The Rising Importance of IAM + Other NASCIO 2021 Conference Takeaways

At the end of May, CIOs and other top IT officials from all U.S. states and territories gathered virtually for the NASCIO 2021 Midyear Conference. This year’s conference featured three days of exciting sessions and breakout panels—with a spotlight on how Identity and Access Management (IAM) is bolstering the mission of state governments.

As ransomware attacks continue to distress state and local governments, NASCIO is enhancing its focus on the importance of identity, credential, and access management efforts. In the organization's list of State CIO Priorities for 2021, IAM was ranked as the eighth most critical policy priority for State CIOs—the first time it has appeared since the list’s inception. IAM was also named as the number three technology priority among state CIOs, up two spots from 2020. 

In addition to the importance of IAM, other top priorities for NASCIO continue to include cybersecurity and risk management and digital government services—key elements of any state and local government’s strategies around IT modernization, citizen services, and creating a highly mobile workforce.

How states are prioritizing IAM

At this year’s conference, we saw how many states are indeed aligned with IAM as a priority, as IT leaders from around the country took the virtual stage to share their success with identity solutions. IAM is key, not just to the government security mission, but also critical for implementing a more positive and frictionless user experience by ensuring citizens are consistently recognized across systems. 

A fall 2020 NASCIO cybersecurity study showed that 92% of state enterprise level CISOs believe IAM is critical to security and 77% see it as an enabler of modernization and digital transformation. By focusing on protecting people and their identities, agencies are taking immediate action to mitigate some of the most prevalent and impactful threats against their ecosystems.

At the conference, CIOs and other digital transformation leaders shared how state agencies are becoming more customer-centric and data-driven by delivering an integrated customer experience that brings higher-quality services to the public. Many leaders are focusing on digital identity to keep information secure and private, as well as simplifying constituent interactions with state systems.

For example, the State of Kansas uses modern identity solutions to thwart bot attacks and prevent fraudulent unemployment claims. The State of Iowa leverages these solutions to seamlessly and securely connect its citizens to online services starting with a new rental and utility assistance program for those impacted by COVID-19.

On day three of the conference, Arizona State CIO JR Sloan shared how citizen expectations are shifting. He discussed the need to design less for systems and focus on a customer-oriented digital strategy—a trend accelerated by the pandemic. Sloan indicated that since July 1, 2020, the state brought 266 new services “online” across all its agencies. This is a commendable effort by Arizona, given the extra strain to keep up with demands brought on by the pandemic.

As states focus on digitization of citizen services, cloud-based customer identity and access management (CIAM) offers agencies several opportunities. First, it protects apps and data with consistent security and compliance policies. CIAM also lets agencies create modern, scalable digital experiences to foster citizen engagement. 

An effective CIAM strategy offers agencies the ability to create and maintain a single, secure view of registered users and their profiles. This protects both the agency and the citizen, as it allows institutions to perform identity proofing to validate the user before granting them access to sensitive information. 

Additionally, as more states like Arizona move citizen services online, the opportunity for fraudulent actors to infiltrate systems, take advantage of things like unemployment benefits, and access sensitive information ripens. Security leaders can fight fraud by leveraging modern authentication controls like MFA to mitigate new risks.

Okta and the SLG Mission

At Okta, our mission aligns with state agencies and their key identity projects. We help dramatically mitigate risks associated with the most common types of user-oriented attacks, including broad-based phishing campaigns, spear-phishing campaigns, credential stuffing, password spraying, and man-in-the-middle attacks. Our solutions, like Adaptive Multi-factor Authentication and Lifecycle Management, help shrink the attack surface and minimize the risk of phished credentials, including phishing reverse proxies.

As we move forward from the NASCIO Midyear Conference and into the second half of the year, state IT leaders are continuing to focus on ensuring the safety and security of digital citizen services and government employees. As the current landscape of the public sector workforce remains dynamic—from in-person to remote or hybrid settings—identity and access management solutions will be critical to serving the government mission.

To learn more about how Okta is helping state and local governments accelerate and modernize citizen service delivery, check out our Okta for State + Local Government resource page.