Rapid maturation of identity and access management (IAM) technology has dovetailed with Australia's “flat-out inspiring” focus on customer service to drive surging demand for formal training in IAM skills, one industry figure has reported after a flying visit to touch base with increasingly identity-minded local customers.
Australia's government organisations had taken an impressive lead in the adoption of IAM with efforts to centralise and streamline citizens' access to state and federal digital government services, Ping Identity CEO and chairman Andre Durand told CSO Australia during a recent visit to meet with local customers.
Those customers – many of whom are government agencies diving into citizen-focused digital services on the back of a $33.3m Budget allocation to IAM and transformation mandates by the security-minded new Digital Transformation Office (DTO) – have surmounted early technological limitations and are quickly embracing policy change to enable long-shelved plans for portable digital identities.
Those plans are back on the agenda of government bodies across Australia thanks to a “customer centric view of their mission that is just flat-out inspiring,” Durand said. “When you talk with the people that are working on this, it's really clear that they get it; it's not just words.”
That had translated into real action at the federal level, with the creation of the DTO, as well as within states like NSW, where an ongoing service centralisation has positioned the Service NSW organisation as a primary point of entry into all manner of government services.
“You'd like to think that way about government, but it doesn't always run that way,” Durand said. “In my experience [in the US] I've never met a group of people with this kind of extreme service mentality. And now that the barrier is no longer the capabilities of the technology – but more along the jurisdictional lines and collaboration policies – they have enough services in their domain that they are getting this off to a really healthy start at the state level.”
Investments in identity technology were rapidly coming onto the agenda thanks to the recognition that a single portable identity was a key enabler for the kind of customer-service vision for which Australian agencies were now pushing – particularly since so much of that vision relied on cloud-based services and technologies that may often be out of the direct control of the sponsoring agency.
This, in turn, had brought security concerns to the fore, Durand said. “Security posture isn't always top of mind for these agencies, and it's not ultimately what they're doing identity for,” he said.
“Most implementations of security only add friction to our lives, but they're doing identity to provide a seamless interaction for the government and a better user experience for the citizen – and it just so happens that it will be more secure for the government.”
This shift was not only driving investment in identity-management frameworks, but was likely to drive experimentation with new forms of identification that used smartphones to monitor users' unique traits.
These included not only conventional markers such as fingerprint scans, but methods of “tacit authentication” such as the location of the device, the movement of the smartphone as a result of the user's gait, the pattern of delays when the user enters the password, the pattern of heartbeats conveyed by ancillary devices such as smart watches, and even coming technologies such as measurements of the luminosity of the user's skin.
“I'm a huge fan of tacit authentication,” Durand said. “Active mechanisms are obtrusive because the user behaviour has to change to enact them – and any time you're changing user behaviour it is awfully tough to teach them new passwords.
“Tacit technologies are, in essence, calculating risk all the time and doing that invisibly to us,” he continued, noting the increasing adoption of standard protocols like FIDO (Fast IDentity Online) allowing applications to query a device for the user's identity credentials.
“With the device's ability to authenticate the user a certain way and hand that back,” he said, “we're seeing great examples of the way the identity standards are intersecting with the innovation of the handset manufacturers.”
Growing recognition of the new methods of identity assurance would rapidly gain currency with government services and similar environments where identity is crucial – yet Durand warned that the growth of such technologies would also depend on the ability of security professionals to obtain formal identity certifications.
“It feels like we've got growing demand for certified identity architects,” he explained. “These are people who really get what's involved, what's achievable and what's not. They know what we can do in the cloud, what we can do on Amazon Web Services. These are the architects defining new services based on identity – and everywhere I go, I'm seeing people asking how quickly they can get their people up to speed on this stuff. And Australia is going to lead in this, in a number of areas.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.