Akamai Technologies (AKAM) announced that in collaboration with Daon, a leader in identity authentication technology and services, the two companies will offer Mobile Authentication as a Service (MAaaS). The solution is designed to provide cloud-based multi-factor authentication to increasingly mobile federal employees.
The authentication service can be used across a variety of mobile devices, and will be delivered as a cloud-based application in conjunction with CGI Group Inc., the first large IT services provider to receive FedRAMP authorization. By allowing federal agencies to maintain security control at the application level even if they do not manage the actual device, MAaaS can be used in conjunction with increasingly popular "Bring Your Own Device" (BYOD) programs.
"Public sector computing is happening on a wide variety of mobile devices, many of which are privately owned by federal employees," explained Tom Ruff, vice president, Public Sector, Akamai Technologies. "As such, Federal agencies are looking for more effective ways to manage devices, applications and data in smart, secure and affordable ways, while at the same time adhering to programs such as Cloud First."
The MAaaS solution can allow authentication parameters to be customized based on application and associated risk policy. This multi-factored, layered approach can help ensure the right level of protection is applied to protect information and privacy. Unlike mobile authentication solutions that employ single or 2-factor authentication, the MAaaS solution can incorporate as many as seven factors of authentication provided by Daon.
"As part of the Daon pilot for the National Strategic Trusted Identities in Cyberspace (NSTIC) initiative, we have been able to provide our members a secure and easy way to authenticate themselves to the restricted areas of our website," said Carter Morris, senior vice president, Transportation Security Policy at the American Association of Airport Executives (AAAE).
The new solution is also designed to allow government agencies to incorporate existing Common Access Card (CAC) or Personal Identity Verification (PIV) card implementations into their mobile authentication strategies. This should allow agencies to take full advantage of the government's current investments in efforts such as X.509 compliance technology, while allowing greater flexibility and security to their workforce.