Aug 10 2023

Secure Digital Forms Key to Building Zero Trust

A good citizen experience and strong cybersecurity measures go hand in hand for the public sector.

Despite a litany of federal zero-trust initiatives and guidance designed to improve public sector cybersecurity, a recent survey of state CIOs conducted by the National Association of State Chief Information Officers found that “cybersecurity and risk management” are still a top priority. Specifically, state CIOs are concerned about cybersecurity “governance, budget and resource requirements, security frameworks, data protection, training and awareness, insider threats, [and] third-party risk.” 

While state government leaders recognize the need to prioritize cybersecurity, they often lack the funding and staff necessary to undertake a sweeping security upgrade. Additionally, competing priorities — including citizen experience (CX), which has also been mandated at the federal level — can seemingly pull attention and resources away from comprehensive cybersecurity reform.

However, CX and cybersecurity have a critical factor in common: trust. Given the ideal security posture is referred to as zero trust, this may seem ironic, but it’s true. Both objectives ultimately seek to strengthen the public’s faith that government organizations can efficiently and securely meet their needs and deliver critical services. Additionally, neither goal can be achieved without the other: Cybersecurity tools must be user friendly to be widely adopted, and CX would be severely undermined should citizen data be exfiltrated due to a cyberattack.

Click the banner below to gain more security insights as an Insider. 

Fortunately, state and local government organizations can take solid steps to advance toward both zero trust and CX goals by digitizing documents and workflows. The U.S. Chamber of Commerce Technology Engagement Center estimates that the public spent 10.5 billion hours on government paperwork in 2021 alone. Moreover, the organization found that government digitization could generate over $1 trillion annually. 

The implementation of digital documents and forms can dramatically alleviate this strain on financial and staff resources. E-signature solutions are one core building block that agencies can use to ease the sharing of information and services, immediately enhancing the security and functionality of their daily operations.

Verifying Identities with Digital Signatures Supports Zero Trust

For resource-constrained state and local government agencies, digital signatures are an attractive place to start when seeking to improve zero-trust architecture, especially when it comes to identity. While verifying an employee’s identity is a relatively straightforward process, constituent identity is more difficult — but imperative — to get right. 

Signatures have long been the way in which we officially identify ourselves, so if an organization is unable to trust the veracity of its users’ signatures, those signatures lose their purpose. Integration into an organization’s existing identity verification service (or an externally trusted third-party service) is critical when fortifying the identity layer of any IT solution.

Signatures are a crucial, widely used component of document and identity security. To access state government services — for instance, to obtain a business license, unemployment assistance or an environmental permit — citizens must complete and sign forms. Digital signatures differ from e-signatures (which verify a signer’s identity via email or phone) in that they are backed by a certificate issued by a trusted third party. 

This validation is beneficial for agencies, because zero-trust mandates that all resources, regardless of physical or network location, undergo verification, authentication and thorough authorization before being allowed access to another resource. Instead of domain-level permissions focused on a network security perimeter, zero-trust policies enable IT teams to enforce granular, context-based policies for every interaction. To achieve the objectives laid out in the identity pillar of CISA’s latest maturity model, zero trust must begin at the individual document level. 

READ: Adobe conference examines how to make government websites more useful. 

Embed Zero Trust into Citizen Services to Foster Trust

Documents, forms and signatures are required to monitor approval processes and decision-making in every government organization, both internally and externally. Government forms are the gateway for millions of people to apply for critical services such as government housing, small business loans, food assistance and health insurance. 

Due to the sheer number of forms that must be signed across state and local governments each day, the adoption of a secure digital signature tool would alleviate CX and security concerns in common government interactions. 

Achieving digital transformation goals and a zero-trust architecture should not be viewed as competing priorities. While modern IT tools deliver transformational capabilities for government, protecting citizen and agency data is paramount. State and local government IT leaders should seek solutions that adhere to zero-trust principles so their organizations can operate effectively in a digital world — and interact easily with federal agencies — without compromising security.

Getty Images/ RichLegg

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.