business

Improving the Nation's Security, Starting with Identity

Auth0 Public Sector Identity Index shows government leaders in the United States are clear on their priorities but could use some help improving citizen security.

Over the past two years, all levels of government in the United States (US) have made massive strides in their ability to deliver digital citizen services. Whether filing for unemployment benefits or renewing a driver's license, the COVID-19 pandemic accelerated digital government initiatives by years, enabling citizens to access critical services online rather than in-line.

As these services continue to be deployed digitally, a key area of focus amongst all US government officials is managing the constantly evolving cybersecurity landscape. Executive orders from President Joe Biden and the 1.2 trillion dollars bipartisan infrastructure bill are both examples of steps taken to improve the nation's cybersecurity posture.

Data from our own Public Sector Identity Index, a primary research report with insights into the identity maturity of public sector organizations around the world, further supports how Federal, State, and Local government leaders prioritize security when delivering government-to-citizen (G2C) applications. In our survey, the top three priorities cited by respondents when launching online services for citizens were:

  1. Abiding by data security regulations
  2. Securing citizen services
  3. Ensuring citizen trust in digital services

Despite the intense focus on protecting citizen data, the results show there's still room for improvement. Only 19% of government leaders were highly confident in the security of their current authentication solutions, and 86% of governments rely on custom username and password credentials as a citizen's primary means of authenticating into applications, despite their well-documented security risks.

Fortunately, Customer Identity and Access Management (CIAM) solutions can help governments improve their applications' security without compromising the citizen experience.

Billions of Dollars Lost to Fraud

Over the past decade, data breaches in the US have doubled, and governments have been a primary target for bad actors amidst the pandemic. This shouldn't come as a surprise due to the highly sensitive data they store, legacy technology infrastructure, and the pace at which citizen services were launched; governments were and continue to be a perfect target for hackers.

Notably, levels of fraud have significantly increased amidst the pandemic as bad actors take advantage of the dire circumstances in which citizens required relief and governments scrambled to set up systems to deliver it. The Federal Trade Commission (FTC) reported a 3,000% increase in fraudulent applications for government benefits in 2020. Data from the department of labor estimates that 36 billion of the 360 billion from the Cares Act was lost to fraud.

Some sources are even citing 2020 as the year the world experienced a health care crisis and a cyber pandemic due to the radical shift in online life.

A Void of Security Talent

Despite rampant cyberattacks, citizen adoption of digital applications in both the public and private sectors continues to accelerate. Data from McKinsey shows that in the United States, the adoption of digital consumer interactions was pulled forward by three years.

As citizens—who have the dual identity of also being consumers—continue to shift to an online world, authentication becomes increasingly important as it's the front door to any service.

Unfortunately, the onus is on service providers to ensure their authentication methods are secure. Most people know password reuse is unsafe but choose to use the same password on multiple sites because they have roughly 100 passwords to remember.

This poses a natural challenge for government agencies because finding, acquiring, and retaining cybersecurity talent to build and maintain security infrastructure is increasingly challenging. State CIOs have been quite vocal about this. Concerningly, it's not just a problem limited to the public sector. The International Information System Security Certification Consortium ([ISC]2) recently conducted a study that found 60% of security leaders globally worry the cybersecurity staffing shortage is placing their organizations at risk.

Protecting Citizens with Identity-as-a-Service

Commercial off-the-shelf identity solutions like Auth0 are one option governments can rely on to improve the security of their citizen-facing applications with limited internal resources.

Auth0's platform is built using open standards such as OpenID Connect, OAuth2, Security Assertion Markup Language (SAML), and Fast Identity Online Alliance (FIDO) so that when new threats emerge, they can be quickly identified, understood, and neutralized by a community of experts.

Attack protection capabilities are also available out of the box to help governments ensure end-user security through features like Adaptive MFA, Brute Force Protection, and Breached Password Protection.

Additionally, with capabilities like WebAuthn Passwordless authentication, governments can introduce login experiences that improve the citizen experience while enhancing the security of their services.

To learn more about the state of identity and access management in the public sector, download our latest whitepaper. In the report, we highlight key trends observed across both Federal and State/Local governments pertaining to digital citizen services, highlight areas of opportunity, and shed light on how identity can improve the nation's cybersecurity posture. For a quicker read, you can also check out an infographic we published, calling out key findings here.