Business
NY CIO Council: Federated approach to ID and access management
New York's identity and access management is a jumble of inconsistent processes and weak security measures. A new CIO Council report aims at establishing a non-centralized, federated approach.
New York's CIO Council will release a roadmap document for identification and access management that advocates a federated approach, much like Visa takes for credit card verification, the Digital Communities site reports. The site notes the benefits of this approach:
New York - probably like many states - currently uses a hodgepodge of approaches. A state CIO Council survey found:
- There's no uniform process for establishing user identification
- There's no regular recertification of identifications
- There's no single identification process within an agency, which means too many workers are dealing with too many passwords
- Passwords are the most common form of identification and access control
- Some biometrics are being used for IAM
- The amount of information being shared across agencies and governments is increasing significantly.
The standards-based federated approach offers fixes for most of these issues:
- A simpler way to grant and revoke user access to information
- A reduction in the number of sign-ons and passwords an individual must work with to access multiple systems and databases
- Greater security when it comes to user access to information
- The elimination of complex, bilateral data sharing rules and structures between different levels of government.