For the Department of the Air Force on its journey to develop a modern identity, credential and access management (ICAM) framework, the end goal is as much about security as it is about providing a better user experience, according to CIO Lauren Knausenberger.
The service’s new ICAM Roadmap — released last month with an enterprise Zero Trust Roadmap — envisions an end state in five years of “true attribute-based micro-segmentation for ICAM … at a global scale” with context for user activity, Knausenberger said Wednesday at ITModTalks, presented by FedScoop. Such a capability is key to a zero-trust architecture because it limits a user’s or device’s access to part of a network based on information about them.
But the Air Force’s vision for ICAM isn’t just about restricting users from certain parts of the networks — it’s also about making a better experience for airmen as they go about accessing the information and applications they need, Knausenberger said.
“If you get ICAM right, you’re delivering a much more secure enterprise,” she said. “And you’re also making it much more likely that your users use your enterprise” instead of looking for alternatives, which come with security risks outside of the CIO’s control.
Alternatively, if it feels “funky or stovepiped as it is right now in the Department of Defense … people are gonna use their personal email accounts, they’re gonna find a way to get the mission done,” Knausenberger said.
In an ideal scenario, Air Force users would be able to do everything they need on the service’s IT enterprise, consolidating the numbers of sign-ons to as few as possible, she added.
“We want to be able to use single sign-on across a wide variety of systems. We are still logging into a lot of different places right now, and it does make us less secure,” Knausenberger explained.
As the Air Force moves forward with its recently released ICAM roadmap, Knausenberger, who is leaving her role in June, wants partners across industry, the DOD and other government agencies to give their feedback, because eventually, the goal is that it will be interoperable with the service’s many mission partners.
“We want it to be interoperable across the Department of Defense, in some cases maybe in other parts of government as well, and certainly with our allies and partners that we fight with,” she said.