Public sector technology trends in 2023: Less on zero trust, more on CX
The U.S. federal government has made incredible strides in modernizing its use of technology in recent years. From customer experience (CX) to cybersecurity and...
The U.S. federal government has made incredible strides in modernizing its use of technology in recent years. From customer experience (CX) to cybersecurity and beyond, agencies have taken this critical challenge head on. Myriad new legislation and guidance addressing government pain points have steered federal technology leaders toward a better, safer and more efficient future.
But with so many new initiatives and requirements, the agencies are challenged with deciding what to prioritize to ensure smooth operations and a safe and happy public. While each agency has its own priorities and mission, looking to 2023 and beyond, there are a few key technology trends that all public sector leaders should know.
Customer experience counts more than ever before
Customer experience has been a consistent priority for the current administration over the past few years, as seen with the release of the 2021 Executive Order on Transforming Federal Customer Experience. One challenge facing agencies looking to improve CX is that public sector technology teams have historically prioritized protecting their platforms and users from cyber threats and ensuring data compliance over user experience. As customer satisfaction with the federal government remains at a historic low, users want easy-to-access services provided using modern applications.
In the year since the EO, agencies across the U.S. have begun looking to improve customer service with online applications and services, not despite them. As technology and people continue to converge in 2023, agencies will start utilizing modern identity solutions that strike the right balance between secure and compliant solutions, and a smooth user experience.
One example is an advanced Single Sign-On solution that provides phishing-resistant multi-factor authentication (MFA) capabilities. A solution with these capabilities allows for an enhanced user experience while fulfilling requirements for the first pillar of zero trust, as outlined in the Office of Management and Budget’s Federal Zero Trust Strategy.
Looking ahead, these solutions will continue to become more prevalent, enabling the government to establish a new era of user experience powered by technology, and ultimately to build trust with their citizens.
IAM simplifies and is considered critical infrastructure
Governments’ perception of identity has evolved rapidly in the last ten years. Previously, identity was seen as a way to allow people entry into a specific service or resource. This perception shifted as the government began modernizing its information technology and moving data to the cloud. With countless new endpoints to consider, many agencies began layering identity and access management (IAM) solutions.
Now in 2022, federal agencies find themselves with dozens of pieced-together IAM platforms to manage. With various threat points, gaps in their defenses, and the risks associated with identity attacks, agencies will begin to look at identity as critical infrastructure.
It’s essential that agencies treat identity as a security measure as much as a way to provide access. To guide them in building an effective platform, agencies should think about identity holistically. Streamlining the various platforms into one cohesive and secure service delivery model simplifies the process and sets them up for future success. One way to do this is by using IAM applications that rely on standards such as WebAuthN and OpenID, giving the government the flexibility and security needed to allow their IAM platforms to thrive.
As we move into 2023, agencies will begin to simplify their identity solutions, providing essential support in a time of rising cyber and identity threats.
Zero trust architecture rolls up under security
Zero trust has long become an area of focus for the public sector, with an overwhelming majority of agencies understanding what it entails and why it is essential. According to one survey, over 72% of government organizations have a defined zero trust initiative, and more than 85% of government respondents reported an increased budget for zero trust programs in the past 12 months.
These increasing budgets are not a surprise, as many zero trust projects have been in progress for more than four to five years, with the Biden Administration’s 2021 Cybersecurity Executive Order only serving to further emphasize their importance. But with the government’s inherent understanding of zero trust and significant resources and legislation dedicated to related projects and initiatives, what’s in store for zero trust in 2023?
While zero trust is a widely accepted, high-priority security component, it remains a buzzword used in government initiatives and legislation. In the future, zero trust architecture will return to what it always has been: a vital security strategy. While it will remain a key component of all cybersecurity approaches favored by public organizations, agencies will begin to treat it as the standard and emphasize it less, instead shifting their focus to more cutting-edge strategies and solutions.
