A senior Cybersecurity and Infrastructure Security Agency (CISA) official offered his look toward the enduring nature of identity-based network security technologies during a discussion today at the Okta City Tour and Gov Identity Summit in Washington.
Sean Connelly, CISA’s senior cybersecurity architect and Trusted Internet Connections (TIC) Program Manager, talked about the Federal government’s ongoing move to zero trust security architectures, and in particular the identity-based portion of that migration.
Asked how he sees the identity-based component of security technology evolving in future years, Connelly replied, “it’s been interesting going back ten years with TIC and where we are now with identity. So that naturally begs the question, where are we going to be ten years from now, how is this going to be different?
“I don’t know if it’s going to position itself differently,” he said. “I think the focus will continue to be on identity, continue to be toward the application security, to being towards securing the data.”
Further looking to the future, Connelly noted the National Cyber Director’s release in March of the National Cybersecurity strategy, and the strategy’s tasking for Federal agencies to “move their legacy systems to modern platforms within 10 years.”
“While that’s a decade away, we’ve already had discussions with agencies as they start to look to how to move those systems forward,” Connelly said.
“Some of the discussions have been towards identity, some of the discussions have been toward as we move to cloud – cloud, obviously, has some very focused IM (identity management)” solutions, he said. “So identity keeps coming up again and again in different ways.”
“Another way I think identity is going to help” is with interoperability, he said.
“The cloud – now no agency is just a single cloud, right? We’re all hybrid. You hear about organizations that may be having somewhere between two to 400 different SaaS [software-as-a-solution] environments, I’m not sure if the Federal side is there yet, but clearly momentum is towards SaaS solutions,” Connelly said. “Identity is going to be able to secure those different environments.”
“But it’s also going to be about interoperability between those solutions, between those systems,” he continued. “So it’s interoperability a couple ways. Interoperability means it’s just the system to system … but also from our threat hunting side, the team that I hear from all the time” talks about “the different data formats that are coming into us,” he said.
“We receive telemetry from all the Federal civilian executive agencies, and they all have different data format, they have different systems, and it can be a challenge for any security operations center or any type of network operations to understand what’s really going on as environment because it’s different system,” he said.
“Standard data formatting is one area where I think identity will also help agencies be able to move forward in terms of their solutions the next decade or so,” he said.
TIC Office Shift
Elsewhere during his remarks today, Connelly talked about the impact of the shift of CISA’s TIC office to more of a zero trust security focus.
“We’ve had some questions come to us about the TIC program office as we move to a zero trust program office,” he said. “TIC has been around for 15 years,” he said, and in recent years has created at the direction of the Office of Management and Budget a number of use-case guidance documents.
Connelly called the transition of the TIC office to a zero trust-focused office “really just a rebranding … to the more zero trust principles including identity.” TIC, he said, is still required to fulfill functions by OMB.
“TIC ourselves, we are still at the agency, we’ve just closed up the publication shop,” he said. “The agencies are primarily responsible for supporting TIC, so the TIC is still going to be there.”
“We will in our office be supporting more identity-first, our data-focused, data-centered solutions,” Connelly said.
You can view this session and others from the Okta City Tour and Gov Identity Summit on-demand here.