Identity the burning question for Fire and Rescue NSW
By GovTechReview Staff
Wednesday, 23 July, 2014
Wednesday, 23 July, 2014
Typically large numbers of users makes management in most public-sector organisations a special kind of challenge, but when those users are constantly mobile and often joined by itinerant employees, the task becomes positively treacherous.
For Fire and Rescue NSW (FRNSW), one of the world's largest fire and rescue services, the task has been made much easier with the implementation of an identity and access management (IAM) solution from NetIQ. Use of that company's Identity Manager has enabled IT staff to manage user information and access rights for nearly 14,000 full-time and volunteer fire fighters across 338 fire stations and 663 firefighting vehicles.
Enforcing access consistency for those kinds of numbers – especially given the 7000 volunteers with no formal organisational ties to FRNSW – would normally be a menacing task for most IT managers. But Malcolm Thompson, assistant director of IT infrastructure, says the use of an automated IAM platform has boosted security integrity and fostered management autonomy amongst its users.
“Capability is a key concept for us,” he explains. “We have to be 'can do' people, and we can't afford to waste time and effort on administration. Our role in IT is to set up automated systems that enable the business to manage its own assets. Identity Manager enables us to manage a huge set of users with just a handful of dedicated staff.”
FRNSW has just 10 dedicated employees managing identities across the organisation's IAM function, which has expanded over time from just supporting FRNSW's own users to support a new role in which they use the same platform to manage nearly 100,000 identities on behalf of other emergency-services organisations.
Those identities are delivered to organisations like NSW State Emergency Services and NSW Rural Fire Service, with built-in identity federation providing seamless links across myriad systems both inside and outside the organisation.
By positioning itself as a central service provider, FRNSW has become a “recognised centre of excellence for IT services,” Thompson says. “Our IT services depend largely on our ability to provision, manage and ultimately de-provision identities. We have a solid architecture in place, so provisioning new users is fast and easy.”
A location-based policy, for example, might allow certain levels of access for a particular identity when that identity is located in the company's home state, while restricting access to other resources when the identity is travelling overseas.
“The key word is context, and location plays a big part in it,” Yip says. “Contextual access control flows on from access control policies that need to be a bit more dynamic.”
Integration continues to challenge efforts to manage resources based on identity, with legacy systems presenting integration challenges even as the balance steadily shifts towards cloud-based systems with open, API- based interfaces.
“It's going to get better,” Yip says. “The more organisations go to cloud, they're going to need to expose a lot of the application they've got in place – the data – to other programmatic bits and pieces, exposing them to the infrastructure. When they start to do that, they generally build more standards into things so they will work out of the box more easily.”
One area where better integration will play a role is with the shift towards having social- media logins become increasingly usable for corporate purposes: for example, the NSW Fire and Rescue platform has also enabled the management of employees and non-employees who participate in FRNSW-sanctioned programs such as 'Waste the Waist' – an online-backed fitness education program through which over 1500 staff lost more than 2177kg in weight and 2391 centimetres off their waists.
Such identities may be tangentially related to the service's mission statement, but their integration into the platform reflects the many- headed approach that is now being taken towards identity. Social-media credentials will play an increasingly important role in such ancillary purposes, but Yip warns that they won't fully come into their own until there is broad access to federation standards.
“A lot of the discussions we're having with government are looking at how they can share services, and use certain services that one department has built and potentially leverage from a technical and commercial standpoints.”
“Federated access controls and identity play a big part, and the government just needs to look at that and the open standards around federation to be able to do that a lot more easily and quickly.”
The concept of identity within the organisation has been expanded to refer to much more than just people: individual identities have been created for major assets such as the service's 663 firefighting vehicles. Thanks to integration with the service's automatic vehicle location (AVL) system and the turnout systems that alert fire stations to emergencies, those identities are also being used to track the status and location of each vehicle – assisting in optimising the organisation's response to emergencies.
Broadening of the concepts around identity is becoming “more and more” common as organisations consolidate and extend their IAM deployments, says NetIQ's Asia-Pacific identity, security and governance product/business manager Ian Yip.
“Organisations have a long-term view on this Internet of Things, and they're working to get frameworks in place to treat their stuff as objects,” Yip explains. “Objects will need accounts, permissions, policies, and access. Policies need to be applied because it can be difficult to manage, and you don't necessarily want to lock everything down.”
Despite their capabilities, IAM systems alone aren't a direct replacement for the large asset management databases, which Yip said tend to be “large lookup tables”. Instead, they can be used to integrate contextual information such as an identity's location, in order to drive the execution of related policies and procedures.
A location-based policy, for example, might allow certain levels of access for a particular identity when that identity is located in the company's home state, while restricting access to other resources when the identity is travelling overseas.
“The key word is context, and location plays a big part in it,” Yip says. “Contextual access control flows on from access control policies that need to be a bit more dynamic.”
Integration continues to challenge efforts to manage resources based on identity, with legacy systems presenting integration challenges even as the balance steadily shifts towards cloud-based systems with open, API- based interfaces.
“It's going to get better,” Yip says. “The more organisations go to cloud, they're going to need to expose a lot of the application they've got in place – the data – to other programmatic bits and pieces, exposing them to the infrastructure. When they start to do that, they generally build more standards into things so they will work out of the box more easily.”
One area where better integration will play a role is with the shift towards having social- media logins become increasingly usable for corporate purposes: for example, the NSW Fire and Rescue platform has also enabled the management of employees and non-employees who participate in FRNSW-sanctioned programs such as 'Waste the Waist' – an online-backed fitness education program through which over 1500 staff lost more than 2177kg in weight and 2391 centimetres off their waists.
Such identities may be tangentially related to the service's mission statement, but their integration into the platform reflects the many- headed approach that is now being taken towards identity. Social-media credentials will play an increasingly important role in such ancillary purposes, but Yip warns that they won't fully come into their own until there is broad access to federation standards.
“A lot of the discussions we're having with government are looking at how they can share services, and use certain services that one department has built and potentially leverage them from a technical and commercial standpoint.”
“Federated access controls and identity play a big part, and the government just needs to look at that and the open standards around federation to be able to do that a lot more easily and quickly.” – David Braue
“Capability is a key concept for us,” he explains. “We have to be 'can do' people, and we can't afford to waste time and effort on administration. Our role in IT is to set up automated systems that enable the business to manage its own assets. Identity Manager enables us to manage a huge set of users with just a handful of dedicated staff.”
FRNSW has just 10 dedicated employees managing identities across the organisation's IAM function, which has expanded over time from just supporting FRNSW's own users to support a new role in which they use the same platform to manage nearly 100,000 identities on behalf of other emergency-services organisations.
Those identities are delivered to organisations like NSW State Emergency Services and NSW Rural Fire Service, with built-in identity federation providing seamless links across myriad systems both inside and outside the organisation.
By positioning itself as a central service provider, FRNSW has become a “recognised centre of excellence for IT services,” Thompson says. “Our IT services depend largely on our ability to provision, manage and ultimately de-provision identities. We have a solid architecture in place, so provisioning new users is fast and easy.”
A location-based policy, for example, might allow certain levels of access for a particular identity when that identity is located in the company's home state, while restricting access to other resources when the identity is travelling overseas.
“The key word is context, and location plays a big part in it,” Yip says. “Contextual access control flows on from access control policies that need to be a bit more dynamic.”
Integration continues to challenge efforts to manage resources based on identity, with legacy systems presenting integration challenges even as the balance steadily shifts towards cloud-based systems with open, API- based interfaces.
“It's going to get better,” Yip says. “The more organisations go to cloud, they're going to need to expose a lot of the application they've got in place – the data – to other programmatic bits and pieces, exposing them to the infrastructure. When they start to do that, they generally build more standards into things so they will work out of the box more easily.”