Government agencies implement more robust measures to fight MFA attacks
According to an Okta study of Auth0 platform traffic, the first half of 2022 saw a higher baseline of MFA bypass attacks than any previous year. In the first 90 days of 2022, 113 million events were observed, and the public sector was the second-most targeted vertical market. As the growth of MFA attacks continues into 2023, governments must choose a way to counter attacks designed to bypass standard MFA.
Government is more than aware of this increasing threat. NIST SP 800-63b was one of the first government initiatives to offer guidance on advanced MFA protection, emphasizing the idea of “impersonation-resistant” MFA. OMB M-22-09 further refined the concept, requiring agencies to implement “phishing resistant” capabilities as a part of their zero trust efforts. NIST’s upcoming 800-63-4 guidance (currently out in draft form for comments) continues this trend by providing updated guidelines and more “meat on the bone” for how agencies can deploy phishing- resistant authentication factors to protect users and their data. As MFA-bypass attacks continue to accelerate and attackers find new tools to get around existing protections, agencies need to take action now.
One way to get ahead of attackers is to ensure they have capabilities and solutions such as FIDO2/WebAuthN, which protect against phishing attempts by allowing users to log into applications using public key cryptography in place of a password. This eliminates the need for numerous passwords, each of which is another potential access point for criminals. It also further secures the user identity by generating credentials for each new website domain, preventing attackers from linking a user’s digital identity between websites.
On top of those capabilities, it’s important for agencies to link identity verification with security in one streamlined platform to ensure safe access for users. Public sector technology teams need to ask themselves the same questions every time a user attempts to authenticate: Does this make sense? Is this the right person?
Attackers will continue to find new tools to get around MFA, and by building security into their verification services, agencies can close the window of opportunity for attackers.
Sean Frazier is federal chief security officer at Okta.
Public sector technology trends in 2023: Less on zero trust, more on CX
The U.S. federal government has made incredible strides in modernizing its use of technology in recent years. From customer experience (CX) to cybersecurity and...
The U.S. federal government has made incredible strides in modernizing its use of technology in recent years. From customer experience (CX) to cybersecurity and beyond, agencies have taken this critical challenge head on. Myriad new legislation and guidance addressing government pain points have steered federal technology leaders toward a better, safer and more efficient future.
But with so many new initiatives and requirements, the agencies are challenged with deciding what to prioritize to ensure smooth operations and a safe and happy public. While each agency has its own priorities and mission, looking to 2023 and beyond, there are a few key technology trends that all public sector leaders should know.
Customer experience counts more than ever before
Customer experience has been a consistent priority for the current administration over the past few years, as seen with the release of the 2021 Executive Order on Transforming Federal Customer Experience. One challenge facing agencies looking to improve CX is that public sector technology teams have historically prioritized protecting their platforms and users from cyber threats and ensuring data compliance over user experience. As customer satisfaction with the federal government remains at a historic low, users want easy-to-access services provided using modern applications.
In the year since the EO, agencies across the U.S. have begun looking to improve customer service with online applications and services, not despite them. As technology and people continue to converge in 2023, agencies will start utilizing modern identity solutions that strike the right balance between secure and compliant solutions, and a smooth user experience.
Join WTOP the week of Apr. 22 for an exclusive series bringing together government and industry experts to share initiatives and insights about efforts to transform the nation's energy infrastructure. | Register today!
One example is an advanced Single Sign-On solution that provides phishing-resistant multi-factor authentication (MFA) capabilities. A solution with these capabilities allows for an enhanced user experience while fulfilling requirements for the first pillar of zero trust, as outlined in the Office of Management and Budget’s Federal Zero Trust Strategy.
Looking ahead, these solutions will continue to become more prevalent, enabling the government to establish a new era of user experience powered by technology, and ultimately to build trust with their citizens.
IAM simplifies and is considered critical infrastructure
Governments’ perception of identity has evolved rapidly in the last ten years. Previously, identity was seen as a way to allow people entry into a specific service or resource. This perception shifted as the government began modernizing its information technology and moving data to the cloud. With countless new endpoints to consider, many agencies began layering identity and access management (IAM) solutions.
