Why the public sector must prioritise digital identity

In this Q&A, Grace Dolby, Okta Technical Champion, Somerford Associates, and Bob Feeney, Central Government & Defence: Cloud Security: Identity & Access Management: Data Governance, Somerford Associates, discuss why identity is still an afterthought in the public sector – and what can be done to address the problem.

Posted 20 March 2023 by Christine Horton

You’ve described identity as still being an afterthought when it comes to digital transformation. Why do you think this is?

Often the project, application or integration will be discussed in detail and planned, and identity management and authentication is just added once the project is at a proof of concept stage. It can be difficult for teams to think about identity management and authentication theoretically so it only comes to the forefront when required practically.

What kind of problems can this cause?

In general it just adds unnecessary complexity. It often means that bespoke integrations per application, data store or platform are created and have to be managed and updated manually. It can also lead to multiple credentials for end-users which makes onboarding and offboarding incredibly difficult and long-winded. As people in the IT team move and leave, information such as, what uses separate credential stores, can be lost. This means credentials can stay live in systems not being as regularly monitored and updated, widening an organisations attack surface without them even realising. Whilst organisations are moving to API-first strategies, integrating these with more traditional methods of managing identity proves complicated or often impossible, again creating additional credential stores that are separately managed or allowing users unnecessary access levels.

How best can organisations overcome these problems?

Within the public sector there are some incredibly large digital transformation projects ongoing and being completed successfully, and some that have had significant challenges. We believe that having an open forum for discussion for the good, the bad and the ugly allows the public sector to learn from other departments without having to make the same mistakes themselves, this is why Somerford hold regular Discovery Forums, to share knowledge from not only products and services, but also to allow organisations to discuss with each other.  We find there is so much great knowledge being gained but not effectively shared throughout the different organisations across Government, but the public sector can also learn from Commercial programmes.

How much is this a cultural issue, as opposed to a technological issue?

Historically digital, IT and technical projects have not always been the most aligned with the business, and likewise there have been many projects pushed on from a business perspective without fully understanding the impact technically or for end-users day to day usage. Generally IT and technical projects are becoming more aligned with the business, but I think there are still some misconceptions that still need to be addressed to align the businesses expectations and reasons more effectively with the technical needs of IT and the end-users. Technical concepts and platforms are becoming easier to understand for those not that way inclined, and as it becomes more entrenched in everyone’s daily lives I think it has naturally led to executives, VP’s and C level members to become more aware of what a certain technology can do. However, we continue to see projects becoming derailed because of miscommunication or misunderstanding. Therefore, I think the business having a stronger appreciation for the challenges IT face and overcome is required, as well as IT taking some time to be open to discuss and educate the business on what certain issues or improvements mean for the organisation in its day to day. Technology will continue to become easier to implement, more automated, and of course more widespread, but to meet the organisations needs and maintain security and availability everyone needs to be on the same page.

Where else have you seen greater collaboration paying off across government?

All Government departments have similar problems with updating legacy hardware and software while trying to move securely to the cloud. However, most departments still purchase solutions from an individual viewpoint with very little collaboration with areas of the organisation on what works well as “best practices”. There are some great examples of where collaboration has worked within Police Scotland, where they have combined all constabularies into one department increasing their buying power as well as rolling out a unified security strategy.  

How else can organisations better prioritise identity in the rollout of new applications and services?

Including those who manage identity as part of the first discussions within a project, not only will it allow them to understand everyone’s expectations and required outcomes, it also allows them to highlight at an early stage any potential risks or issues they can foresee. We would encourage public sector organisations to be open to a strategic approach to identity, looking at new and improved ways to manage identity that will equip them for the future as well as integrating with legacy infrastructure which in many cases cannot go anywhere for a while.

What might be Somerford’s role in this?

We always find that our customers in the public sector get the most out of us when we work in a trusted advisor role. Often, projects may be on the horizon or about to begin that we can bring our experience across multiple agencies too as well as a high level of technical expertise. Likewise, we work with best of breed solutions like Okta to help bridge any gaps that may be missing in existing platforms, such as a strong holistic identity management platform. Our ongoing support provides a continual shoulder to lean on and our free to join workshops also allow for new members to be upskilled as well as those who may have previous experience to continue their personal development.

What is the big takeaway to organisations about identity?

First and foremost, make sure that the requirements of the business and what expectations they have are clearly discussed with the technical teams involved. Keep identity in mind from the first discussion of a project, and ensure that those departments or agencies who have completed a similar improvement before share their own lessons learnt. Ensure any platform you are seeking to bring identity into is suitable for your future plans, and can cross not only human identity, but also server to server communication as well as more innovative methods such as APIs and cloud infrastructure.

Finally, don’t be scared to ask the question “how do we manage identity within this?”. When new projects are being kicked off, it should be something discussed, tested and agreed before anything related to the business gets put into the platform.

Bob Feeney and Grace Dolby

As a Trusted Advisor to our customers with Technical Champions in Okta, Somerford can provide support to Government Departments who are embarking on any projects to protect data.  We run numerous events, Discovery Forums, Thought Leadership events to support programmes of work. Our technical Consultants are SC and DV cleared with many years of experience and we provide Business Value Consulting, to ensure project success.  A few recent resources for Identity in Public Sector are:

Follow Somerford and Okta on LinkedIn for updates or contact the company for further information

Sponsored editorial