This month, it was announced that the Cabinet Office is seeking £300m-£400m in funding to develop a new cross-government single sign-on system to facilitate swift and easy access to government services. The approach is set to be deployed across the gov.uk website, replacing the failed verify system that had cost in the region of £220m. Addressing previous challenges, the new One Login program intends to combine single sign-on functionality with identity verification capabilities and the gov.uk accounts online personalization tool. Given the UK’s tumultuous history with such tools, could we ever expect single sign-on solutions to become mainstream?
Exploring the Challenge
While single sign-on (SSO) offers significant advantages in terms of efficiency, several challenges remain, such as the loss of access to all sites if the SSO is disabled.
Security can also be put at risk by SSO methods, with attackers able to gain access to multiple systems via a single entry point. Our research indicates that the appetite for consolidated SSO systems remains strong, despite the limitations. Over 50% of respondents would like to use a central login to access all digital government services, underlining system complexity and the need for greater efficiency.
While generally there is strong support for SSO, only 41% of 18 to 24-year-olds favor it, signaling the need for government digital services to engage and nurture trust amongst younger generations. This could involve efforts to uncover the reasons behind lower levels of support amongst these groups and active and transparent steps to address them.
Laying the Foundations of Trust
Trust is a key trend our research unearthed to ensure SSO success. Building trust requires a transparent and security-first approach, demonstrated throughout the process. While only 30% of respondents called for higher levels of online security, it is vital to take a robust approach to identity verification as we move towards a zero trust future.
“As online service usage increases and the demand for SSO efficiency grows, it is essential to bring less digitally confident individuals up to speed”
Some critical learnings can be taken from the private sector. Access to human support, when required, is an area that stands out. Indeed, 33% of respondents highlighted that they had a worse experience of this when using public sector services. The need for readily available human support is reinforced further by the fact 34% of respondents stated that they needed to use a mix of digital and in-person services, demonstrating the need for government digital services to retain some level of human access.
Despite shortcomings, the pandemic has led to 8 in 10 people increasing their use of digital government services. In turn, this uptick in use resulted in 31% of respondents having more confidence in using digital government services and 15% trusting them more. This greater familiarity with digital services is positive. Still, it shines a light on the main challenge at hand: over a fifth (22%) of respondents struggle to remember login information for multiple government accounts.
The Work to Be Done
As online service usage increases and the demand for SSO efficiency grows, it is essential to bring less digitally confident individuals up to speed. Building trust amongst this population will play a crucial role in a future where single sign-on solutions become mainstream.
As the government continues to develop and seek investment in its One Login solution, the following considerations must be made, and its vast potential is kept front of mind. The simplicity offered by SSO will be encouraging for newer users, but this cannot be rolled out at the expense of security. With a security-first approach that utilizes digital identity proofing and verifiable credential services to prioritize user privacy and transparency, services can be effectively streamlined into a seamless experience.
Beyond increased efficiency, the subsequent benefits of these considerations will be a reduction of information siloes and associated costs. This will strengthen the government’s One Login strategy and help deliver more control to citizens wishing to manage their digital identity data with single sign-on experience.
Beyond prioritizing trust and user confidence, the public sector must consider the security step change emerging with zero trust. For SSO technology to be rolled out on a mainstream basis, it will be critical to maintaining control of identities and user access levels to mitigate security risk.
Vishal Salvi CISO and Head of Cybersecurity Practice, Infosys