Mastek Blog

How to build identity and access management into digital government from the ground up

05-Aug-2022 01:05:53 / by Ravindra Samant

Ravindra Samant


From telehealth to online vehicle registration, users can continue to benefit from crucial services, no matter where they are.

While this makes life more convenient, especially in this time of great uncertainty, it’s not without its risks.


laptop screen showing failed authorization

After all, government agencies usually require a slew of information for registration. Your National Insurance number, your date of birth, your postcode—in the wrong hands, they could open doors to malicious actors committing fraud and even identity theft.

Some agencies combat this by asking for a high level of authentication for every login. While this is great for security, it’s not so good for the user experience.

That’s why we’re going to look at Identity and Access Management (IAM) in digital government, and how you can build it in from the ground up.


IAM in digital government today

While the 2017 attack on the NHS might not have compromised any data, it still shows how vulnerable sensitive information can be.

Identity Access Management (IAM) manages the access privileges of users. It’s a framework of policies that every organisation should create to ensure only authorised users get access to certain sites, apps, and files.

This is especially important in digital government, as they regularly use personal information.

Let’s take a look at a couple of examples of IAM at work within government agencies online.


NHS Login

With just one set of login details, NHS Login allows patients to access multiple digital health and care services.

But, in order to ensure access is secure, it demands authentication. There are three levels of proof for users to meet, from low to high, depending on the sensitivity of the information.

The problem lies at the high level, where users need to do one of the following for access to their medical records:

  • Use a fast-track ID check
  • Submit a photo ID and a face scan
  • Submit a photo ID and a video
  • Use registration details from your GP surgery’s online services

While this ensures only those with the right credentials get access to more sensitive information, this kind of authentication is challenging for less technically-able users.


Gov UK Verify

Gov UK Verify has replaced the Government Gateway User ID for easier access to agencies such as the HMRC and the DVLA, among others.

No longer do users need a 12-digit password every time they sign in. By comparison, Gov UK Verify is simple to use, requiring only an email and password once the fifteen-minute registration is complete.

And, because users choose an independent company to verify their personal information, sensitive data isn’t shared unnecessarily. Nor is it stored in one place.

This is a step in the right direction towards more user-friendly and robust secure IAM policies. But is there a way it could be better?

The simple answer is ‘yes’.


Build a better digital government with IAM

Digital government provides citizens with much-needed services, no matter where they are. In this time of great uncertainty, this kind of access is invaluable.

But to make sure that users can get the access they need without compromising sensitive information within your network, IAM is a must. Authentication like Gov UK Verify is a step in the right direction. But with the help of experts, you can go further.

To make your Identity and Access Management policies more secure, more user-friendly, and better all-round, contact us.


Topics: Government, UK Central Government, UK Public Sector, Identity & Access Management

Ravindra Samant

Written by Ravindra Samant

Ravindra Samant is an Information Technology and Security professional with more than 20 years of experience in architecting, designing, integrating and deploying Identity & Access Management (Enterprise & Consumer) and other security solutions for projects in the UK. He has worked in both government and financial sector organisations in the UK delivering IAM and security solutions in cloud environments. His key achievements include working on the NHS Digital IAM solution and its cloud transformation and also working for a couple of UK banks to implement PSD2 regulated (OpenBanking) solution in the retail banking sector.  Ravindra has done Masters in Information Security with Distinction from Royal Holloway University of London – Information Security Group and also holds an active CISSP information security certification.

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

see all

Recent Posts