Government Agencies Need to Migrate from Legacy On-Prem Identity Solutions—and Okta Can Help

For communities in the U.S. to thrive, they need access to state and municipal government agencies and the essential services they provide. In order to carry out their work on-demand and at scale while mitigating security challenges such as nation-state cyber attacks, it’s critical that these agencies embrace modern identity. And that means adopting best-of-breed solutions to better serve their employees and constituents.

That may be easier said than done. Many government agencies were built with legacy architecture. When they implemented user security, they adopted on-premises identity and access management (IAM) solutions such as single sign-on (SSO) and Web Access Management (WAM) systems, which are proving unable to address the security threats of today.

With that in mind, let’s take a look at some of the challenges and limitations that outdated solutions such as WAM cause for public sector organizations, as well as the opportunities that more innovative alternatives can bring.

Evolving IT, user expectations, and threat landscapes

Today, many government agencies have complex hybrid IT environments, with systems and data hosted both on-prem and in the cloud, along with dozens or even hundreds of additional servers.

However, it doesn’t end there. Given their complex infrastructure and technical debt, government and municipal agencies have always been appealing targets for bad actors. In addition, cyberwarfare is on the rise because it’s cheaper and faster than traditional methods of international conflict. The recent cyber attacks on education, health, and other public services in Australia are just one example of how the public sector is continually under attack.

To mitigate these threats, many institutions rely on on-prem SSO, WAM, Oracle Access Manager (OAM), CA SiteMinder, and IBM ISAM. These are solutions that were never meant to support complex hybrid IT environments or protect against nation-state account compromise and DDoS attacks. As a result, many on-prem SSO vendors are deprecating their WAM stack, recommending modern identity alternatives, and reducing investments on legacy architecture—making it costly to update and maintain. Not only does this make agencies more vulnerable to cyber attacks, but it limits their capacity to securely enable employees to work offsite.

Never has this problem been more apparent than in the midst of the COVID-19 pandemic. When the whole country had to shift to remote work overnight, many government agencies couldn’t respond effectively. Their infrastructure restricted the ability of employees to access mission-critical apps, and civilians that relied on government services were effectively cut off once offices were closed. Today, a modern IAM solution is a must-have.

The hidden costs of legacy WAM solutions

Legacy software can be expensive. Beyond licensing, which typically accounts for less than 5% of the total cost of ownership (TCO) of these systems, organizations must also factor in deployment and maintenance fees. When measured as a whole, TCO includes:

• Administration and support (35%)
• Patches, upgrades, and outages (35%)
• Infrastructure requirements (20%)
• Application integration costs (5%)

In the case of WAM, hardware such as databases and middleware services are necessary for SSO and IAM policies, and typically involve a minimum of 15 servers—though, to meet changing requirements, more are constantly added. These are expensive to maintain, and costs quickly add up when you factor in vendor support fees, IT specialists who can manage the complex system, and helpdesk support for users.

Due to their reliance on these legacy systems—and the steep costs associated with them—government agencies tend to lag behind their peers in the private sector when it comes to IT architecture. As agencies look to close the gap and become more agile, there’s an opportunity to implement modern solutions that can save vast amounts of time and money, deliver greater value to citizens, and create much more seamless experiences for employees.

A solution the public—and public sector—can trust

When it comes to overcoming technical debt and achieving affordable, sustainable growth, Okta Access Gateway (OAG) is a safe and reliable choice for government agencies. At its core, OAG is designed to let organizations extend the Okta Identity Cloud to their on-prem web apps, deploying leading-edge solutions such as Single Sign-On, Adaptive Multi-Factor Authentication, and Okta ThreatInsight, and ensuring modern access management across legacy systems.

Better still, organizations can protect their on-prem apps without having to change their source code. Not only do they operate exactly the same as before, with no disruption to the user experience, but they support the same policies, workflows, and security as your cloud solutions so that you can consolidate access and remove identity silos.

Needless to say, cost of maintenance and ownership is much lower for government agencies with Okta Access Gateway; middleware, database hardware, and retaining multiple servers are no longer required, reducing infrastructure by as much as 90% and saving up to 80% on TCO and administrative costs. Furthermore, an improved user experience means helpdesk calls are minimized, and organizations that leverage OAG have been shown to reduce their risk of a security breach by half.

Government agencies have the capability to move with agility, drive scale, and deliver modern solutions like their counterparts in the private sector. Already, the State of Illinois and the L.A. Department of Water and Power have started innovative new projects with Okta, and we can’t wait to enable their efforts as they modernize their digital infrastructure.

To learn more about how you can partner with Okta to bring the best possible support and services to citizens, get in touch.