Welcome!

Government Cloud Authors: Elizabeth White, Liz McMillan, Gopala Krishna Behara, Raju Myadam, Kevin Jackson

Related Topics: Government Cloud, Agile Computing

Government Cloud: Blog Feed Post

A National Strategy for Trusted Identities in Cyberspace

The White House has Issued a Draft for Comment of a New National Strategy for Cyberspace

The White House has issued a draft for comment of a new National Strategy for Trusted Identities in Cyberspace. The strategy draft was introduced by Howard Schmidt in a White House blog: A National Strategy for Trusted Identities in Cyberspace

Howard’s introduction included:

“Today, I am pleased to announce the latest step in moving our Nation forward in securing our cyberspace with the release of the draft National Strategy for Trusted Identities in Cyberspace (NSTIC). This first draft of NSTIC was developed in collaboration with key government agencies, business leaders and privacy advocates. What has emerged is a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.”

In a terrific move, the government is using the online social commenting structure of Ideascale.com to help enhance the dialog and comments on this draft. You can see the way these comments are shaping up at:  www.nstic.ideascale.com I can tell this document has already been well staffed and according to the White House release over 4000 comments were received on previous versions. I’m sorry to say I have not provided any input to date. I’m not sure how many other techie types did either.  Maybe some of my heros did and I hope I don’t say anything below that offends them if I did.

I also offer some CTO-type context below.

One thing I noted right away was that the first seven pages were little more than justification. This is clear indication that the drafters understand not all see a need for significant action here.

After those seven pages, the core of the document dives into:

  • Guiding Principles – Establishes the tenets that this Strategy must uphold in order to be successful. The Guiding Principles are necessary characteristics of the Identity Ecosystem.
  • Vision and Benefits – Presents the overarching vision the Strategy seeks to achieve along with the details of the Identity Ecosystem and the benefits for individuals, private sector, and Government.
  • Goals and Objectives – Defines what this Strategy intends to accomplish.
  • High Priority Action Plan – Introduces critical tasks that form the basis for realization of the Strategy Goals and Objectives.
  • Conclusion – Provides a high-level summary of the Strategy and a call to action for the public and private sectors.

The following are some personal opinions on those elements of the strategy:

Guiding Principles: This is perhaps the most important part of the document. I could certainly suggest re-wording a few, but that is not what is important here. What is important is capturing the key principles, and I don’t disagree with any of these. It is good to read them and clearly lots of thought was put into them.  I bet since this document has been widely staffed there is widespread agreement on these, but it is good to re-look principles, especially at the beginning of an effort like this. I hope dialog with citizens and academia and industry result in widespread acceptance. Perhaps there will be other principles captured in this interaction with the populace, but I personally cannot think of any.

Vision and Benefits: I’m sure onboard with the vision, which is: “Individuals and organizations utilize secure, efficient, easy to use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” I’m sorry to report, however, the entire rest of this section is not so impressive, at least from the standpoint of someone who likes to see progress on big issues like this. After introducing a vision the drafters immediately do a bit of a “bait and switch” and present ideas they seem to assert must be part of the solution, including a very detailed new vocabulary and a new approach for framing the future solution. This might be a solution. But there might be an infinite number of others. So how do we know this is the optimal one? What other options were considered? Is this option based on science of any sort? As a computer scientist I would like to know.

The strategy asserts that the vision will be accomplished by an ecosystem of three layers: one for execution, one for management, and one for governance. Each are then defined and new terms are proposed for each. But my sense is their are many other possible frameworks and I don’t see the level of academic rigor or practitioner’s sense I would expect in a framework like this. I want to see a framework written by masters of the art like the Carnegie- Mellon University’s Software Engineering Institute or the standard’s body OASIS. Then I’ll feel that serious thought has been put into optimizing a workable way to implement the vision.

There is certainly thought and serious attention paid to use-cases in this section, but this is supposed to be a section on vision.

But the section was titled “vision and benefits,” which underscores again that the drafters are making a point of underscoring why action is required. Three pages of solid benefits I think most of us would like to see are captured in this section. This is very useful to articulate and I hope the open dialog and comment period results in even more being captured. But it seems to be a logical flaw to suggest that the only way these benefits will be obtained is by accepting the drafter’s assertion that we must define an identify ecosystem the way it is written there.

