Identity Security Best Practices and Partner Solutions for Azure Government Clouds
A detailed review of how Cloud services can be configured to meet the demanding security needs of the public sector.
Hyper-scale Cloud providers like Microsoft implement advanced security technologies to secure their environments, like ‘Confidential Computing‘.
For certain industries like Government they then further refine the service offerings available, dedicating Cloud services to their unique privacy obligations.
Even more specifically we can then look at how their other products can be combined to meet the total technology and legislative needs of Governments.
Digital Identity
To map these innovations to public sector requirements we can review a number of key policy developments, notably those for Digital Identity.
Recently the US Senate passed the Improving Digital Identity Act, a bill to establish a task force within the Executive Office of the President to coordinate a government-wide effort for promoting digital identity credentials (e.g., electronic driver’s licenses and birth certificates) for use in the public and private sectors.
Identity is one component part of the US Government’s overall cybersecurity strategy. NIST released version 2.0 of their Cybersecurity Framework, of which one pillar is their IDAM Roadmap, covering a diverse array of projects including biometric technology evaluation, Mobile Driver’s License, and fraud detection using Privacy Enhancing Technology.
FICAM is the federal government’s implementation of Identity, Credential, and Access Management (ICAM), a core component of their Identity pillar in their zero trust architecture.
This stipulates best practices like FIDO2 and phishing-resistant authentication, and initiatives to encourage adoption include a recent Whitehouse-hosted ‘Multifactor Authentication (MFA) Modernization Symposium’, intended to educate sector executives on the need for phishing-resistant MFA.
Azure Identity for Government – Partner Showcase
Microsoft tailors their Cloud and Identity services to meet these specific needs: For example setting up Phishing-Resistant Multi Factor Authentication, and new Entra provisioning APIs that empowers organizations to onboard employees FIDO2 security keys (passkeys) on behalf of users, a key phishing-resistant method.
This is a component part of an overall Azure suite engineered to meet unique needs of Government requirements for national security, implementing NIST-defined practices for Zero Trust security and tailoring services like 365 for ‘GCC High’, designed to meet various Federal data security regulations, including CMMC and DFARS 7012.
Entra for Government configures the Identity suite for deployment into these Government Cloud environments, and Partners then further augment and extend this capability:
Company | Capabilities | |
Axiad | Axiad Cloud offers the only FedRAMP, cloud-native phishing-resistant authentication service that supports both FIDO2 and PKI as specified by CISA and NIST, and is the ideal complement to an organization’s Microsoft Entra ID investment. | |
Hypr | The Hyper integration for Entra seamlessly integrates Microsoft-validated, FIDO Certified device-bound passkeys, enabling you to deploy phishing-resistant MFA across your organization, from desktop to cloud, ensuring your authentication meets directives from CISA and OMB. | |
Condatis | Condatis specializes in the Entra suite, offering solutions for Government Citizen Identity, deployed for customers like Defra and RMIT. | |
Idemia | Idemia have integrated with Entra, to provide liveness and document verification technology for Microsoft Entra Verified ID. The company provides public sector Identity solutions such as automated passenger gates for Singapore’s Changi airport. | |
Nerdio | Nerdio has announced Multi Entra ID tenant management for Azure Virtual Desktop, for customers who maintain multiple Entra ID tenants through use of GCC High. | |