Daniel - stock.adobe.com

UK government bodies challenged on secure identity

Public sector bodies in the UK recognise secure identity and access management as critical to the roll-out of digital services, but face challenges in addressing this

Secure identity and access management (IAM) is emerging as a foundational aspect in helping public sector bodies and government organisations improve their existing services and launch new ones faster and more safely, but these organisations are finding it a challenge to hit on the perfect strategy, according to new research from Okta-owned ID specialist Auth0.

To inform its inaugural Public sector identity index, Auth0 questioned public sector IT leaders in the UK, Australia and New Zealand, and the US to highlight the importance of centralised ID strategies in putting safe, accessible services into people’s hands more quickly.

With Covid-19 having forced an immediate need among many such organisations to deploy digital services faster, the impacts on cyber security and user experience are only now becoming apparent: three-quarters of respondents are still looking to further expand their digital services between now and the midpoint of the decade, and a similar number rank protecting citizen data and privacy as the most important aspect of planning to deliver digital services.

On a global basis, the report found that fewer than one in five leaders had confidence in the security or ease of use of their current authentication system – 17% and 19%, respectively. Just over four in 10 (41%) were building their own IAM solution in-house, and of these, the biggest pain points were speed of implementation (83%) and using internal staff to manage the service (82%).

“Digitisation is likely to continue in the light of zero-trust mandates and mounting consumer expectations,” said Dean Scontras, Okta’s VP of state and local government and education.

“Public sector organisations greatly benefit from bringing their identity management strategy into line with their digital goals. While there is a strong focus on securing citizen data, the vast majority of applications are still protected by a username and password, despite their well-documented security risks.”

In the UK specifically, Auth0’s data reveals that the most important aspects of delivering digital citizen services are that they be mobile accessible (72%), preserve and protect citizens’ data privacy (71%), general accessibility of services (68%) and building adaptable services (68%). From a cyber perspective, UK public sector leaders also rated highly the need to balance security with user experience and ensuring citizen trust in digital, with 66% and 63%, respectively, saying these factors were either very or extremely important.

Read more about IAM

But in all of the above listed instances, the public sector’s confidence in its ability to deliver against these challenges was 10-15 percentage points lower, with only 54% saying they were either very or extremely confident that they could protect data privacy, and only 52% saying they were happy they could ensure citizen trust.

When incorporating IAM into digital services, four in 10 UK public sector respondents currently use a third-party IAM service, and three in 10 build in-house, while 18% don’t know. For those choosing to build in-house, the biggest benefits appear to be the ability to control where data is stored and processed, the ability to provide stricter internal security and management than a third-party supplier, and the ability to adapt authentication to various applications and services.

Pain points for self-build IAM included a lack of resource and staff, slower speed to implementation, extra pressure on the overall IT budget, a lack of expertise, and incompatible or unscalable solutions.

Citing recent Forrester research that predicted many more government bodies will look to zero-trust to revive public trust in digital services, Auth0 said that taking an identity-first approach to put IAM at the core of digital transformation projects was a must, along with laying the foundations of zero-trust. The public sector should look to newer login technologies that move away from traditional usernames and passwords and introduce friction for end-users only when suspicious behaviour is detected, it added.

“In the face of increasing digitisation, skills shortages and online harms, governments are taking a hard look at the technologies they can bring on board to help them reach their digital goals,” said Okta consultant Jessica Figueras, who also advises governments on cyber crime and digital identity. “The research suggests that identity is one such technology that can help the public sector do more with less.”

Auth0’s full report is available to download from its website.

Read more on Identity and access management products

Data Center
Data Management