National security trumps personal privacy, survey states

A new analysis of federal, state and local governments says identity management is protecting their systems and buildings better.

The rise of identity management across government has shifted the debate toward giving national security concerns more attention than personal privacy. A new survey from Quest Software released today found 53 percent of 474 federal, state, local and municipal government employees said that national security should be a priority even if it means that Americans’ personal privacy could be negatively impacted. Meanwhile, 33.8 percent said personal privacy is a higher priority than national security. This finding was one of the most surprising in the analysis conducted in January. “I would expect this type of finding if we had a large Defense Department audience, but our audience was mostly civilian agencies,” said Paul Garver, Quest Software vice president. “A large part of the government’s position deals with national trust and security. This finding is a result of the focus on national security by so many civilian agencies.” The departments of Homeland Security, Justice, and Health and Human Services made up more than 15 percent of all federal respondents. Another surprising finding is that almost three-fourths of the respondents said their agency has taken many steps toward identity management compliance, including securing information systems (75.6 percent), securing personnel information (71.5 percent) and securing facilities (75.1 percent). This is surprising because federal agencies' progress toward meeting the White House mandate for secure identification cards has been slow as most agencies are more worried about issuing cards rather than implementing them.Still, many agencies are not fully using their identity management systems, the survey found. More than 60 percent of all respondents say their agency has between one and four different sign-on requirements for applications, while 32.5 percent say they have five or more. Of that 60 percent with between one and four sign-ons, 31.2 percent said they have three or four different sign-ons to access various systems. Garver said this is a sign that the provisioning and deprovisioning of systems will gather steam in the coming years. “Managing multiple directories is harder than managing one,” he said. “The goal of any IDMS is to get to a more manageable service.” Part of that challenge, respondents say, is having a heterogeneous environment that includes Microsoft, Unix and Linux. The survey found 16.5 percent said this was very challenging, while 34.8 percent said this issue made it somewhat challenging. “Every agency has this problem,” Garver said. He recommended agencies should: Survey respondents also provided some expected beliefs about identity management, including full compliance with Homeland Security Presidential Directive 12 for most agencies is at least three years away, and agencies are most concerned about data security and protecting the critical infrastructure. The survey also found that 71.7 percent believe ID management will grow in importance over the next five years. “It is great to have confirmed the importance of ID management,” Garver said. “Because there was no funding for HSPD-12 and other similar initiatives, it caused agencies to prioritize and raise the level of importance of ID management.”

  • Determine what exists today.

  • Preserve their current architecture.

  • Figure out what components of the architecture could be reused.

  • Understand your long-range plans and how the IDMS fits in it.