Connecting state and local government leaders
COMMENTARY | A zero-trust citizen portal gives residents seamless access to public services while protecting increasingly vulnerable government networks from attack.
With the recent unveiling of the Biden administration’s National Cybersecurity Strategy, government agencies will continue to focus on zero-trust security architectures to guard against cyberattacks. But what about expanding the concept of zero trust to deliver better citizen services?
Government leaders are developing an innovative way to do just that. Citizen portals using a zero-trust security approach gives residents seamless access to public services while protecting increasingly vulnerable government networks from attack.
The concept is known as zero-trust citizen access. Boston has a project in progress, and leaders in Aurora, Colorado, are using the portal approach to improve online experiences for residents and protect against unauthorized access. These developments illustrate that the balance between security and citizen support is a vital one to strike.
Zero-trust citizen access arose out of the dramatic societal shift in how residents access government services, from more devices and in more locations than ever. Governments have responded by offering more digital services so constituents don’t need to visit government offices for many transactions. This reduces brick and mortar costs and invests tax dollars into other key areas.
But the flood of online services has introduced new security risks because there are more public-facing web applications, and those applications sometimes connect to legacy systems that cannot be easily patched. The result is increased attack surfaces for bad actors to exploit and, often, a poor user experience for citizens who must remember multiple logins for different applications. Additionally, government workers don’t have a single, secure place to interact with constituents.
Zero-trust portals integrate with modern Security Assertion Markup Language (SAML) 2.0-based identity and access management platforms, providing a smooth end-user experience and eliminating the inbound attack surface through zero-trust security principles.
For the user, the concept is relatively simple. Residents connect to a zero-trust exchange, which essentially works like an online switchboard. To gain access, they go to a website—the same basic user experience as before.
They then get a login prompt and enter a username and password like usual or can click on a social media login. After a quick extra layer of authentication, users can access a variety of citizen services.
In other words, people simply interact with government the same way they use commercial sites.
But while it all seems simple to the user, the beauty of the approach is that it is highly secure. The web tier is essentially removed from the internet, so there is no attack surface for potential cybercriminals to find.
In Boston, city officials used a version of this approach in moving to a cloud security platform with a zero-trust approach for 5,500 city employees, providing secure cloud access and meeting the demands of rapidly growing web traffic.
Out west, in Aurora, government leaders have rolled out a version of zero-trust citizen access, the first step in a planned move to make citizen services more available at public access computers in libraries, recreational centers and other locations.
There are countless applications that can put zero trust to work to deliver enhanced digital services. As we consider the important security benefits, we should at the same time bear in mind the tremendous opportunity ahead to improve government service delivery.
Ian Milligan-Pate is an area vice president, state & local government, at Zscaler.