Ian Lowe, Head of Industry Solutions – EMEA at Okta, argues that identity is at the heart of public sector digital transformation
Online experiences begin with verifying our identity. And, for government services, citizens need to interact with and gain access to multiple online accounts in a simple yet secure way.
To get the most from digital transformation, and empower citizens with seamless online experiences, identity is emerging as an increasingly strategic investment. Indeed, the UK government recently published its response to a public consultation on digital identities with new legislation to make digital identities more trustworthy and secure.
While we’re all aware of the pressure to digitise public services, there are three common areas that the government must navigate to get it right: modernisation, security and experience. These are critical to providing a next-generation digital identity strategy.
Modernisation in stages for public sector digital transformation
As businesses embrace digital transformation and look to modernise their technology stack, there is often tension between legacy and newer systems with data and applications continue migrating to the cloud. Approximately half of the government’s annual IT spend goes on maintenance and managing the data and cybersecurity of obsolete legacy systems.
A technical debt is racking up, hindering onward efforts to improve operations. Rather than rip and replace, the public sector must actively retain what it has, while also investing in the future. This is a delicate balancing act, which means modernisation must happen in stages. Identity solutions gradually free the government from legacy systems while ensuring cybersecurity is guaranteed throughout modernisation.
There is at least a 90% reduction in the ratio of threats to authentications when an organisation denies access using legacy authentication in access policies, according to Okta’s Business @ Work report. Updating legacy systems is, therefore, vital to remaining secure.
Security in the public sector
The UK government is a prime target for bad actors and cyberattacks. Depending on which area of the government is involved, a successful breach can expose different sets of extremely sensitive information which can be disastrous for citizens.
Highlighting this risk, the National Cyber Security Centre (NCSC) recently published a report recognising ransomware as the biggest cyber threat facing the UK today. Multi-factor authentication (MFA) is just one immediate step that organisations can take to protect themselves against cyberattack. However, adoption of this technology remains low, with a likely reason being additional friction to user experience.
Identity strategy has a key role to play in addressing this issue, with smarter identity solutions available to balance seamlessness and security. For example, password-less and biometric security, which although ubiquitous in multi-factor authentication (MFA), are key antidotes to the shortcomings of traditional passwords.
Experience is one of the challenges
The third and final challenge is experience. Broadly speaking, we now expect the same seamless experiences from government services as we get from our consumer-facing applications.
For user experiences in identity, experiences can vary widely, often to the detriment of access to a service.
For example, not only is friction added when citizens must create and remember complex passwords, but experience deteriorates when you have to login separately to multiple government services. Good experiences are those in which the public can login once, using only a name and biometric – instead of a password – to every government service.
MFA solutions, although safer than traditional logins, are sometimes perceived to inhibit user experience, as the process can be time-consuming. The government can encourage seamless and safe access to its services through digital identity strategies such as adopting adaptive MFA, which triggers additional layers of authentication only when unusual login activity is detected.
Key issues when it comes to digital skills
In addition to these three core challenges, Auth0’s recent report dissected the specific issues that governments face when it comes to identity and, through polling 200 UK public sector IT professionals, highlighted the most prominent concerns in the UK, including:
Overcoming the digital skills gap
- There are never enough developers, never mind the added difficulty of recruiting public sector developers from private sector jobs. Not having enough resources to manage IAM (identity and access management) internally is the second biggest pain point for respondents in the report (82%).
Preventing account takeover and breaches
- Stolen credentials are responsible for the majority of web application breaches, but username and password is still the most frequently used authentication method by citizens (86%).
Migration from legacy systems
- Many public sector organisations are looking to expand their digital services in the next two years (75%). Identity can help bridge the gap between modern and legacy systems, allowing for adaptation of solutions in stages, with no negative impact on citizens’ experience of critical services.
Identity is crucial to solving these challenges. We’re at a key moment in time where strategies can meet the concerns of the UK public sector by employing seamless solutions that ensure security while enhancing digital transformation. For the public sector, utilising third-party identity solutions from the private sector has become fundamental to addressing these challenges. Not only will this deliver direct access to specialists in identity – thereby freeing overworked government IT teams and managing the digital skills gap – but also, their expertise in the field is unparalleled in ensuring a good balance of security and user experience.
Furthermore, third-party solutions remove the burden on the government to keep up with the constantly evolving standards and tech innovations.
Fortunately, a new generation of risk-based, adaptive authentication processes can deliver both security and a frictionless customer journey. They introduce roadblocks only where needed – if a login is overtly suspicious or breaks behavioural norms – and without reducing user experience.
With more people accessing online UK government services than ever before, providing simple and secure login and sign-up experiences is the only way forward. A strategic approach to identity must become a priority as the public sector seeks to deliver the full benefits of digital transformation to the public.