As governments race to keep pace with the technological advancements transforming everyday life into a continuous digital experience, the changing threat landscape forces organisations to constantly reevaluate their security position while simultaneously managing citizen needs in seamless user experience (UX).
Following its recent Infosec Registered Assessors Program (IRAP) assessment, Okta is one of the few tech powerhouses nailing this complex balance between data security, digital identity and UX across all levels of government and education. FST Government sat down with James Enoch, Head of Public Sector and Education, ahead of the organisation’s technology keynote at FSTGov Future of Queensland Government Summit 2024 to discuss the role Okta is set to play in its work with government departments and agencies to build trust in both employees and citizens about the future of security and digital identity.
FST Media: Where did you start in the space, and how did you come to your current role at Okta?
James Enoch: I was fortunate to start in tech 20 years ago. I joined an analytics and data science vendor to work with universities across Australia and New Zealand to build analytics curricula. It entailed looking into the future at the shortage of analytics professionals in the market, working with universities to educate them on what was happening around the space of analytics, the impact on society, and ensuring we had the right graduates coming through with the right skills.
Spending time throughout my career working with education and then public sector, aligned with my personal values. I have always looked for roles where I can lead teams that positively impact the society around me.
Having previously worked closely with government departments and tech vendors that were integrating with Okta, I had seen the impact Okta had on the world in enabling great digital experiences. I saw the value that Okta also provided them in ensuring that their extended workforces had the right security protections balanced with seamless access and great user experiences, to ensure they were getting the most efficiency and productivity out of their teams.
“The opportunity to lead a great team and help extend the work Okta was doing within many government departments and higher educators to all public sector and educational organisations across Australia and New Zealand was a no-brainer to me.”
FST Media: What are some key components of your current role, and do you foresee any changes to your role off the back of Okta’s recent IRAP assessment announcement?
Enoch: My role is about leading people and leading teams – I love it. I enjoy focusing on how I can coach and develop others to create a space of two-way feedback, while building resilient, thriving teams. It helps me extend and develop my skills as a leader. That stays the same no matter what.
The other aspects of my role are situated around Okta’s go-to-market strategy in the public sector. They are focused on delivering positive change and great use cases to transform identity and access management (IAM) within the extended workforce ecosystem and, on the citizen identity side, to create great digital experiences in the countries they live in. We are one piece of an organisation’s journey to a zero-trust framework to help them within their overall cyber security posture.
FST Media: Congratulations on securing IRAP assessment at the Protected Level. Give us a rundown of what this means in the context of data protection and security, and why it is such a milestone for Okta.
Enoch: We are at a critical juncture with digital identity, the Federal Government’s Digital ID Bill going out for consultation at the end of last year and tabled with Parliament in November. This legislation is going to be a critical piece of the puzzle in both how we protect Australians from cyber threats and how we ensure we enable seamless digital experiences for citizens.
“[Digital identity] isn’t just a security piece. It is an enabler for great digital experiences at a national level. It will be an asset to our country and economy and something we need to get right.”
Going through the IRAP assessment now is perfect timing for Okta because we can be part of that conversation and the solution to get this right. IRAP is essential for anyone looking to work with federal government departments or agencies. It’s an independent assessment of the appropriateness or effectiveness of the system’s security controls. It builds trust with departments and agencies and ensures our suitability for work in the space.
FST Media: Will Okta’s work with the government encompass customer or public-facing solutions, or is it internal within departments and agencies?
Enoch: Okta is built on two clouds: our Workforce Identity Cloud and our Customer Identity Cloud. The Workforce Identity Cloud suits anything from a small department or agency to the whole of government to provide seamless, secure access to all the enterprise applications they work with and extensions into security controls like multi-factor authentication (MFA), Lifecycle Management, Identity Governance and Privileged Access. On our Customer Identity Cloud, we’re making it simple for developers to create great digital experiences for customers or citizens, and the growth in this space is quick.
The New South Wales Government is seen as a thought leader for digital governments globally because, in 2017, they set up a digital driver’s licence and mobile app that continues to drive digital transformation. They only recently wrapped the Working With Children’s Check into that same mobile app. Having that platform and investment, which identity enables, is critical for citizen identity.
For Okta, the investment extends beyond our product and assessments into the team on the ground. We have a team of more than 20 people focused purely on public sector and higher education, which extends further through our close work with partners in this space.
FST Media: Okta has worked extensively with state government departments and agencies as well as local councils around Australia in the past. Tell us about this work, and perhaps your projects in the pipeline with the Federal Government – particularly post-IRAP.
