Security

A Single Digital Identity Is the Future for State and Local Government Cybersecurity

Centralized identity management is the foundation for zero trust and data sharing.

Dean Scontras is vice president of state and local government and education at Okta.

In recent years, ransomware attacks have become a growing threat to city, state and local government agencies and organizations. Attackers have made headlines for major disruptions in states across the country, including Florida, Georgia, Maryland and Texas. These crippling attacks are not new, however, and as the attack surface continues to expand, bad actors are getting smarter, quicker and more sophisticated.

Until agencies can consistently and effectively deploy stronger mitigation strategies, these threats aren’t going away anytime soon. As long as state and local agencies have access to citizen, financial and critical infrastructure data, they’ll continue to be an attractive target for bad actors.

Historically, constrained budgets and a limited workforce mean state and local governments lack the resources to fully commit to fighting cybercrime. Now, with recent guidance and funding through legislation such as the State and Local Government Cybersecurity Act of 2021 and the State and Local Cybersecurity Grant Program, agencies are better equipped to secure their networks and protect citizen information.

By streamlining the identity process across a single user-operated platform, states can provide stronger protection against cyberattacks targeting personal information and reduce the risk of mass exposure of citizen data through such attacks. These outcomes ultimately help build greater trust between state governments and their constituents.

But to take full advantage of this opportunity, agencies must understand the best areas to allocate resources for effective cyber defense management.

Click the banner below to learn the latest threat management strategies by becoming an Insider.

Identity Management Is Key to Zero-Trust Architecture

Securing a network is easier said than done, but an excellent way to start is by focusing on one key aspect of security and zero-trust architecture: identity.

Rather than try to secure a porous network perimeter, agencies should embrace the idea of a centralized identity management platform for individuals, which could help give citizens control over their identity information and significantly reduce the possibility of cyberattacks targeting stolen credentials.

For example, today when people renew their driver’s licenses or apply for government programs such as unemployment benefits or Medicaid, they must fill out multiple electronic forms where they enter personal information and credentials, allowing attackers multiple access opportunities.

LEARN ABOUT: 3 best practices for state agencies to strengthen identity protection.

A single digital identity, on the other hand, could reduce the number of times citizens are required to input personal information, and especially sensitive personal information, by providing them with an easy-to-use portal to manage their data across government services. Instead of entering personal information for each interaction with the government, citizens could leverage their existing digital identities, which helps improve their user experience while shrinking an agency’s overall attack surface.

A single, citizen-facing platform streamlines user information in one system, reducing friction for citizens dealing with several government entities. Citizens may no longer have to verify their identities for the department of motor vehicles to request a license and again for their local government to apply for social service programs. Citizens could be validated once, then have their credentials input into one identity solution that enables instant and safe access to hundreds of state and local services.

Identity Management Can Enable Interstate Data Sharing

Ideally, such a solution could be used across state lines, eliminating the confusion of identity between states and providing easily accessible and uniform information anywhere. These capabilities are especially valuable to local governments, which tend to have complex rules for interactions with citizens.

While working toward implementing a digital identity solution across state and local governments will take time, they can move closer to that goal by taking steps such as implementing phishing-resistant multifactor authentication and single sign-on solutions to secure networks. These solutions, which allow agencies to grant or deny an individual access to information based on a series of rules, position state and local agencies to harness the power of digital identity platforms now and into the future.

These capabilities create a smooth and secure user experience, helping to build trust with citizens and enabling states to focus on what truly matters — the protection and support of their citizens.

UP NEXT: How New York is consolidating duplicate logins as it works toward single, verified login.

ipuwadol/Getty Images