Goals and Objectives: In a logically flowing strategy, a vision will be an endstate and the goals will be those things that must be accomplished to ensure success in reaching that endstate. Objectives contribute to achieving goals and will normally have responsible parties assigned and dates associated with when they must be completed. I’ve already mentioned the long assertion in the vision section regarding a particular approach to an ecosystem and that throws off the logic flow a bit. If that section were removed then it would probably help with the logic flow better and these goals would be in much better context. So pretend you didn’t read that part. Here are the four goals:

  • Goal 1: Develop a comprehensive Identity Ecosystem Framework.
  • Goal 2: Build and implement interoperable identity infrastructure aligned with the Identity Ecosystem Framework.
  • Goal 3: Enhance confidence and willingness to participate in the Identity Ecosystem.
  • Goal 4: Ensure the long-term success of the Identity Ecosystem.

I don’t see any huge problem with the goals as stated. But the lens we will just those goals are on how well they help us accomplish the vision. Remember the vision: “Individuals and organizations utilize secure, efficient, easy to use and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” Keep that in mind as you think of those goals. Some of my comments are below:

Goal 1: Develop a comprehensive Identity Ecosystem Framework.

Wait a minute! An identity ecosystem framework was already asserted in the vision section. I think the goal can stand as it is but key objectives should include working with academia and the internet technology community (including standards boards) to coordinate enhanced identity management frameworks. The goal should not be to just develop and build the framework asserted by the drafters of this strategy, in my opinion. They have simply not provided any justification that their way has been thought out well enough. And with no justification they are not going to be able to compel the action required. The internet standards community works in a way where logic, trust and compelling arguments are key and collaboration is the preferred means to developing standards. I’ve seen no evidence of this occurring yet (although I have to admit it could have been, I can’t be everywhere at once!).   I have seen evidence of coordination with industry and industry bodies, but not with standards groups or academia.  I wonder about that.

So my issue is not the goal, but the means to get to it. I want to see objectives that focus on the great centers of computer science in America, like our universities and standards bodies.

Goal 2: Build and implement interoperable identity infrastructure aligned with the Identity Ecosystem Framework.

This is a call for an infrastructure. I have to support this. I believe the nation needs to serve its citizens this way, like it did in serving us with canals, roads, interstate highways and other transportation systems. I can’t say the objectives listed will guarantee success. There are only three objectives presented: one on continuing government leadership, one on promoting speed in deployment, and one on promoting broad use of solutions. If we accomplish all three objectives do we have guaranteed success in the goal? I don’t think so. Seems like more work is required in this area.

Goal 3: Enhance confidence and willingness to participate in the Identity Ecosystem.

It is hard to argue with this goal. Government is about service to citizens. If this system is not for the use of citizens and if they do not trust it to enhance their privacy and economic and personal freedoms then it is doomed. I’ll reserve judgement on the objectives for these goals. They seem ok on their surface.

Goal 4: Ensure the long-term success of the Identity Ecosystem.

Finally we get into a goal and objectives which give a hat tip to the standards community. This goal brings up very important points about the fact that the Internet is global and not owned by any one provider or commanded by any one country. An objective is listed that calls for enhancing US participation in technical standards bodies. This is a great goal. I would only say that participation requires engagement by very smart, educated participants because the way these bodies work is by people injective good ideas and contributing to broadly understood goals. They do not work by groups or even countries coming in and thinking they can command. Every once in a while great corporations are able to muster the technical talent required to sway a standards body their way, but even then that is not a cake walk. You must build compelling arguments.

Following the goals and objectives section is a section titled “Commitment to Action” which provides a list of nine high priority actions. I think it would have been more sound and build a stronger argument if these had been in the goals and objectives section of the plan. This reads like it is “goals and objectives part two.” What was that goals and objective section I just read? Was that supposed to be just warming me up for the real actions?

Anyway, we seem to be finally getting into the meat of the document. The nine actions seem like good things to do. Who is against DNSSEC, IPSEC and PKI? And who is against enhancing privacy? This whole list is full of smart things like that.

