Service-minded Australian government agencies showing “inspiring” traction on identity: Ping Identity CEO

Rapid maturation of identity and access management (IAM) technology has dovetailed with Australia's “flat-out inspiring” focus on customer service to drive surging demand for formal training in IAM skills, one industry figure has reported after a flying visit to touch base with increasingly identity-minded local customers.

Australia's government organisations had taken an impressive lead in the adoption of IAM with efforts to centralise and streamline citizens' access to state and federal digital government services, Ping Identity CEO and chairman Andre Durand told CSO Australia during a recent visit to meet with local customers.

Those customers – many of whom are government agencies diving into citizen-focused digital services on the back of a $33.3m Budget allocation to IAM and transformation mandates by the security-minded new Digital Transformation Office (DTO) – have surmounted early technological limitations and are quickly embracing policy change to enable long-shelved plans for portable digital identities.

Those plans are back on the agenda of government bodies across Australia thanks to a “customer centric view of their mission that is just flat-out inspiring,” Durand said. “When you talk with the people that are working on this, it's really clear that they get it; it's not just words.”

That had translated into real action at the federal level, with the creation of the DTO, as well as within states like NSW, where an ongoing service centralisation has positioned the Service NSW organisation as a primary point of entry into all manner of government services.

“You'd like to think that way about government, but it doesn't always run that way,” Durand said. “In my experience [in the US] I've never met a group of people with this kind of extreme service mentality. And now that the barrier is no longer the capabilities of the technology – but more along the jurisdictional lines and collaboration policies – they have enough services in their domain that they are getting this off to a really healthy start at the state level.”

Investments in identity technology were rapidly coming onto the agenda thanks to the recognition that a single portable identity was a key enabler for the kind of customer-service vision for which Australian agencies were now pushing – particularly since so much of that vision relied on cloud-based services and technologies that may often be out of the direct control of the sponsoring agency.

This, in turn, had brought security concerns to the fore, Durand said. “Security posture isn't always top of mind for these agencies, and it's not ultimately what they're doing identity for,” he said.

“Most implementations of security only add friction to our lives, but they're doing identity to provide a seamless interaction for the government and a better user experience for the citizen – and it just so happens that it will be more secure for the government.”

This shift was not only driving investment in identity-management frameworks, but was likely to drive experimentation with new forms of identification that used smartphones to monitor users' unique traits.

These included not only conventional markers such as fingerprint scans, but methods of “tacit authentication” such as the location of the device, the movement of the smartphone as a result of the user's gait, the pattern of delays when the user enters the password, the pattern of heartbeats conveyed by ancillary devices such as smart watches, and even coming technologies such as measurements of the luminosity of the user's skin.

“I'm a huge fan of tacit authentication,” Durand said. “Active mechanisms are obtrusive because the user behaviour has to change to enact them – and any time you're changing user behaviour it is awfully tough to teach them new passwords.

“Tacit technologies are, in essence, calculating risk all the time and doing that invisibly to us,” he continued, noting the increasing adoption of standard protocols like FIDO (Fast IDentity Online) allowing applications to query a device for the user's identity credentials.

“With the device's ability to authenticate the user a certain way and hand that back,” he said, “we're seeing great examples of the way the identity standards are intersecting with the innovation of the handset manufacturers.”

Growing recognition of the new methods of identity assurance would rapidly gain currency with government services and similar environments where identity is crucial – yet Durand warned that the growth of such technologies would also depend on the ability of security professionals to obtain formal identity certifications.

“It feels like we've got growing demand for certified identity architects,” he explained. “These are people who really get what's involved, what's achievable and what's not. They know what we can do in the cloud, what we can do on Amazon Web Services. These are the architects defining new services based on identity – and everywhere I go, I'm seeing people asking how quickly they can get their people up to speed on this stuff. And Australia is going to lead in this, in a number of areas.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Join the CSO newsletter!

Error: Please check your email address.

Tags Identity And Access Management (IAM)FIDO (Fast IDentity Online)Digital Transformation Office (DTO)Ping IdentityAustralian GovernmentCSO AustraliaAndre Durand

More about Amazon Web ServicesCSOEnex TestLabTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts