Governments throughout the world are working hard to provide access to digital services that are secure and easy to use. Login.gov in the US, GOV.UK Verify in the UK and Govpass in Australia are a few examples of government’s beginning to offer protected and compliant access for citizens. These are still early days so what should you look for in an identity management platform?
Some time back, I watched a webcast from Government Matters TV entitled: ‘The Future of ID Management in Government’. It outlined some of the great work that US Federal Agencies do to introduce new technologies to bring secure access that fits the way that public sector employees work today. It struck me that although the work was excellent it seemed a little out-of-date in today’s world.
As we transition into the digital age and citizens and partners demand greater access to services and systems. Identity management has moved from the province of the HR department and is no longer solely focused on the internal employee – although, of course, this is still an essential part of any identity management strategy.
The webcast came back to mind when I saw recent research that showed the US Federal Government suffers the most data breaches of any government in the world. In all 57% of Federal agencies reported data breaches in 2017 – compared with 26% of non-US government agencies. For perspective, the number of US Federal data breaches rose from 34% in 2016.
Citizen experience has to come first
This increase in the number of data breaches is alarming – especially with the US government’s focus on protecting critical infrastructure. Providing high levels of service to citizens has to take precedence. IT security can no longer be just about hardening the network perimeter. We require a way of allowing people to access the services they want at a time and in a way that they want. This requires a new level of identity management.
We all know that people are demanding that they can access their government services in the same way as they access products and services from the private sector. They want the convenience and the omnichannel experience that they can get from their banks and online shops. In this digital world, identity matters. Citizens want a level of authentication that gives them secure access to the digital services that are appropriate to them.
Giving these citizens what they want makes perfect business and financial sense for government agencies. If you can provide secure access to digital services, you can deliver a high degree of self-service to the user. There’s no need for time-consuming office visits or protracted correspondence – where important documents are exchanged by mail. Automation enables back-office administration to be dramatically reduced – as is the opportunity for error in what has previously been heavily manual processes is eliminated. A great example of this is in Finland where people are able to renew their passports online.
It’s clear there are impressive cost savings available to a government agency when citizens are able to take advantage of these types of digital services. In fact, the UK government suggested it saved $2.37 billion through digital transformation in 2014 alone.
The role of the identity management platform
Initiatives such as Login.gov have quite rightly started with small projects – such as the Customs and Border Protection jobs app – to prove the concepts. To fully meet citizen expectations, you need an identity management platform that can easily scale to support large user populations of millions with device agnostic access and sophisticated authorization and provisioning capabilities.
The core of the platform is the ability to create a single, consistent and accurate view of every citizen that includes all their access rights to every system across government agencies. This not only helps the agencies engage more efficiently with citizens, it provides a single, repeatable process that allows for the development and roll-out of new services quickly and cost effectively.
The best identity management platforms – such as OpenText™ Covisint Identity Platform deliver:
Single Sign-On services – such as Gov.uk Verify or Govpass – have moved well beyond static user name and password. We now inhabit the world of multi-factor authentication where text entry, account details, SMS, biometrics and behavioral analysis are used in combination to authenticate the person. For example, registration for Govpass in Australia involves most of these – including supplying a photo to be compared with driver’s license and passport – to establish the citizen’s digital identity. Once established on the platform, the citizen can then access the services they require. Going back to the Australian example, the government’s Digital Transformation Agency admits that it has more than 30 different logins for its digital services.
If identity assurance covers authentication then access assurance covers authorization. Once we know who the person is, we need to ensure they only have access to the right services. The fundamental approach must be the least access at all times. Access assurance is one of the most important capabilities for an identity management platform as it is the rogue and orphan accounts that can offer vulnerabilities for data breaches. Access rights must be quickly and efficiently provisioned and, just as important, removed. Some identity management platforms allow for sophisticated rules-based and real-time provisioning.
Identity federation allows multiple organizations to provide access to users across systems and enterprises using the same identification data. It overcomes the limitations of legacy infrastructures and allows citizens to access services from all the agencies they engage with. Identity federation is an important foundation for government’s move to shared services as it ensures the privileged access that the agencies and their citizens require.
It’s essential that the identity management platform you select contains integrated identity governance capabilities. You must be able to define, enforce, review and audit identity management policies and map your identity function to regulatory compliance requirements and records retention policies. Embedded analytics capabilities will not only ensure that you know what’s happening but will allow you to predict where vulnerabilities may occur in the future and help plot user behavior to track anomalous activities.
Identity management platforms give governments worldwide the ability to centrally manage the digital identities of employees while delivering protected access for citizens. In addition, the next generation of platforms – like the OpenText Covisint Identity Platform – have the capabilities to manage people, systems, applications and things within a unified digital ecosystem. As the Internet of Things grows and citizens connect from more devices, the ability to manage machines, like users, becomes imperative.
Find out more about how identity management can help drive successful digital transformation by joining us at this year’s Enterprise World in Toronto.
In the meantime, if you’d like to know more about how OpenText can help, complete the contact form here and we’ll be delighted to start the conversation.