Interview: Julian Lywood Mulcock, head of technical practices, Auth0

Auth0’s Julian Lywood Mulcock on the challenge of implementing digital identity in the public sector, and how the company’s Identity Maturity Framework can deliver against customers’ needs.

Posted 23 November 2021 by Christine Horton

What are the biggest pain points today for organisations today regarding digital identity?

Rolling out a digital identity programme is challenging for a number of reasons that will vary depending on the agency. For example, in some cases, the largest hurdle may be settling on an overarching technology strategy to serve the community. For others, overcoming demographic barriers to adoption of digital identity might be the greatest challenge. However, in working with our customers, we’ve seen three high priority focus areas regarding digital identity irrespective of the situation: end user experience, security, and operability.

When we talk about end user experience, this is all about the ease with which constituents can access a service. Traditionally, in the public sector, this meant queuing up at a service center in the middle of the work day or accessing services through an archaic portal with a custom username and password. What we’re seeing more and more of is that citizens expect a seamless, digital experience when interacting with governments, akin to those they have with their favourite private sector brands.

Secondly, is security. Regardless of the industry, consumers want to feel confident that their data is safe. It’s up to service providers to instil a high degree of trust with their users through robust, but usable security policies. In the public sector, there’s a heightened responsibility here because we’re talking about highly sensitive, citizen data.

The additional challenge on the government’s side is that security experts are limited, expensive, and difficult to attract. So you have this unique paradigm where on one hand security cannot be compromised but on the other, it’s difficult to find the necessary resources to solve the problem effectively. 

And finally, having technology that improves efficiency and has the elasticity to cope with the demands placed on it is the final challenge we often see and what we refer to as operability. Citizen services are always on services which means your infrastructure needs to support someone accessing services at odd hours of the night to peak times during tax season. Consider the recent pandemic and the response in the UK to implement Test and Trace; critical to its success was the ability to provide secure and dependable access to the service at all times from many different types of devices – no mean feat.

Again, it will vary depending on the agency, however, end user experience, security, and operability are often the three key challenges we see regarding digital identity in the public sector.

Are there any specific issues in the public sector you can talk about?

The main issue we’re seeing in the public sector is how legacy technology stifles innovation—everything else stems from this. In the past, the tendency was to build in-house solutions for internal collaboration, file sharing, and even identity.

The problem with this approach is that DIY solutions widen the attack surface for hackers to gain access to sensitive information and require constant updates by limited, in-house expertise. Additionally, due to the dated technology infrastructure, development to support frictionless experiences and forward thinking applications are hamstrung. So it’s not an isolated challenge: security, overhead, and value delivery to citizens are all impacted by legacy infrastructure.

Fortunately, we’re seeing cloud adoption increase by governments around the world—sparked by COVID-19 of course. It will continue to be a transition because it’s not a matter of out with the old and in with the new. There needs to be a balancing act between driving modernization while also maintaining legacy systems. This is one of the biggest challenges we see in the public sector.

What is identity maturity?

Identity maturity is a way of thinking about the efficacy of your existing identity solution and its capacity to handle new government requirements and citizen demands over time. Achieving identity maturity involves understanding what a fully functional, centralised authentication solution looks like. Evaluating your current state, creating a plan to improve your identity infrastructure, and fostering a culture of continuous improvement are also key to reaching identity maturity.

What is the Identity Maturity Framework and how can it help customers?

As we’ve discussed, digital identity is challenging from a technical perspective, but it’s also overwhelming from a prioritisation perspective – identity projects can be massive and knowing where to start isn’t always easy. To help address both of those challenges, we’ve created the Identity Maturity Framework. It’s a tool that helps us visualise identity delivery within an organisation driven by the customer’s needs. This ensures we collaborate on the right things, at the right time, in the right way, and with the right people.

You can think of it as a play by play on how to solve a problem in the right order, while also keeping the organisation’s objectives in mind. And this is a critical key because it helps us bridge the gap between technical teams focused on execution and strategic teams focused on outcomes.

How is Auth0 rolling this approach out?

To be honest, the approach is quite simple. We focus on understanding our customers’ challenges and aggressively focus on aligning our internal teams around them. The IMF is central to that because in the early stages, we’re taking stock of the current situation, priorities, and long term goals of the customer. This is primarily led by the pre-sales team. Once the customer decides to move forward with Auth0, our implementation teams can easily step in to support customers along their journey of identity maturity. The goal is to make the customer feel as though there’s one consistent experience between them and Auth0 where everyone is aligned to ensure they accomplish their objectives.

Download your copy of the Identity Maturity Framework here.