Industry voice: All parts of the public sector are facing common challenges in harnessing digital identities for their transformation programmes, writes ForgeRock's Stuart Hodkinson, Regional Vice President for the UK and Ireland
We all know that the public sector faces long term - and extreme - financial and demographic pressures, and that a shift to online service, citizen self-service and new digital business models will be crucial to meeting the challenges of this post-Brexit world.
But ensuring that someone really IS who they say they are in the digital world is essential in underpinning this shift. That old adage "On the Internet, nobody knows you're a dog" rings truer than ever in this world of increasing cyber crime and fraud.
Identity is truly central to the successful future of digital transformation in public services.
Everybody is looking to do the same thing: benefit from the digital age whilst protecting citizens and the organisation from danger. However, through both our work in the private sector with media and financial giants such as Comcast or BNP Paribas, and in the public sector with organisations as diverse as Bristol City Council, the Met Office and the European Parliament, we have identified five common digital identity challenges to any transformation programme.
Top five digital identity challenges
1. Harnessing social media logins
How can organisations safely use the social media information customers may wish to provide as part of their identity registration and life cycle? Many service providers in the private sector are already using Facebook, Twitter and Instagram identities for registrations and sign-ins, and there might be benefits for public authorities in the approach.
But such a move requires caution - it is astonishingly easy for anyone to create a social media identity in a false name. Therefore, any solution wishing to draw on social media identities must have extra layers of assurance built in. For example, organisations could draw on their own sources of information to verify and tag these social media identities and link them to a real citizen record within their own system. Using social media holds great promise and true ease of access for the citizen, but it is going to require a lot of thought about security and assurance to do it effectively when sensitive or financial information is transacted.
2. Joining up data silos
Large organisations – in all sectors – have a history of working in silos both culturally and technically. Many are burdened with a range of legacy infrastructure and data, with correspondingly different customer identity systems delivering different services. Sorting out the mess can be a long, complicated business that feeds a sense of inertia and inhibits plans for transformation.
But in order to truly transform your organisation this has to be addressed. Joining up the silos using unique digital identities is an essential first step, and developing a set of common APIs enabling services to call on that data is an important building block for a more streamlined approach.
3. People, devices and things
To add to the complexity of systems and silos within an organisation, services need to be delivered to people across an ever-growing magnitude of platforms and devices - all with different interfaces, from small screen mobile phones to plasma screen smart TVs. Add to this a growing plethora of IoT devices that need to be identified, secured and managed and this is a significant challenge.
But, here again, your set of common APIs can be used to enable any platform or language to convey a digital identity and interact securely with the organisation’s systems.
4. Death of the password
Since the dawn of the digital age people have used passwords to access systems. And the more systems you use the more passwords you had to have. But with the latest generation of identity systems able to run seamlessly in the background to recognise both user and device there is a trend towards the ‘one-time’ password.
Indeed, some systems that require two or more authentication factors are already removing the password completely – a move that heralds the arrival of ‘passwordless’ mechanisms, that rely more on contextual factors such as device and location or biometrics as the prime authenticator. It is therefore important to ensure that you have a ‘future proof’ identity system that can adapt to new technologies and user habits as they emerge.
5. User control and privacy
In the public sector the issue of data sharing has become an increasingly political hot potato. There are indeed many good reasons to share data: to improve services, to flush out fraud, to predict service volumes, create home care plans and so on. But just how much data about themselves do people wish to share? And how can they be given control of their own identity and attributes in such sharing?
The new UMA protocol – User Managed Access – is an open standard that maps out how to put control of information sharing directly into the hands of the individual, enabling them to consent – or not – to their data being shared with other parts of the organisation or even between organisations.
Such transparency of data use and putting control in the hands of the individual can only be welcomed and should enable organisations to build a trusted relationship with their citizens.
Common to many of the above challenges is the use of industry and open standards, plus the use of open source to enable quick integration via APIs with legacy systems and new applications as they evolve.
For the organisation this will make it easier to research and imagine new business models that transform operations. It also provides a foundation on which to simply build and integrate – freeing the team to concentrate on solving problems and creating more value for their citizens.
For the public sector in particular, use of open standard and open source technology will save organisations from being locked in to any supplier long term, improve prospects for a good return on investment, and enable them to respond quickly to new threats and technology trends. In these fast moving, but financially constrained, times organisations need to be agile in their use of technology with the ability to scale up or down as requirements change.
Crucially, such an approach also helps organisations work hand in hand with national programmes such as GOV.UK Verify – the government’s standard mechanism for identity assurance. For example, Warwickshire County Council, the Open Identity Exchange and DWP have been developing the concept of an online eligibility checker in a digitised Blue Badge application use case with Verify. If successful, the reusable, scalable concept could deliver a "seismic shift" at the heart of digital public service provision.
These are challenging but exciting times for digital identity. The landscape is changing quickly and opening up opportunities for the public sector to place digital identities at the centre of their transformation programmes and take their services into a new era.
Join ForgeRock in London on the 19th October at the ForgeRock 2016 Identity Summit to explore how you can successfully navigate the digital identity landscape. Speakers from the BBC, the Department for Work and Pensions (DWP), HM Courts & Tribunals Service, ForgeRock, Consult Hyperion, Innovate Identity and Gartner Research will share their experiences and help you take your services to the next level.