How to protect digital citizen identities through identity management

Featured eBooks
Changes in State and Local Government Workforces
NASCIO Special Report 2024
A New Era of Social Media Regulation
Insights & Reports
Unlocking digital potential: Strategies for modernizing government services
Presented By Adobe
Download Now
Unlocking public sector potential
Presented By NTT DATA
Download Now
By Dean Scontras
 

Connecting state and local government leaders

By Dean Scontras

|

Federal and state governments must implement government-to-citizen identity and access management solutions that not only provide security but also improve the user (i.e. citizen) experience while protecting their data.

Securing digital citizen identities continues to be a top concern for the federal and state governments. Over the past year and a half, the COVID-19 pandemic reinforced the importance and need for secure authentication and credentials in a number of ways. 

Primarily, the pandemic necessitated a proliferation of digital identities, as citizens required increased access to online government services. Unfortunately, this growth also highlighted a lack of identity security, as seen with fraudulent unemployment insurance claims filed using stolen identities. With this spotlight on securing citizen identity while also maintaining citizen data privacy, federal and state governments must implement government-to-citizen identity and access management (IAM) solutions that not only provide security but also improve the user (i.e. citizen) experience while protecting their data. 

Strong authentication and access management plays a two-fold role. Primarily, it will ensure citizens’ data, privacy and identities are protected from attackers. Secondly, an effective authentication tool will actually improve access and the overall login experience. For example, if a citizen has one strong login for multiple government services, not only is that more secure but it makes accessing those services more streamlined. 

What makes securing citizen identity unique 

Governments are now expected to offer citizens the same level of secure and seamless access as they experience in the consumer and corporate worlds. However, there are differences between workforce identity (i.e. identity for employees) and citizen identity -- the latter is significantly more complex. 

With workforce identity, employees are given a single identity to access applications, referred to as a single sign-on (SSO) solution. When it comes to citizen identity, users often create multiple different identities to access different services offered by the same government. For example, a citizen might have one login for renewing a vehicle registration and another for obtaining a state fishing license. 

As governments rethink and restructure their digital services, they must rein in these disparate logins and create cohesive login experience for citizens, similar to the SSO solutions they have constructed for their own workforce. However, these applications are different in many regards. Whereas workforce applications are third-party applications, citizen-facing applications are often customized, requiring an entirely different set of identity features. Given the unique challenges to securing citizen identity, the best IAM solutions are the ones that can be easily integrated across platforms. 

The roadblocks, both avoidable and unavoidable 

Breaking down siloed identities to create a single and seamless login experience requires governments to implement identity management as a holistic statewide strategy. While each agency faces its own unique set of challenges -- ranging from funding to staffing shortages, to potential compliance requirements -- the one roadblock that can be avoided is lack of awareness. Identity security and management will redefine government online capabilities, and it’s unacceptable for governments to not be aware of the risks at hand without strong IAM. 

Like their private-sector peers, states must increasingly view themselves more like software companies that deliver digital citizen services and less like traditional government “agencies” where citizens have traditionally stood in line to have a piece of paper processed. Subsequently, states are increasingly becoming dependent upon those developers who are actually helping to transform the citizen experience, which will be based on identity. Governments' path to secure IAM will be different depending on their abilities and resources. Some will be able to use a team of developers to build an IAM solution in-house while others will choose a third-party vendor. Regardless of the approach, long-term success for IAM solutions will rely on  their usefulness for developers and compatibility with preexisting applications as they bridge from the old to the new. 

Working with legacy systems is oftentimes one of the biggest roadblocks to implementing new security measures. Unsurprisingly, the best people for navigating system changes are developers. They are not only the most familiar with the system, but they also have the most skin in the game. Ideally, by using solutions that are easily integrated into new and existing applications, developers will be able to allocate their time and resources to modernizing and securing platforms. 

Implementing a customizable government-to-citizen solution

Customizable IAM is a cornerstone of government services because the applications used are almost entirely custom built. With these unique application configurations, utilizing identity-as-a-service allows governments to implement security measures that meet the unique needs of their services without draining developer time and resources. Government-to-citizen IDaaS navigates the fine line between building both custom and secure applications that still allow for convenient user (citizen) access. 

With an IDaaS solution, developers can adapt and extend their authentication services with a simple configuration, avoiding technical complexities and enabling greater speed of adoption.

With the right IDaaS solution, a government can implement features like SSO, self-service account management, consent and preference management, multifactor authentication, access management, directory services and data access governance.

Having a platform that is customizable, allowing developers to integrate directly into new and existing applications, strengthens features throughout IAM. Below are three core, customizable features of a strong government-to-citizen IDaaS solution: 

  • Single sign-on: By implementing a SSO experience, citizens can navigate between applications without having to reregister. This consolidated sign-on experience is crucial to ensuring seamless citizen experience across government agencies. 
  • Multifactor authentication: MFA is one of today's gold standards for verifying identity. The solution supplements the traditional password with additional verification methods that use additional factors:  something you know (like a password), something you have (like a cellphone) and something you are (like a fingerprint). Since this multistep process is much harder for hackers to fake, it is more secure. 
  • Consent and preference management: Automating the consent management process, makes regulatory compliance seamless. It allows developers to focus on what they do best, rather than devoting time and resources to user consent collection and management or propping up a legacy solution.

Simply put, an effective government-to-citizen IDaaS solution ensures that citizens have convenient and secure access to their applications across government services. In order to achieve this balance, the solution must be customizable to meet the unique application needs of governments without burdening developers with building an in-house solution. With online government services rapidly expanding, now is the time for governments to step up and invest in citizen identity management to provide a user experience that meets the security, privacy and convenience expectations citizens have grown accustomed to in the consumer world.

NEXT STORY: DHS looks to CMMC for contractor security model

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.