Multi-factor authentication is 99% effective at stopping account hacks, and is a rapidly growing $10 billion market.

Yet the federal government, which contains some of the most sensitive data records and at which hackers launch hundreds of millions of attacks per day, has not modernized its authentication systems. The lack of secure authentication in government agencies puts Americans’ data at risk. RSA Security is trying to change that.

As of November 2019, the Federal Risk Authorization Management Program, a program within the General Services Administration that manages the security of cloud-based products within the federal government, has granted “In-Process” status to RSA SecurID Access.

RSA SecurID Access is an RSA Security product that extends modern authentication practices and credential management to both on-premise and cloud services. The “In Process” status means that RSA SecurID Access can be fully implemented across all federal agencies.

As a result of the RSA SecurID Access implementation, federal government workers will have access to the full suite of authentication products: multi-factor authentication, mobile push notifications, biometrics, FIDO log-ins, one-time passwords and hardware and software tokens.

How Does RSA SecurID Access Work?

RSA SecurID Access is built for the federal government and is designed to move government data to the cloud. The platform supports data stored both on-premise and in the cloud. This dual-implementation is critical to integrating with government agencies, as many rely on legacy on-premise data systems. RSA’s press release on the announcement describes the product as “a unique hybrid model that integrates all the on-premises and cloud components into a unified solution, making it faster and easier for on-prem customers to connect to the cloud.”

In other words, by unifying on-premise and cloud data, RSA not only increases its adoption rate by incorporating agencies that store their data on-prem, but also encourages agencies to move their data to the cloud. RSA SecurID Access’s unified storage model de-risks the move to the cloud by ensuring that no on-prem data is lost in the move.

Rob Carey, VP/GM for RSA Global Public Sector, expressed excitement about the company’s long-term goal of encouraging the government to increase its reliance on the cloud: “Today’s announcement that we’re in-process for FedRAMP certification further proves our commitment to serve our federal customers as they continue moving from on-premise systems to cloud-based IT. They can be assured that RSA takes their trust and security seriously and that we’re bringing that to the cloud.”

Beyond facilitating cloud storage, RSA SecurID also enables government agencies to handle complicated permission sets that define government activity and databases. Civilians, defense contractors and policymakers often each have access to different amounts of data, according to legal standards. Ensuring that only the appropriate individuals receive access to certain datasets is critical to helping policymakers get the information they need to do their jobs, while also allowing citizens to exercise their rights under acts like FOIA.

Kenny Harrison, Division Chief of the Telecommunications Office at the U.S. Census Bureau, hinted at RSA’s larger goal of modernizing the authentication and credential infrastructure in his response to the announcement: “Government agencies increasingly need to support the workforce through both on-premise and cloud applications, which requires an authentication infrastructure. By serving as a formal sponsor to RSA for FedRAMP certification, we hope to help other federal agencies modernize their infrastructure and secure their agency mission.”

ABOUT THE WRITER

Quinn Barry is a Tech Innovation Fellow from Stanford University covering innovations in digital privacy across finance and government.