A recurring security theme through the last year is that in the rush to support remote workers — and deploy cloud-based services — state and local agencies have become more vulnerable to security risks and instances of fraud.
CIOs are being asked to implement more cloud-based services that will improve service delivery. However, the success of these programs will depend in part on the identity authentication solution that agencies put in place, according to Rob Forbes, cloud architect at Okta.
“The minute money comes into play the risk of fraud goes up. People are going to start attempting to try and get services and resources they’re not entitled to,” Forbes says. That’s why it is critical to look at modern identity and access tools to help mitigate instances of fraud.
“The latest updated numbers are up to $20 billion in fraud in California alone. [The state is] trying to sift through and deal with all these requests, and they’re doing so with older systems and older tools that weren’t built to service the level of people or the risks associated around those systems are getting those people onto them,” Forbes explains in a new podcast produced by FedScoop and underwritten by Okta.
Strong protection with a seamless user experience
The No. 1 target user within agencies for cybercriminals is typically administrators who have the highest level of access. Additionally, as Forbes explains, with more citizen-facing applications, citizen identity increases the level of risk for fraud.
Forbes advises that when looking for an authentication tool, CIOs and CISOs should consider one that provides a seamless user experience.
“You want to make sure that you’ve got tools in place to make sure that the person is who they say they are. That requires multi-factor and adaptive multi-factor authentication solutions,” he explains.
Modern authentication tools today are able to input data like risk factors and adaptive authentication to help agency CISOs prevent fraud attempts. The benefit of Okta’s solution, he says is that its system lets agencies vet user identity in multiple fashions.
“I would look at three main factors — the security, the availability and scalability — that people need to consider, in my opinion, when they’re looking at an [identity authentication] platform,” Forbes says.
Gaps in security for state and local leaders moving into 2021
“The biggest problem we see with state and local governments — and the biggest complaint we hear from them as they’re dealing with older systems that have been in place for a number of years — is that these are homegrown systems that were built 10, 15, 20 years ago. The person who created them is not there any longer. Modernizing [identity and authentication] systems becomes a big part of the problem,” Forbes says.
At the same time, there are more requests for citizen-facing applications for unemployment, permits, licenses, taxes and more. So, agencies need to lift and shift a lot of their tools to the cloud make them available at scale.
But this presents more questions around adaptive security controls. Forbes shares how modern authentication solutions makes sure people are who they say they are, giving agencies greater visibility and certainty of access attempts to services. Using a platform solution like Okta gives agencies the ability to monitor access attempts around the world.
“[Okta] starts seeing these trends and it ties into our infrastructure and we’re able to look at [security data] and say, ‘you’re on a forbidden list. We see your failed logins in this state, and we see you failed login to these financial institutions. We’re going to go ahead and put you on our bad actors list.’”
Using modern identity tools to drive down costs
Provisioning access takes time and resources. “What used to take, you know, three days or five days to get somebody access to the appropriate systems can now be done in minutes,” says Forbes.
However, in the instance of a fraud attempt, it isn’t just the money that’s lost which drains resources, it’s all the back and forth to uncover when, if and how the fraud occurred.
“Did or didn’t [the citizen] get these funds? How do we know they didn’t and how do we remit those funds then if they actually do need those funds? The workload that [fraud] puts on these agencies is a lot of manual effort and a lot of manual hours,” Forbes explains.
When organizations improve identity authentication, they can streamline access, cut down on workload and reduce the risk window. Then they will be able allocate their resources to more important work.
Listen to the podcast for the full conversation on leveraging modern authentication to reduce fraud. You can hear more coverage of “IT Security in Government” on our StateScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by StateScoop and underwritten by Okta.
Rob Forbes has more than 30 years of IT experience. Prior to working at Okta, Forbes worked with Fortune 500 companies and government organizations on a wide range of IT and security programs.