency to greater information security risk. If agency users can access sensitive information from mobile devices, agencies need to consider the integration of stronger authentication methods accordingly. On the other hand, agencies may leverage mobile devices to provide simpler and stronger user authentication methods, resulting in more robust access control for applications and convenience for users.
In order to achieve such results, though, an agency needs to leverage a systematic approach, including the development of a Mobile Device Authentication Strategy, and integrate it with a demonstrated approach to Identity, Credential and Access Management (ICAM) program lifecycle management by addressing the following solution design components:
- Evaluating the organization’s business benefits from mobile device use
- Mitigating risks associated with mobile device use
- Adapting legacy applications for mobile devices
- Determining key milestones and timelines for integration
- Identifying existing and future components to support the target infrastructure
- Assessing the compliance of solution components with FIPS 201
In an already complex operating environment, Deloitte’s approach allows an agency to focus on the key business benefits and address the most critical technical dependencies of integrating new authentication methods into mobile devices and enterprise applications as efficiently, effectively, and securely as possible.
However, in order to effectively implement the approach outlined above, an agency needs a trusted adviser with the necessary and relevant experience and expertise to deliver results. Deloitte provides Federal ICAM strategy and program support, and implementation services at 10 of 15 US Cabinet level agencies. We have over 160 people dedicated to security and identity management, holding specialized certifications such as CISM, CISA, CISSP, CIPP, and ISC2 PMP. Deloitte is ready to help your agency not only address its mobile security challenges but also to take advantage of the opportunities mobile devices offer to strengthen your agency’s security posture.
As used in this document, “Deloitte” means Deloitte & Touche LLP, a subsidiary of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.