Join today’s leading executives online at the Data Summit on March 9th. Register here.
This article was contributed by Dean Scontras, vice president of SLED at Auth0 and Okta.
Over the past two years, we all found ourselves on the front lines of a massive digital shift, with COVID-19 precautions limiting in-person interactions. To meet these demands, many public sector organizations had to rapidly pivot from their traditionally paper-based, in-person processes and deploy digital infrastructure to maintain continuity of their services amid the pandemic — such as offering citizen passport renewals and name changes online,
However, this rapid adoption of digital services amid the pandemic has caused a massive increase in the number of online identities and access points for malicious threats, leaving governments to grapple with the impacts on cybersecurity and user experience.
From the Executive Order on “Improving the Nation’s Cybersecurity” in the U.S. to digital identity and Single Sign-On (SSO) initiatives in the UK and Australia, enabling employees, citizens, and other government entities to access all of these applications easily and securely has become a demand around the world.
COVID-19 specific challenges
As government agencies quickly transitioned to offer more abundant online services, various initiatives appeared to be ‘rushed’ and, in some cases, resulted in compromised identities on a large scale. For example, numerous COVID-19relief and unemployment payments were stolen due to unsecure identities.
One of the current challenges and opportunities related to the digitization of government services is the introduction of digital vaccination cards. With various cities and states around the country announcing their version of digital vaccine verification apps, the rapid development of these solutions raise important questions and considerations, and unveils the government’s historically archaic approach to digital citizen services. Curiosity persists around topics such as how digital vaccination records are being stored and managed, and if this data is fully secure.
These digital vaccine passports do however mark an encouraging step forward in the transition to digital citizen services and could potentially lead to digital IDs becoming a universally accepted method of verification. Digital ID passports offer citizens’ quick and seamless access to their own personal information, meaning, as it should be, their own identity is at their fingertips.
Further, these solutions both acknowledge and accommodate each citizen as a user and consequently their user experience. However, with new technology comes new security challenges. Two questions remain: Why has the public sector not previously placed a greater emphasis on online citizen services and digital infrastructure? And what can be done to ensure user security as digital ID solutions become more prevalent?
The need to refocus on security, privacy, and convenience with identity management for citizen digital services
As many public sector organizations quickly continue to invest in digital infrastructure and introduce new digital services, cybersecurity concerns coupled with poor user experience continue to be a key challenge for government agencies.
According to Gartner, at least 85% of governments without a total experience (TX) strategy will fail to successfully transform government services. A total experience strategy includes heightened privacy and security initiatives to ensure a positive experience for citizens. However, previously siloed services lead to an unnecessary proliferation of online identities, creating major security gaps and a frustrating user experience overall.
Only one in five respondents from a recent global public sector survey of IT and business decision-makers are extremely confident in either the security (17%) or ease of use (19%) of their current authentication solution. Regional analysis shows U.S. respondents rank ensuring citizens’ trust in digital services as an area of high importance (71%), and they have less confidence in their organization’s ability to deliver this (56%).
A successful shift to digital services starts with a centralized identity and access management (IAM) strategy to bolster end-to-end security and put safe and accessible services into the hands of end-users faster.
Broader threat landscape for government organizations
As a further impetus for the public sector to prioritize more secure and accessible online services, over the past year, we’ve seen that governments at all levels are frequent targets for bad actors, whether it relates to ransomware, weakened critical infrastructure, or obtaining sensitive or critical information. Nation-state attacks are on the rise, targeting every level of government directly, and the world is seeing this first-hand with the recent cyberattacks on a number of Ukrainian government websites.
These targeted attacks have led the federal administration to mandate that defense and intelligence agencies are required to implement multi-factor authentication (MFA) controls, in order to better protect employee and citizen data. The strength of the whole rests on the sum of its parts, and the U.S. commitment to improving national cybersecurity begins with strengthening the endpoints used by its employees and citizens.
This government mandate requiring MFA controls highlights dedication and is a promising step by the government to address and bolster the security and identity of all digital government services.
What’s next for government and citizen digital services?
Secure intentionally, meaning that digital capabilities are designed to be secure from day one, continues to become an increasing focus, especially when it comes to introducing new technological applications such as vaccine passports and online passport renewal. To prioritize this privacy and security, government organizations should implement a centralized identity strategy as a way to put safe and accessible services in the hands of citizens faster, and unify and streamline government workflows.
Further, rather than expediting individual digital services, if governments were to adopt a holistic, proactive approach to digitizing the majority of citizen services (before a major event occurs, like COVID-19), there would be a greater guarantee that digital services will be secure, easy to use, and streamlined for citizens across the globe. In doing so, security gaps are mitigated and user experience is vastly improved.
Dean Scontras is vice president of SLED at Auth0 and Okta