The United Kingdom led countless pioneering advances in early computing history. It is a country of early adopters – and that's especially true for its government.
The UK Government launched its first externally-facing website in 1994. Its first efforts were cautious and limited in scope. As its confidence and competence grew, Whitehall rapidly expanded its digital footprint. Not long after, you could apply for a passport, register to vote, and file a tax return, all without leaving the same centralized hub.
In 2012, the Coalition Government launched the newest incarnation of its externally-facing web presence, dubbed gov.uk. This was more than a visual overhaul. This was a vastly more ambitious and expansive platform. It also represented a seismic shift in how public sector IT was built.
Gone were the reliances of waterfall methodologies, costly external contractors, and proprietary software. Government IT projects would faithfully resemble their private-sector equivalents, with open source software widely used and applications built using agile methodologies. They put UX first, and developers agonized over aesthetics and accessibility.
However, as Auth0's 2022 Public Sector Identity Index report demonstrates, there are several opportunities for improvement, particularly when it comes to how citizens authenticate and access vital government apps.
88% Building External Applications
Auth0, in partnership with Market Connections, surveyed 200 UK IT leaders across local and national governments about their attitudes to identity and their priorities when developing digital citizen services. The findings show local and national bodies have different perspectives when it comes to their priorities, their confidence when it comes to delivering a secure experience, and their attitude to authentication.
Respondents from central and local government bodies were equally likely (64% each) to operate applications where the intended user is a member of the public. Both categories were equally likely to build external-facing applications (88% each).
However, when we break down the data and focus on employee and vendor-focused applications, we notice a slight divergence in the data. Central government respondents were marginally more likely to build applications where the intended user is an external vendor (48% versus 42%). For the purpose of this survey, the term "external vendor" includes both private-sector suppliers and other government bodies.
Those working in national government departments were similarly more likely to build and maintain applications for internal use. Almost three-quarters of respondents — 73% — reported operating applications intended for internal employees.
Mobile First Priorities, Low Confidence in Delivery
Although local and national respondents were equally likely to build citizen-focused external applications, we noticed several significant disparities in their priorities. Central government respondents were more likely to value user experience (UX) than their counterparts in local government.
The most commonly-cited priority in this cohort was mobile availability (78% versus 65% for local government), followed by accessibility via computer (73% versus 61%), and "overall accessibility" (72% versus 74%).
Despite these lofty goals, neither cohort described feeling confident about their ability to deliver on the items they cited as their biggest priorities. Local and central government respondents were equally pessimistic about their ability to provide an accessible mobile experience, with just 53% describing themselves as "extremely" or "very" confident.
Perhaps surprisingly, central government respondents were vastly more likely to rank "cost reduction via process automation" as "very" or "extremely" important (68% versus 51%). According to the Institute for Government (IfG), local government funding dropped by 16% between 2010 and 2020.
The IfG notes that local governments face increased demand for social care services but are limited in their abilities to generate additional revenue. Just 12% of taxes are collected locally in the UK, compared to 30% in Germany and 50% in Canada. Compounding this problem, block funding from Westminster dropped by 37% in the 2010 to 2020 period, whereas council tax rates soared by 25%. Poorer regions (including Merseyside, Northumberland, and Pembrokeshire) faced the biggest overall hikes.
Digitization and process automation can help councils use their increasingly-diminishing funds more efficiently, deliver better value to taxpayers, and meet the challenges of an aging population. Achieving this goal, however, may prove elusive. Just 50% of local government respondents, and 45% of those surveyed from national bodies, said they felt "very" or "extremely" confident in their ability to deliver on this point.
Local Government Leading on Biometric and MFA
Unsurprisingly, usernames and passwords were the leading authentication method for citizen applications, as reported by 89% of central government respondents and 80% of the local government cohort.
The data showed significant discrepancies between local and central government bodies when it came to their use of more modern and secure authentication methods. Local government bodies were significantly more likely to use biometric or passwordless authentication (24% versus 11%) and reported higher rates of two-factor authentication usage (66% versus 52%).
Local governments were marginally more likely to report using in-house CIAM solutions (31% versus 27%) and more likely to report scaling, deployment, and compatibility issues. Almost half of the local government respondents said they lacked the resources to adapt their IAM solution to the various apps used by citizens, employees, and external partners. 40% reported compatibility issues, and 44% complained about a slow time to implementation.
Despite that, respondents from both central and local governments reported high levels of enthusiasm for a centralized IAM system, where users and stakeholders use a single credential throughout all their touchpoints. Additionally, both cohorts were roughly aligned on their vision for what such a system would ultimately look like, with privacy, interoperability, and user experience all listed as urgent priorities.
One point of divergence is in backward compatibility, with local government respondents vastly more likely (73% versus 56%) to value solutions that would allow them to use their existing databases rather than migrate to a new system. This trend is likely indicative of the prevalence of legacy systems in local government and the comparatively lower availability of IT resources.
How Modern Identity Can Help
The UK pioneered digital citizen services, setting the benchmark for other nations to beat. Adopting a modern approach to identity can further expand upon those early successes and ensure its leading status endures for years to come.
Commercial off-the-shelf identity solutions like Auth0 can help local and central government bodies accelerate their time-to-market while ensuring the security and usability of services.
Auth0's platform uses open standards such as OpenID Connect, OAuth2, Security Assertion Markup Language (SAML), and Fast Identity Online Alliance (FIDO), ensuring compatibility with existing applications. It includes essential security features, like Adaptive MFA, Brute Force Protection, and Breached Password Protection. And with capabilities like WebAuthn Passwordless authentication, governments can accelerate the rollout of UX and security-boosting identity features.
To learn more about the state of identity and access management in the UK public sector, check out our whitepaper.