GovTech – Adventures and Observations in IAM: Cross Boundary Policy Management in Cloud Environments

Enabling Cross Boundary Policy Management in Cloud Environments by Daemon Price

It’s an interesting time to be in Government Technology. Join me here every few weeks where I’ll share my observations on the latest technology happenings within the Beltway and across Government. We’ll discuss the latest trends in Identity and Access Management, as well as some of the conferences and meetings I attend in my role as VP of Business Development and Sales at Resilient Network Systems.

Back in my college days, I loved the TV show, James Burke “Connections” and one idea that has stuck with me all of these years is that single ‘eureka’ innovation moments are very rare, and more common is a slow progression of separate, new capabilities combining to create a leap forward. Nowhere do I see this type of innovation more prevalent than after spending a few decades working with the U.S. Government.

A case in point is the cloud. Federal agencies for years now have been on an unwavering trajectory of embracing cloud environments, and why not? Cloud environments offer the ability to spend less on infrastructure and maintenance, while simultaneously enabling a greater mobility of information and resources. Additionally, the cloud offers the financial flexibility of the SaaS model to pay only for the capacity that is actually needed at any given time. Those who have to architect and maintain cloud environments understand that new problems have emerged.   Now IT staff has to worry about their data’s life-cycle, as opposed to just their server’s lifecycle, and the skills for managing a cloud vendor are different than managing hardware.   In the end, the cloud’s full potential can never be completely realized until the issues of trust and fluidity across multiple clouds can be addressed and one way to do that is with better cross boundary network-based policy management with contextual access control.

An agency’s governing IT policies are a workflow-intensive and politically-sensitive investment of resources to design, approve, implement and monitor. Once this mountain of work is operational, the idea of changing an agency’s policies to work with another organization is simply too labor intensive to be seriously considered. However, this is precisely what organizations are faced with since their core mission increasingly requires them to regularly engage with other agencies, foreign partners, commercial entities and private citizens. So agencies find themselves stuck with the mission to reach across boundaries, but their new cloud environments can’t accomplish this goal because their policies and access controls are different from everyone else’s. No one can easily engage externally, and so the promise of clouds easily interacting with each other and connecting everyone with everything seamlessly remains a pipe dream. In short, the bigger problem solved by cloud still needs a few remaining innovations before cloud’s full benefits and potential can be completely realized.

To date, most organizations have addressed their needs the only way that they can… by expending the heavy setup, administrative and maintenance resources to manually add the external users to their environments. Thankfully, the missing pieces to the cloud though are now finally becoming available. Resilient’s network-based policy management can now facilitate a cloud-to-cloud, across boundary policy connection by negotiating disparate organizational policies through harvesting and interrogating attributes brought from authorities from both sides of the boundary. This approach enables each organization on either side of the boundary to build a sufficient level of trust from the information presented by the other party, in order to authenticate users and systems, and then grant whatever level of access each side wishes to provide. With this new innovation in place, one more giant leap of progression has now been added toward realizing the dream promised by cloud. Now if only we could definitively identify all the devices and users on a cloud.

About the author

Daemon Price is the VP of Business Development and Sales at Resilient Networks Systems. A Virginia Tech graduate, where he participated in the Corps of Cadets, Daemon held multiple postings within the Dept. of Agriculture and the Dept. of Commerce before taking his information security experience to the private sector where he worked for both small businesses like SoftMed Systems (creator of the original electronic health record) and Blackboard (education IT innovator) to prime contractors like CSC, SAIC and 3M. With government awards and billion dollar solicitation wins to his credit, Daemon continues as a passionate technology evangelist and can be seen often at events held by AFCEA, INSA, NDIA, AUSA, FCW and many others.

Other blogs in the GovTech – Adventures and Observations in IAM series: