With shift to increased remote work and zero trust, NIH eyes cloud solution for identity
As researchers do more work remotely outside of National Institutes of Health facilities, NIH is looking for more modern, cloud-based solution for its identity and access management.
NIH issued a request for information this week in search of identity, credential and access management (ICAM) vendors who can help transition the agency’s existing on-premise identity capabilities to a software-as-a-service in support of its move to a zero-trust security architecture.
Specifically, NIH wants a SaaS solution that provides web authentication, directory services and secure access service edge (SASE) services in the cloud.
“NIH is undergoing important transformations in when, where, and how the workforce operates.
The ICAM Modernization project will facilitate NIH staff members’ and biomedical research partners’ access to their NIH-managed systems and data securely, anytime, from almost anywhere in the world,” reads the RFI, adding that “NIH anticipates future ICAM solutions delivering faster, more secure and cost-effective services from the cloud.”
According to NIH, its Center for Information Technology serves “50,000 users daily in more than 400 buildings and facilities and hosts a 225,000-user grantee population. NIH also provides services to 1.2 million federated users domestically and internationally.”
The COVID-19 pandemic introduced new challenges and exacerbated existing ones, which led NIH to pursue a new cloud-based ICAM solution. It hopes a vendor can help with speeding up integration of applications via automation, lower operation costs with a more streamlined identity environment, enhance real-time visibility into active users and platform availability, and improve performance for end users.
Importantly, the envisioned solution would also provide key pillars of NIH’s zero trust roadmap in that it “eliminates implicit trust by continuously authenticating and validating digital identities based on a content and context-aware logical access boundary.”
“In the target state, anyone who attempts to access NIH managed resources will do so through enterprise-level SASE and Identity as a Services (IDaaS) platforms,” the RFI explains.
It continues: “The SASE and IDaaS solutions will provide a diverse set of security and networking capabilities to grant access to NIH’s applications and infrastructure which are both on cloud and on-premises. These capabilities will enable limited access, allow/block access, require MFA, block legacy authentication and force password reset. NIH will also utilize Continuous Monitoring and Diagnostics tools to ensure the services offered by the future solutions are operational and secure.”
Interested parties have until March 7 to issue responses for the RFI.