The conclusion of the document says: “This Strategy provides a vision for how users, service providers, and other stakeholders can improve their use of digital identities in online transactions.” As for me, I didn’t see that. I saw a good vision, but the document really lacks in the “how” department. I also saw many good actions and some terrific context. But seems like much more work is needed before we can say this strategy provides a vision for “how” we can improve use of digital identities. I think we can get there. We can get there by tapping into the great thinkers who really know identity management. The great computer science thought leaders from American academia and the standard’s bodies that make the Internet work.

Maybe the way ahead is to have the government coordinate the vision and principles and let the standards community come back with goals and objectives. The government could facilitate that interaction and keep it on track. But my sense is from reading this document the government’s role should not be to assert they know the answer, yet.

I’m not asking that the government go back to the drawing board. In fact, I’d like to see things move faster and would like to see some new ideas injected into the process.

Here is one that might help. Since many folks (like me) can criticize but few can truly produce workable ideas that scale, why not pull together a venue of the greatest minds in technology and issue the challenge to them. If the government has a compelling vision I think this could be done. I would start with the list of Turing award winners, then add in the dean’s of computer science from our greatest academic institutions. The result: a body who knows technology will be informing and guiding the strategy. When combined with the great leadership of professionals from government and the continued contributions from industry, this could be the winning approach.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder of Crucial Point and publisher of CTOvision.com

@ThingsExpo Stories
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
In his session at Cloud Expo, Alan Winters, U.S. Head of Business Development at MobiDev, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to maximize project result...
Personalization has long been the holy grail of marketing. Simply stated, communicate the most relevant offer to the right person and you will increase sales. To achieve this, you must understand the individual. Consequently, digital marketers developed many ways to gather and leverage customer information to deliver targeted experiences. In his session at @ThingsExpo, Lou Casal, Founder and Principal Consultant at Practicala, discussed how the Internet of Things (IoT) has accelerated our abilit...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settl...
In his session at @ThingsExpo, Dr. Robert Cohen, an economist and senior fellow at the Economic Strategy Institute, presented the findings of a series of six detailed case studies of how large corporations are implementing IoT. The session explored how IoT has improved their economic performance, had major impacts on business models and resulted in impressive ROIs. The companies covered span manufacturing and services firms. He also explored servicification, how manufacturing firms shift from se...
IoT is at the core or many Digital Transformation initiatives with the goal of re-inventing a company's business model. We all agree that collecting relevant IoT data will result in massive amounts of data needing to be stored. However, with the rapid development of IoT devices and ongoing business model transformation, we are not able to predict the volume and growth of IoT data. And with the lack of IoT history, traditional methods of IT and infrastructure planning based on the past do not app...
Organizations planning enterprise data center consolidation and modernization projects are faced with a challenging, costly reality. Requirements to deploy modern, cloud-native applications simultaneously with traditional client/server applications are almost impossible to achieve with hardware-centric enterprise infrastructure. Compute and network infrastructure are fast moving down a software-defined path, but storage has been a laggard. Until now.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
The best way to leverage your CloudEXPO | DXWorldEXPO presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering CloudEXPO | DXWorldEXPO will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at CloudEXPO. Product announcements during our show provide your company with the most reach through our targeted audienc...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
JETRO showcased Japan Digital Transformation Pavilion at SYS-CON's 21st International Cloud Expo® at the Santa Clara Convention Center in Santa Clara, CA. The Japan External Trade Organization (JETRO) is a non-profit organization that provides business support services to companies expanding to Japan. With the support of JETRO's dedicated staff, clients can incorporate their business; receive visa, immigration, and HR support; find dedicated office space; identify local government subsidies; get...
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
"We view the cloud not as a specific technology but as a way of doing business and that way of doing business is transforming the way software, infrastructure and services are being delivered to business," explained Matthew Rosen, CEO and Director at Fusion, in this SYS-CON.tv interview at 18th Cloud Expo (http://www.CloudComputingExpo.com), held June 7-9 at the Javits Center in New York City, NY.
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...