Data Security

Introduction

Safeguarding Identity in a Government System

In an effort to increase efficiency, reduce the threat of identity theft, protect privacy, and improve the quality of the user experience for residents using government services, this state embarked on a project to co-create a strategic actionable plan that, once implemented, would modernize the state’s Identity Management System (IMS) and security infrastructure.

In early 2012, this state faced a growing challenge: citizens were demanding secure, seamless access to government services online, yet the state’s identity management systems were fragmented, outdated and inefficient. Agencies operated in silos, relying on legacy systems that duplicated citizen data and created vulnerabilities. ​The need for a unified approach to identity management was clear, but the path forward was anything but simple. ​

Purpose

The Enterprise Security Office (ESO) team possessed the expertise to create a Statewide Identity Management Standard (SIMS) but required greater executive involvement and cross-agency collaboration to ensure adoption and obtain additional funding to address future demands and risks. Prior efforts to promote an enterprise-wide identity management standard through individual agency engagement did not achieve broad adoption nor create sufficient urgency to secure increased legislative funding.

To address this, we were invited for our expertise in applying Soft System Methodologies. In this case designing, implementing and facilitating processes of co-creation in a political-administrative context to strengthen the ESO core team members to successfully re-engage with the state’s Chief Information Officers (CIOs) in a collaborative effort.

To move away from dissemination of centralized standard guidelines to each agency with the hope of adoption, the ESO core team chose a new path centered on a joint-agency partnership model to assess the program and to co-create a unified, future-ready Digital Identity Management Strategy (DIMS) for the state. The purpose of this partnership was to engage and convince the legislature to agree on a long-term political vision and to (re)allocate resources to operationalize the future DIMS within the State.

A Formidable Challenge

The political-strategic restructuring of the Statewide identity management policies to improve the accuracy of civic data including the ability of secure data exchange between programs was limited by privacy regulations which prohibited interagency data sharing and did not match the acceleration of the state’s expansion of its online services.

This led to agencies working in silos, many using their own identity management system, resulting in a jungle of different software applications and the risk of duplicating records, data inaccuracies, and costly inefficiencies. Meanwhile residents of the state faced the tasks of managing multiple identities and unique credentials across agencies, with personal information stored redundantly in disparate databases, increasing risks of data breaches and potential identity theft.

Legacy systems, including decades-old mainframes prone to glitches, required manual interventions for tasks like processing child support payments, wasting resources and heightening the risk of error and fraud. The absence of standardized identity authentification and verification processes caused inconsistencies, further eroding trust in government services. This fragmentation also limited outcome measurement, as there was no consistent method to track whether one individual accessed multiple services or multiple individuals engaged with a single service, impeding resource allocation and program evaluation.

• Soft System Methodologies: Strategic facilitation of interactions, relationships, and collaborative processes to foster executive awareness and commitment, to co-create lasting solutions related to improving the efficiency of the IMS including authentication and authorization.

• Cross-analytical (action) Research: To identify the latest international trends including best practices in modernizing and implementing identity management.

• Education: Lectures and materials on the concept and practice of co-creation and its value in organizational development.

• LearnLabs: to broaden awareness of the importance and latest trends and best practices for identity management.

• GuideWork™ (Act & Reflect™): Empowering the ESO team and the larger Joint-Agency Task Force on how to design and define appropriate processes.

• Force Field Analysis: Assessed the risks of modernizing identity management in a political-public arena.

• Strategic Network Analysis: Mapping the key executive players to understand the inter-professional synergy and to identify readiness for change and to improve the cohesion.

• SWOT Analysis: Defined the strengths, weaknesses, opportunities and threats to identity management including current and future challenges related to authentication and authorization.

• Network Data Diagrams: Illustrating the complexities of interagency information systems including data repetition, inaccuracies, sharing and securing redundant external backup systems.

1. Collaboration Achievements: The project successfully educated Senior Executive representatives from various agencies on identity and access management concepts, laying a strong foundation for future collaborative efforts to streamline evidence-based (digital) practices.

2. Vision, Strategy, and Goals: While the committee did not converge on a single definitive path, they committed to establish basic standards to guide future implementations, ensuring a more unified approach. ​

3. Standards & Best Practices: The committee recommended a core ‘ID-Plus’ credential system to identify individuals. ​Besides the standard relevant identifiers, additional elements would be added required by law or contractual obligations. ​

4. Summative Evaluation The committee concluded their efforts by reporting their findings and sharing their knowledge with other Executives, including the legislative body and the Governor’s Office. ​They emphasized and acknowledged that further development of modernizing the State Identity Management System would necessitate an executive mandate and increased funding.

” Opportunity is missed by most people
because it is dressed in overalls and looks like work”.

– Thomas A. Edison –
(1847 – 1931)

The State Identity Management Strategy (DIMS) represented a first step toward a more secure and efficient government. ​ While challenges remain, the vision is clear: a citizen-centric system that protects privacy, reduces costs, and enhances trust in public services. ​This customer story is a testament to the power of collaboration, innovation, and perseverance. It’s a reminder that even the most complex challenges can be overcome when people come together with a shared purpose. ​