“Users don’t see the security unless they need to see the security because something bad happened,” Frazier said. “Now that we’re all in this interconnected world, we’re basically all connected to the same network so that all the bad guys and all the good guys are sitting on the same network. Attackers don’t have any more hoops to jump through to get to my website than my users do. Because of that and, in that context, you have to think about security from the ground floor. As I’m building this application, what is the best security I can provide, and how can I either use that to enhance my user experience or at least not detract from it?”
Better technology at the network and user levels combined with demand from citizens that government services act more like commercial ones is driving this new view of security and customer experience.
People want easier interactions online
Frazier said people increasingly are demanding that they do no more than two clicks in 10 seconds to get access to the service they are seeking. If it takes more clicks or time than that, a user might balk and quit out of an application.
The challenge comes in addressing the diverse users for many government apps, he said. Users of public services run the gamut: young, old, tech savvy and not so tech savvy.
For the less tech savvy, “they need things to be a little more streamlined for them because they’re having to get access to their retirement benefits or something, and they don’t want to have to jump through hoops,” Frazier said. “The problem with that is that they’re going to create a helpdesk call, or they’re going to not do it, or they’re going to go into a physical building and have to talk to somebody, which is an added cost for the entity.”
Many private sector companies rely on back-end technology to achieve the two clicks in 10 seconds concept now, he said. He cited as examples the use of Fast Identity Online (FIDO) Alliance 2 standards, which were developed by an industry consortium, and Passkey, a password replacement capability that provides fast and secure sign-ins.
Creating apps that empathize with users
Frazier said the other thing companies are doing that agencies should pay closer attention to is how to build in empathy for users into their applications. This requires a cultural shift to make users and security equal priorities.
“What the pandemic did was it lit a fire under the connection between security and customer experience because it forced us to take into account this modality of access that matters completely 100% of the time. We were already heading in that direction, but the pandemic just moved us a little further a lot faster,” he said.
The evolution of technology, with applications and data workloads moving to the cloud and people being more mobile than ever, was already driving toward that need, Frazier said. “Because of all that, we need to as practitioners to adapt to where the users are and meet the users where they are.”