Australia fosters growth of digital ID infrastructure: ForgeRock report

Australian government agencies are increasingly trying to interact with citizens digitally, which will mean more transparency and multi-factor authentication.

The claims come from digital identity and access management (IAM) provider ForgeRock, which recently published a report called ‘Building Trust in Digital Government, Australia.’

In the marketing publication, various public sector information security leaders discuss the importance of trusted digital services at a governmental level.

The report mentions Australia’s Digital Government Strategy document, which says the government’s goal is to become “one of the top three digital governments in the world by 2025.”

But while this progress is welcome, ForgeRock writes, government digital services must continue to improve to keep up with the service experience that is increasingly commonplace in the private sector.

“As the custodian of extensive data holdings about citizens and businesses, the Government is responsible for protecting the privacy of that data, as well as maintaining and increasing the trust of the community,” the report reads, quoting a publication titled Australia’s Tech Future.

“Government takes this issue very seriously, and there is more to do to increase transparency and build trust in both the use of data and decision-making in government.”

The ForgeRock report also highlights the importance of governments transacting digitally, particularly considering that specific government interactions are mandatory for Australian businesses and individuals (such as tax obligations).

“Whether it’s health-related, related to taxation, human services or welfare, it’s much more efficient to do these things online, both for the agency and the consumer of those services,” explains former Taxation Office Chief Information Security Officer Jamie Norton, now a consulting partner at cybersecurity firm McGrathNicol.

In terms of technologies used to secure these digital interactions between government agencies and citizens, biometric authentication is paramount.

“Today we expect mobile-first experiences, the ability to use biometric means of authentication and service enrolment and linkage processes that are designed with information minimization principles in mind,” writes Johan Fantenberg, principal solutions architect with ForgeRock.

“It is also important that digital government services are inclusive and usable by a wide range of users, including users with disabilities and specific language preferences.”

The ForgeRock document also addresses risk, trust and transparency issues.

“Anything that is financial is automatically going to have a high level of criticality for security,” Norton says.

“In certain sectors, any sense of uncertainty can damage the adoption of a digital utility. An example of note is MyHealthRecord, which in 2019 was found by the Australian National Audit Office not to have properly managed all cybersecurity and privacy risk.”

Further, the report looks at challenges connected with inclusivity, confidentiality, infrastructure and resources that can hinder the digital government journey.

“Sometimes we don’t know what the answers for those situations are, but I think we’re at that stage where we can’t make a system insecure because of the one or two percent that just can’t participate,” Norton explains.

“We need to be as inclusive as possible, but there has to be a baseline, such as multi-factor authentication because the enhancement it gives to security is just so high that I don’t think we can ignore it for much longer.”

Still, ForgeRock believes Australian government agencies are taking steps in the right direction and that the country’s digital ID infrastructure is evolving slowly but steadily.

“As more and more services go digital and regulations evolve, matching security controls and solutions with ease of use and accessibility will be an important task for all stakeholders in the design and planning of trusted digital services,” the report concludes.

Its publication comes weeks after the massive Optus hack, which further spurred demand for digital ID in Australia.

Article Topics

Australia  |  authentication  |  biometrics  |  digital government  |  digital ID infrastructure  |  digital identity  |  ForgeRock