Now in 2022, federal agencies find themselves with dozens of pieced-together IAM platforms to manage. With various threat points, gaps in their defenses, and the risks associated with identity attacks, agencies will begin to look at identity as critical infrastructure.
It’s essential that agencies treat identity as a security measure as much as a way to provide access. To guide them in building an effective platform, agencies should think about identity holistically. Streamlining the various platforms into one cohesive and secure service delivery model simplifies the process and sets them up for future success. One way to do this is by using IAM applications that rely on standards such as WebAuthN and OpenID, giving the government the flexibility and security needed to allow their IAM platforms to thrive.
As we move into 2023, agencies will begin to simplify their identity solutions, providing essential support in a time of rising cyber and identity threats.
Zero trust architecture rolls up under security
Zero trust has long become an area of focus for the public sector, with an overwhelming majority of agencies understanding what it entails and why it is essential. According to one survey, over 72% of government organizations have a defined zero trust initiative, and more than 85% of government respondents reported an increased budget for zero trust programs in the past 12 months.
These increasing budgets are not a surprise, as many zero trust projects have been in progress for more than four to five years, with the Biden Administration’s 2021 Cybersecurity Executive Order only serving to further emphasize their importance. But with the government’s inherent understanding of zero trust and significant resources and legislation dedicated to related projects and initiatives, what’s in store for zero trust in 2023?
Read more: Commentary
While zero trust is a widely accepted, high-priority security component, it remains a buzzword used in government initiatives and legislation. In the future, zero trust architecture will return to what it always has been: a vital security strategy. While it will remain a key component of all cybersecurity approaches favored by public organizations, agencies will begin to treat it as the standard and emphasize it less, instead shifting their focus to more cutting-edge strategies and solutions.
Government agencies implement more robust measures to fight MFA attacks
According to an Okta study of Auth0 platform traffic, the first half of 2022 saw a higher baseline of MFA bypass attacks than any previous year. In the first 90 days of 2022, 113 million events were observed, and the public sector was the second-most targeted vertical market. As the growth of MFA attacks continues into 2023, governments must choose a way to counter attacks designed to bypass standard MFA.
Government is more than aware of this increasing threat. NIST SP 800-63b was one of the first government initiatives to offer guidance on advanced MFA protection, emphasizing the idea of “impersonation-resistant” MFA. OMB M-22-09 further refined the concept, requiring agencies to implement “phishing resistant” capabilities as a part of their zero trust efforts. NIST’s upcoming 800-63-4 guidance (currently out in draft form for comments) continues this trend by providing updated guidelines and more “meat on the bone” for how agencies can deploy phishing- resistant authentication factors to protect users and their data. As MFA-bypass attacks continue to accelerate and attackers find new tools to get around existing protections, agencies need to take action now.
One way to get ahead of attackers is to ensure they have capabilities and solutions such as FIDO2/WebAuthN, which protect against phishing attempts by allowing users to log into applications using public key cryptography in place of a password. This eliminates the need for numerous passwords, each of which is another potential access point for criminals. It also further secures the user identity by generating credentials for each new website domain, preventing attackers from linking a user’s digital identity between websites.
On top of those capabilities, it’s important for agencies to link identity verification with security in one streamlined platform to ensure safe access for users. Public sector technology teams need to ask themselves the same questions every time a user attempts to authenticate: Does this make sense? Is this the right person?
Attackers will continue to find new tools to get around MFA, and by building security into their verification services, agencies can close the window of opportunity for attackers.
Sean Frazier is federal chief security officer at Okta.
Want to stay up to date with the latest federal news and information from all your devices? Download the revamped Federal News Network app
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
To secure IT talent, the public sector must become more agile
How the public sector can overcome training and skills gaps to combat rising cyber threats
Deriving Business Value from the Cloud Operating Model in the Public Sector