Identity Credential & Access Management
Common ICAM Challenges
How can my organization deliver services securely while keeping criminals and others who should not have access out?
How can my organization know which standards and technologies will best meet my needs now and in the future?
How can my organization integrate leading and emerging technologies into my legacy infrastructure?
How can my organization share sensitive information without risking data exposure and compromising trust?
How can my organization balance operational requirements, security, usability, privacy, fiduciary and labor constraints, and adherence to policy and regulation?
If you are an IT decision maker, you’ve most likely recognized that Identity and Access Management (IAM) plays a central role in protecting information within your organization and into the cloud. To manage risk, you must carefully evaluate your information assets, and control access against emerging Cybersecurity threats. Easy Dynamics can help you find the answers - as we’ve already done for a growing list of US Federal agencies including the Department of Defense, and commercial customers.
We have deep expertise in Cybersecurity and cryptography, IAM, privacy, Cloud and systems engineering, integration & development, and accreditation. Our services help organizations evaluate their IT and business security posture enabling systems design or modernization with confidence in your access and cybersecurity controls. Our clients benefit from our deep knowledge of industry and related technical standards, policies, and regulations.
This knowledge comes from the leading roles we’ve had in both shaping and implementing the standards and policies that impact your organization now and in the future, including the National Institute of Standards and Technology (NIST) SP 800-63 Digital Identity Guidelines & Privacy Framework, FICAM Roadmap, & Attribute Exchange protocols, as well as our participation in OpenID Connect WGs, FIDO WGs, W3C, OASIS, Kantara, …)
We understand that everyone has different requirements, risk tolerance, and constraints so we will never offer a one-size-fits-all solution to your unique problems. We will combine our deep technical and policy expertise with strong critical thinking, a trusted agent mentality, and high-level business consulting to work with you (to provide strategic guidance and) find the optimal solution for your organization. We are visionaries that not only help you solve the problems you face today – we will help you anticipate and prepare for the challenges of tomorrow.
Identity Risk & Management
- For businesses, people, & devices
- Proofing - resolution, validation & verification
- Identity verification techniques using public & private data
- Biometrics & artificial intelligence
- Secure remote identity proofing
- Secure BYOD
- Risk-based decisioning modeling
- OpenID Connect, SAML
- Bring your own identity (BYOI)
- Public/private federation partnerships
- Privacy-preserving attribute exchange
- Access control
- Zero trust architectures
- Privacy-enhancing technologies
- Cryptographic expertise
- Vulnerability analysis
- MFA & multi-modal biometrics
- Secure password management
- Passwordless AuthN
- HSPD-12 & FIDO
- Continuous & Behavioral AuthN
- Step-up authentication techniques
- Account lifecycle management
- Fraud detection and mitigation
Policy & Standards
- NIST 800-63-3 & 800-53
- FIPS 201 & HSPD-12-PIV/CAC/PIV-I
- OMB M-19-17
Privacy & User Consent
- NIST privacy framework & strategic guidance
- Privacy risk assessment
- Privacy threshold analysis (PTA)
- Privacy impact assessment (PIA)
- Privacy-preserving technologies
- Privacy by design
Solution Architecture & Deployments
- Strategic road mapping
- Cloud – AWS & Microservices
- DevSecOps & agile development
- Value-driven Human-Centric design
- Integrated omni-channel solutions
- Product & vendor analysis and testing
- ATO accelerators, FedRAMP, FISMA, ISO 27001
- Role & Attribute Based Access Control (ABAC)
- Adaptive Policy Based Access Control (PBAC, XACML)
- Privacy-preserving insider threat detection
- Privilege management