Editorial

Digital services: The challenges facing government

The public sector is digitising its services at pace. Here, Okta’s Clare White explains why it’s so important that organisations get factors like modernisation, security and the user experience right.

Posted 18 May 2022 by Christine Horton


Okta’s recent Public Sector Security Index report revealed that three-quarters of public sector organisations have digitised some services and are looking to expand considerably over the next two years.

However, the report identified some common problems facing both central and local government around improving the use of digital services. It recognised three specific challenges: modernisation of services, security for both government and their users, and customer experience.

Clare White, public sector account manager, Okta, explains how each of these challenges are interlinked, and must be considered within an organisation’s overall identity strategy.

Modernisation

Looking at modernisation of services first, White points to the tension between legacy and modern systems that often exists as migration to the cloud is taking place. “This can make it difficult for government departments to be agile, collaborate and innovate,” she said.

“According to the Centre for Digital Government, more than a third of government IT professionals said up to 50 percent of their infrastructure is legacy. What this does is to rack up technical debt and hinder efforts to improve operations,” said White.

“Modernising services when there is a large investment in legacy technology means It is never a simple rip and replace. Existing systems and infrastructure need to be maintained while a migration strategy is rolled out. For some areas of the public sector these transformation projects will take years to deliver and during this period, services whether they are government to government or government to citizen, need to be maintained. This will typically mean modernisation will happen in stages and this is where Identity Management is integral. An example of this could be the introduction of alternative login services such as social logins, biometrics and passwordless that are implemented gradually. Maintaining user experience without compromising on security as you shift away from legacy systems.”

Security

The next challenge Okta identified was around security,both for the provider of the service and the users of the service.

“The sensitive information that is collected and used will make governments a prime target for hackers and cyberattacks,” said White. “Depending on which area of the government is involved, a successful breach can expose different sets of extremely sensitive information  – it could be citizen health records, tax information, residential information – which can be disastrous for an individual if this is leaked in any way or is used in an unauthorised manner.”

“Highlighting this, the National Cyber Security Centre (NCSC) recently co-authored a report which recognises ransomware as the biggest cyber threat facing the UK. As we are still seeing very high levels of username and password being used to gain access to services and applications, an immediate step government departments can take to protect against ransomware is by adopting Multi-factor authentication (MFA). However adoption remains low, with a likely reason being additional friction to user experience.”

User experience

The third challenge and final challenge identified in the report is user experience. White notes that we have all made adjustments in our lives, both personally and professionally, around the digital services that we engage with.

“This has put increasing pressure on government services to be as easy to use, flexible and secure as perhaps our favourite shopping or banking experiences. Balancing security with a great citizen experience requires a modern identity service which can offer the staged approach to match the first challenge around legacy infrastructure. This means addressing the second challenge of growing security threats and finally, building a good customer experience,” she said.

“Sensitive services may need additional security from the user such as MFA, or adaptive MFA,  and this will be acceptable if it is relevant to the transaction and is simple to use. A way to manage the customer experience is to ensure these extra authentication requirements, trigger an additional layer of security,  but are only used when suspicious behaviour is detected or the transaction is of a sensitive nature. This is why a modern identity solution is needed.”

Balancing need with risk

White points out thatas soon as the volume of digital services increase – as they did during the pandemic – the benefits are felt almost instantly. But also the risks for businesses and individuals raise exponentially. This means that both the providers of the service and the users of the service need to balance the growing need and risk.

“Identity is the front door to these services,” she said. “There is a duty of care needed on both sides of that front door to ensure the experience is a simple, seamless and critically, a safe one.

“We are not going to reduce the amount of digital services we now use, this is only going to grow. It means governments are going to have to modernise and, in many cases, accelerate the availability of services which previously may have been done in more traditional ways such as in person, through call centres and basic on-line offerings.

“Trust is key to digital services. Government services need to be available to everyone and need to provide a level of trust that we have experienced with personal services such as online banking.”

And the role of identity and access management in securing digital services in the public sector? White believes that identity is at the heart of modernisation.

“Many areas of the public sector are very advanced in the services they have transformed,” she said. “These can range from digitising paper based services to online services such as renewing documentation (passports/driving licenses etc) through to community security in being able to report various levels of crime (anonymously or otherwise) online rather than visiting a local police station or phoning a call centre.

“Digital services can, therefore, bring efficiency, scale and cost savings and with a cloud first strategy across UK government, it is becoming easier to integrate services and enhance the security and experience for all involved. It also drives innovation as new or enhanced services can be explored with minimal investment in controlled testing environments.”

“With more people accessing online UK government services than ever before, providing simple and secure login and sign-up experiences is the only way forward. A strategic approach to identity must become a priority as the public sector seeks to deliver the full benefits of digital services to the public.”

Download the Okta Public Sector Security Index report.