The global pandemic provided an important opportunity for public sector departments to transform how they let citizens access crucial services. Demand surged for citizens wanting to access benefit claims, information on Covid vaccinations, and other important public services. This article describes the central role digital identities and their secure management plays in shaping the public sector’s future.
A huge motivating factor behind the trend of digital transformation in the public sector is to use technology to provide government services online versus having to wait in a queue for hours at a time to access these services. Digital government services can expand the reach of key services into people’s homes, which helps vulnerable or isolated members of society access what they need.
A United Nations e-Government survey from 2020 found that more than 84 percent of countries now offer at least one online transactional service. The global average number of e-Government services is 14.
WIth social distancing driving large increases in online interactions, people have come to depend on the Internet for many different types of service, from private sector e-Commerce to public sector benefits. With 85 percent of US adults owning a smartphone as of 2021 and 74 percent owning a laptop or desktop, the provision of government services online can reach large swathes of the population.
From the perspective of citizens, it has become an expectation that they can access public sector services in a secure and private way from any device. Central to meeting these expectations is putting digital identities at the heart of any digital transformation in government services provision.
When citizens use public services, the nature of such services requires citizens to disclose sensitive information to government departments and organizations. For example, the average benefits claim form contains a wealth of personal information of the kind that cybercriminals regularly seek to steal. In a world where sensitive communications between citizens and governments happen online, secure digital identity management is of paramount importance.
The crux of the matter is using digital identities and access policies to ensure that government systems or services can verify the individual accessing their particular services at a given time. For digital identity management to really help achieve digital transformation in public sector service provision, there are some important features needed, such as:
While it’s a complex undertaking to properly manage digital access to public sector services, here are some IAM tips that can help achieve this type of service provision with the desired levels of security, privacy, and frictionless user experience.
Use Multi-Factor Authentication
When citizens access public services, the security of their information isn’t assured if a username-password combination is the sole authentication mechanism in place. In order to confirm users are who they say they are, government services should always ask for one more distinct piece of evidence, such as a one-time passcode sent to a citizen’s mobile phone or a digital certificate. Multi-factor authentication is a must to avoid instances where stolen credentials lead to the theft of personal citizen information or even identity theft.
Consider Single Sign-On
Single sign-on (SSO) lets users access multiple applications within one organization using one set of credentials. This type of service is currently available at Login.gov for federally funded services. Citizens can use one account and password for secure, private access to participating government agencies. SSO meets the pressing need for a seamless user experience when trying to access government services.
Remembering multiple usernames and passwords to access different services ultimately results in user frustration. Login.gov does not cover all state and local departments or services, so there are still many opportunities to use SSO at these levels. It’s still critical to have multi-factor authentication in place with SSO so that public services can authenticate securely.
Proper governance can identify security risks and non-compliance within a complex public services IT infrastructure through well-defined roles, responsibilities, and rules for user access. To meet these needs, proper governance depends on analytics to identify access changes that could introduce security risks into an infrastructure. Automated provisioning rules can reduce inefficiencies and reduce the attack surface area.
With so much on the line when it comes to security and privacy, it’s vital for IAM in the public sector to incorporate wider contextual information when providing access. Such contextual security information can include device type, time of access, IP address, and location. A citizen accessing government services from Beijing when they live in Boise should trigger alarm bells about a digital identity compromise.
The Tuebora Way
Governments need an adaptive and flexible digital identity solution if they want to shape the future of public service provision. Tuebora uses a micro-services approach to IAM in which organizations can select and customize functions from governance to single sign-on to machine learning and analytics. Within the public sector, these distinct services can fill holes and help achieve a robust IAM deployment that meets security and UX requirements.
Contact us today for a demo.