Keep UX at the forefront of ID management – GCN
Keep UX at the forefront of ID management
When Boston transformed its identity management infrastructure, it relied on information from the identity lifecycle subcommittee of human resources officials, according to Gregory McCarthy, chief information security officer.
They are the ones who best understand who moves through an organization, McCarthy said in a SailPoint webcast Nov. 30 on identity security.
âPeople start their careers in government and retire. So, during this lifecycle, they can occupy 10 different positions within an organization, and they should have a smooth transition if they move from an IT department to an HR department, or what have you. you, âMcCarthy said.
User experience is key, especially when employees change jobs, and the city struggled with that at first.
The Department of Innovation and Technology chose to implement three tools – IdentityIQ from SailPoint, the Ping Identity tool suite, and RadiantOne FID from Radiant Logic – which were largely out of the box – to replace the highly personalized identity management infrastructure. .
âBecause we implemented cutting edge solutions made up of three different sets of tools, we didn’t initially think about: what will the user experience be like? How do we make sure it’s easy and smooth for an employee to access these apps? ‘ McCarthy said. âWhen you are considering implementing a best-in-class identity management solution that may not be under the same brand or umbrella, you really have to think about user experience,â he said. declared.
This issue was addressed with the introduction of the Access Boston portal for staff, which “tied these three applications together and allowed the employee to have a really smooth and seamless interaction with the technology,” McCarthy said. “If they couldn’t use the technology, however good it was, it would have been a failure.”
Access Boston has centralized how city government workers access the data and IT they need to do their jobs. It was launched on April 1, 2019, after a $ 2.4 million effort over two years, and addressed several of the issues the ministry had identified. They included a lack of single sign-on, integration delays, and a reliance on help desks for simple tasks like password changes.
Cyber ââsecurity was also a concern. In fact, until a few years ago, Identity Management fell under the enterprise applications group of the department.
âMy team offered to look at how we can support the Identity Access Management program securely, as opposed to enterprise applications,â McCarthy said. âThere are critical differences between what enterprise applications do and security. They go hand in hand, but our enterprise applications teams primarily focus on delivering new products and delivering products safely are sometimes two different things, âhe said. âWe wanted to make sure that our identity access program was really overseen by our security team. “
Now employees can use a username and password and multi-factor authentication (MFA) to get everything they need from any device – landline or mobile. They can also use self-service options to update passwords and request access to data and applications.
The transformation also involved providing secure remote access through a virtual private network (VPN) using MFA – a move that McCarthy said was critical when the pandemic struck the year after launch.
âThe VPN is regularly attacked, and I think especially during the pandemic we saw a lot of well documented attacks on VPN tools, so having this MFA in place before the pandemic was extremely valuable,â he said.
Today, McCarthy and the cybersecurity team are focused on implementing and deploying privileged access management with admins to control who has access to accounts and how they are used.
In the longer term, he said he would like to find a way to offer identity access management to the public.
“Right now our program is primarily focused on employees and the access they have, but I really think it could be extremely helpful to allow voters to have an identity or a connection to our city’s apps.” said McCarthy. âThere are a lot of different commitments voters have with the city, whether it’sâ¦ licensing or paying property tax or reading a library book or checking property. their child’s grades in the school systemâ¦. They all have different access and different IDs and passwords with those. Streamlining this could really change the lives of our citizens. “