Get in touch with vault
How government and critical infrastructure can eliminate identity conflict
Reading Time: 4 minutes
Government and critical infrastructure are struggling to manage disparate identity processes and siloed physical and digital access systems in the face of rising cyber threats. Daltrey’s Michael Warnock says a universal biometric identity could be the solution.
Sovereign capability is essential for secure identity
The increase in serious cyberattacks on Australian organisations is a worrying trend, so it’s no surprise we’re seeing more and more department heads focus inward. In addition to shoring up their own digital defences, government departments in particular need to build solid data-sovereignty strategies that ensure their cloud and identity solutions are localised.
“There are two angles pertinent to sovereignty,” says Michael Warnock, Commercial Director at biometric identity provider Daltrey. “The first angle is the government. They’re looking to ensure Australia develops capabilities through its own ecosystem to provide sovereign cyber-defences.
“The second aspect, which is key, is that citizens and government employees want to do more digitally. So governments need to be confident that their identities are only accessed by people in Australia – not in clouds or infrastructure hosted overseas.”
Michael adds that there will no doubt be a growing importance around sovereignty and the ability to prove sovereignty – such as 100% sovereign cloud services – in order to draw greater digital adoption.
While sovereign capability is a key issue at the moment, Michael says the biggest challenge facing government agencies today is identity conflict – or employees managing multiple physical access passes and digital credentials just to do their jobs.
Multiple identities, multiple problems
The problem of multiple identities is a very real – and very common – threat among government employees, and with data sovereignty a growing concern locally, it’s a pressing issue that government needs to address.
“What governments have done historically is create employee identities in silos,” Michael explains.
“The people inside government agencies who are responsible for IAM and security have got a challenge in that individuals will hold multiple identities,” Michael says. “Those identities are driven by passwords, PIN numbers and physical access cards. These are not only inflexible and difficult to manage, but they are also not user-friendly and rely on siloed, insecure systems.”
Instead of taking a holistic approach to identity management, the current identity system across agencies is creating both security and administrative headaches. And COVID-19 is making it worse, with identity access management (IAM) professionals trying to manage how their employees access both their physical and digital workplaces without compromising security.
On a recent business trip to Canberra, Michael met a government worker with nine different access cards – all of which were needed to do his job in the same building. Whenever he inevitably lost one of those passes, it created huge risks for his department. Not only that, but it slowed down productivity and created a costly administrative burden.
A streamlined biometric credential trumps traditional identity strategies
Traditional access systems – physical swipe cards, weak passwords, PINs that are easy to forget – are barely secure enough for everyday tasks like online banking, so why would they be secure enough for government agencies? Michael says despite government being traditionally averse to change, particularly when it comes to new technologies, the value of a universal biometric approach is clear – not only for better security, but for streamlined access that merges the physical and digital workplaces.
“We have certainly seen a change in the narrative from government, both centrally and through a number of other agencies, where they now recognise that their identity risks are large,” he says.
“A single biometric credential can mitigate the cyber risks associated with identity theft while streamlining the user experience. Government employees don’t have to remember to carry multiple access passes just to get to their workstation. Similarly, identity professionals within their department can avoid administrative headaches that are typical of siloed identity strategies.”
Universal biometric identities are also ideal for more secure governments agencies that need to ensure continuous authentication. “The universal biometric credential gives a higher level of assurance to the agency. They know immediately that the person who is looking to get access is the right person, and if not then the session or access is terminated.
“That means top-tier risk mitigation for leadership, and a better user experience for the employee.”
You can find out more about Daltrey’s universal biometric solutions or explore the value of a sovereign cloud platform with Vault Cloud today.