Shared Services in government is nothingnew. The idea began in the 1980s with the consolidation of payroll and some other administrative functions. In the '90s the focus was on creating entities that could provide common business functions across government and, in that effort, become a cost center.
The 2000s saw the rise of the term 'Line of Business' that looked at common business functions across government to identify opportunities to transform, streamline and share. The Obama Administration looked specifically to IT as a shared service, releasing the Federal IT Shared Services Strategy that provided federal agency chief information officers and key stakeholders guidance. This guidance focused on the implementation of shared IT services as a key principle of their efforts to eliminate waste and duplication, with the intention to reinvest in innovative mission systems.
Data helps organizations make more informed decisions about how they serve their customers. Data informs policy and procedures and feeds more personalized interaction with people. But with great power comes vast responsibility. The data that organizations hold can be incredibly personal. It's more than just someone's social security number. It is information about where people live, work, shop, keep their money, get their news, and more. Individuals should have control over who knows this information and, if they do have it, how they use it. However, most of us do little to understand our privacy rights beyond blindly clicking a checkbox that allows sites to collect information about our activities.
Data privacy practices ensure that the data shared by customers is only used for its intended purpose. A multitude of laws, including the Health Insurance Portability and Accountability Act (HIPAA), Electronic Communications Privacy Act (ECPA), Children's Online Privacy Protection Act (COPPA), and General Data Protection Regulation (GDPR) have been enacted to provide guidelines to organizations and promises of data privacy to individuals.
Citizen Experience is a focus of government agencies from federal to state and local. Governments are working to give citizens the same service experience they get as consumers in the commercial market. A huge piece of this is understanding who the citizen is and creating a "journey" tailored to their needs. This starts with the rather technical and security-minded practice of identity management.
Traditionally, identity management has been viewed as a way to enable access to systems for a workforce. It is the practice that assures that the proper people have access to the technology and systems they need. If we look at it in the context of citizen service, identity management is more than giving people access to their accounts. It is about giving people and systems that serve citizens insight to how they can better serve each citizen. In fact, a well-thought out identity management strategy can proactively offer applicable programs related to public health and social services.
Identity management is playing a role as part of robotic process automation (RPA) solutions designed to speed up benefits to citizens. In an effort to improve the turnaround time for loan distribution during national crises, RPA can enable a compilation of an applicant's record from multiple systems, channels, and service providers for collection and entry into systems for underwriters to analyze. Identity management is key to achieving 10 to 100 times faster processing, ensuring that the person applying for the aid is who they say they are.
Insider Threat has been a recognized attack and vulnerability vector for some time. In fact, one survey found that government IT professionals report that insider threats are at an all-time high. One source of this increase may be the rise in the use of mobile devices to access government systems. The main challenge in securing mobile access is ensuring that the person who owns the device is the one actually using it and the apps that reside on it. The portability and ease with which devices are lost and misplaced complicate security authentication efforts. But there are ways to mitigate this risk.
Agencies have looked to multi-factor identification to confirm the person accessing the system is who they say they are. This process includes combining two or more credentials. Typically this is something a person knows (a password), and something they have (an access card or a fingerprint). A practice growing in popularity as part of multi-factor identification is behavioral analytics (BA). This looks at how users typically interact with an application or device analyzing things like browsing habits, message syntax, even how they hold the device. If the behavior is out of the realm of normal, the system can lock that user out until they prove their identity another way.
Implementing these types of identity tracking and management is, of course, not without issue. The Department of Homeland Security is being challenged to put more procedures and policies in place to ensure its insider threat program doesn't violate employees' Fourth Amendment rights (protection against unreasonable searches and seizure).
There are many events in the coming months that include a deep look at insider threat and identity management to help navigate these security challenges.
Under Secretary Rand Beers and other federal, state and local officials confirmed to speak
AFCEA's twelfth annual Homeland Security Conference, "Securing the Homeland: Working Together, Keeping the Nation Safe", will be hosted at the Grand Hyatt Washington, Washington, D.C., February 26-28, 2013. Attendees include government and industry leaders, CIOs, and program managers involved in operations, policy and procurement. Additionally, the Conference will include several roundtables this year, focusing on Chief Information Officers, Procurement Executives, and Collaboration when Disaster Strikes.