Protecting access to sensitive data and systems is important for any organization. For the Department of Defense, it's essential. Additionally, growing data volumes and complex information-sharing technologies compound both the challenge and the imperative of keeping sensitive and critical information secure.
This reality led DoD leadership to undertake a significant initiative to prioritize an ICAM capability that would deliver services at the speed of the mission and with even greater connectivity, and that could also keep pace with the complex and intense advance of our cybersecurity adversaries.
In response, GDIT built a DoD-wide ICAM capability that tracks user identities across networks and ensures access is limited to only those who can verify that they need it. The GDIT solution offers advanced, enterprise-wide user authentication capabilities both in the cloud and at the edge, while also serving as one of the foundational components in a zero trust strategy.
The GDIT ICAM solution harmonizes data points from multiple sources to bring meaning and confidence to user identity. It builds on the existing DoD security architecture to manage traditional role-based access control (RBAC) while anticipating continued evolution in artificial intelligence and analytics to help the DoD migrate toward a risk adaptive access control (RAdAC) approach. The solution is enhanced with a self-service, push-button deployment experience that streamlines complexities and makes a bigger impact, faster.
GDIT assembled a team of “non-traditional” business partners to help develop the solution. Each is a leader in a niche-market space. This approach allowed us to identify highly specialized partners who could quickly collaborate with us and expertly deliver the latest cloud security capabilities within our solution.
GDIT’s ICAM solution was built with today’s DoD environments in mind – environments that extend from the enterprise cloud to the tactical edge. Its core components include an Identity Provider (IdP), which centralizes authentication; Automated Account Provisioning (AAP), which enables automated workflows for account requests and renewals; and a Master User Account (MUR), which provides enterprise-level aggregations and audits of access rights. Together, these elements provide an ICAM solution that is both innovative and secure.
Our teams are also already working on enhancing our unique enterprise ICAM capabilities. One of these enhancements is Attribute Based Access Control (ABAC), which is essentially a dynamic authorization strategy. Think of it as a series of doors, each with a lock. To get in, a user must have the key to each door and must be aligned with governance or policy before the user can “open” the door and access the data behind it. Another enhancement is Privileged Access Management (PAM) which safeguards identities with elevated or privileged access beyond standard users.
With our ICAM solution, the DoD can have a single set of credentials across the enterprise, but the local services or agencies can still set access permissions and policies based on local needs. It gives them the reach-back security of the enterprise, with the flexibility of the edge.
Importantly, the GDIT ICAM solution works hand-in-glove with zero trust principles. It helps DoD customers build their zero trust foundations, and in some cases further them, by supporting advanced concepts of ABAC and RAdAC policy enforcement for users, devices, and services. The solution is federated across enterprise, with a single, individual identity that can be used across the enterprise to validate the user and what resources and applications they have access to.
Additionally, because it allows for automation and creates a federated network to break down silos, ICAM can also enable Joint All-Demand Command and Control (JADC2) by providing a single, integrated tactical network and a common data fabric that will underpin a zero trust architecture. ICAM enables that federation so customers can, with zero trust, appropriately access that fabric and support JADC2.
After delivering our initial ICAM solution to the DoD, we are currently expanding to support all DoD systems which serve more than 5 million users with unique identities. Additionally, our Edge ICAM solution extends the DoD’s enterprise capability to support unique requirements with advances in cloud technology Outside the Continental United States (OCONUS) and for denied, disconnected, intermittent, and limited-bandwidth (D-DIL) environments as well. This will enable users to quickly establish ICAM capabilities that can be shipped to a base or forward operating location – pre-built and configured – giving customers immediate access to ICAM service capabilities in contested environments.
We look forward to continuing to support the DoD’s unique security and access management needs as a critical mission partner. Bolstering the agency’s ICAM capabilities is a top DoD priority, and we stand ready to consistently raise the bar and deliver on our charge.