One area where better integration will play a role is with the shift towards having social- media logins become increasingly usable for corporate purposes: for example, the NSW Fire and Rescue platform has also enabled the management of employees and non-employees who participate in FRNSW-sanctioned programs such as 'Waste the Waist' – an online-backed fitness education program through which over 1500 staff lost more than 2177kg in weight and 2391 centimetres off their waists.
Such identities may be tangentially related to the service's mission statement, but their integration into the platform reflects the many- headed approach that is now being taken towards identity. Social-media credentials will play an increasingly important role in such ancillary purposes, but Yip warns that they won't fully come into their own until there is broad access to federation standards.
“A lot of the discussions we're having with government are looking at how they can share services, and use certain services that one department has built and potentially leverage from a technical and commercial standpoints.”
“Federated access controls and identity play a big part, and the government just needs to look at that and the open standards around federation to be able to do that a lot more easily and quickly.”
The concept of identity within the organisation has been expanded to refer to much more than just people: individual identities have been created for major assets such as the service's 663 firefighting vehicles. Thanks to integration with the service's automatic vehicle location (AVL) system and the turnout systems that alert fire stations to emergencies, those identities are also being used to track the status and location of each vehicle – assisting in optimising the organisation's response to emergencies.
Broadening of the concepts around identity is becoming “more and more” common as organisations consolidate and extend their IAM deployments, says NetIQ's Asia-Pacific identity, security and governance product/business manager Ian Yip.
“Organisations have a long-term view on this Internet of Things, and they're working to get frameworks in place to treat their stuff as objects,” Yip explains. “Objects will need accounts, permissions, policies, and access. Policies need to be applied because it can be difficult to manage, and you don't necessarily want to lock everything down.”
Despite their capabilities, IAM systems alone aren't a direct replacement for the large asset management databases, which Yip said tend to be “large lookup tables”. Instead, they can be used to integrate contextual information such as an identity's location, in order to drive the execution of related policies and procedures.
A location-based policy, for example, might allow certain levels of access for a particular identity when that identity is located in the company's home state, while restricting access to other resources when the identity is travelling overseas.
“The key word is context, and location plays a big part in it,” Yip says. “Contextual access control flows on from access control policies that need to be a bit more dynamic.”
Integration continues to challenge efforts to manage resources based on identity, with legacy systems presenting integration challenges even as the balance steadily shifts towards cloud-based systems with open, API- based interfaces.
“It's going to get better,” Yip says. “The more organisations go to cloud, they're going to need to expose a lot of the application they've got in place – the data – to other programmatic bits and pieces, exposing them to the infrastructure. When they start to do that, they generally build more standards into things so they will work out of the box more easily.”
One area where better integration will play a role is with the shift towards having social- media logins become increasingly usable for corporate purposes: for example, the NSW Fire and Rescue platform has also enabled the management of employees and non-employees who participate in FRNSW-sanctioned programs such as 'Waste the Waist' – an online-backed fitness education program through which over 1500 staff lost more than 2177kg in weight and 2391 centimetres off their waists.
Such identities may be tangentially related to the service's mission statement, but their integration into the platform reflects the many- headed approach that is now being taken towards identity. Social-media credentials will play an increasingly important role in such ancillary purposes, but Yip warns that they won't fully come into their own until there is broad access to federation standards.
“A lot of the discussions we're having with government are looking at how they can share services, and use certain services that one department has built and potentially leverage them from a technical and commercial standpoint.”
“Federated access controls and identity play a big part, and the government just needs to look at that and the open standards around federation to be able to do that a lot more easily and quickly.” – David Braue
Related Articles
Adapting to new cybersecurity challenges: a roadmap for Australian government agencies
Given the rise in cyber threats against government networks and critical infrastructure sectors,...
Growing fraud trends in Australian health care
As the healthcare landscape evolves, so do the methods of fraud.
Overcoming the top cybersecurity challenges faced by public agencies
With a new cybersecurity strategy out and the right approach to key challenges, the public sector...