Enoch: We have quite extensive work with state government, local government and some federal government departments and agencies even pre-IRAP – we’re nearing 100 customers in this space – Okta empowers government agencies to boost citizen confidence in digital services while safeguarding sensitive data, systems, and people against cyberattacks.
Beyond government, a large number of higher education institutions are utilising Okta to power an easy, centralised and secure consistent identity experience throughout a student’s journey and for all stakeholders across a higher education ecosystem.
Okta’s current public sector customers in ANZ include Service NSW which is considered one of the most digitally transformed governments globally, the Department for Education in South Australia, the City of Greater Dandenong Council, Comcare, City of Parramatta, and Moorabool Shire Council. Higher Education customers include UTS and Flinders University.
The Department for Education in South Australia has over 900 schools, preschools and early childhood centres under remit. Okta is creating a secure environment for teachers and students to harness emerging technology and has reduced the time teachers, students, and staff spend accessing the networks, services, and applications required for teaching and learning. Okta Workforce Identity powers the “EdPass” platform and enables teachers and students to log in once using a single set of credentials and access relevant applications and services. Before EdPass, teachers had to log in to up to 15 systems and services to deliver the curriculum.
FST Media: While the program’s core focus is security, user experience (UX) also plays a key part. How do you effectively balance these two priorities?
“Enoch: This is at the heart of us building trust as a nation in the importance of digital identity, as well as the value it has for citizens. The beauty of Okta is that we balance the two.”
If you run a secure platform that is completely inaccessible, it has no value; while it’s also not going to add any value if it’s simple to access yet insecure. We enable security by creating a seamless user experience,the two must go hand-in-hand.
Technology like adaptive MFA is critical. It protects users’ accounts from threats without increasing friction. It assesses risk during every login transaction and will prompt the user for additional authentication if required.
Higher educators, like the University of Technology, Sydney (UTS), understand the value of a born-in-the-cloud identity platform. With that and Okta’s independence across thousands of technologies, it makes it easy for them to deploy and simple to administer, saving time and providing ease-of-access for staff, students and others across the university. They can then focus on delivering great learning outcomes and high-quality research.
FST Media: Just like several other technological advancements, there are supporters and critics of going passwordless and using identity as “critical infrastructure”. Do you think the criticism is founded, or are these normal side effects of society converging with technology?
Enoch: Passwordless is important for several reasons. It’s easier; no one likes having to remember dozens upon dozens of passwords. People will do things that end up being high-risk to themselves individually or the organisation they work for. [Passwordless] is far more secure because passwords are crackable.
By going passwordless, organisations can save on resources which can be repurposed to improve their security postures. There is an opportunity for organisations to consider it, and it’s probably coming up far more rapidly than many would think.
FST Media: How can going passwordless be executed effectively, particularly in government and agency levels, where data security is of the utmost importance?
Enoch: Okta has a massive role to play with governments in this space. The challenge is that there are many different threat vectors, and they are rapidly changing. But at the crux of it, for a government who wants to create a great passwordless digital experience for citizens, passkeys in the Okta Customer Identity Cloud can allow citizens to sign up and sign into their applications using the same biometrics they use within their mobile devices.
The average data breach cost is AUD$4.03 million (according to IBM’s Cost of a Data Breach Report 2023). This is a high risk for an organisation’s reputation, brand, and cost to recover. With the right investments in place and the right treatment of both investing in cybersecurity projects to protect and IAM as the critical enabler, [going passwordless] can play a role. We need to educate departments and agencies on what’s possible, and decide how we can deliver quickly with value.
FST Media: What privileges does membership of the Tech Council of Australia bring for Okta? Was it good timing to become a member now that you’ll be working directly with the Federal Government? What’s on the cards for Okta as a member?
Enoch: The Tech Council of Australia is the trusted voice of the tech industry, so, naturally, companies want to be there to support the industry that they work in and be a member. It’s a great organisation, and we’re proud to be a part of it.
Why now? We are at the maturity of a government business where we have many use cases that we’re already solving and many government departments and agencies we’re working with. We have also significantly invested in our team over the last year.
It made sense for us to look for like-minded partners to work together on important issues in the space and advocate to the government. IAM, cyber security to mitigate cyber threats and enabling great digital experiences are only some of the issues we plan to address.
We can help provide an educational role there. There are natural spaces we would probably make sense to work in, such as the working group on digital identity. It is the early days of our membership, and the role will start to develop over time.
FST Media: Data classification is critical to any data management practice. What are your thoughts on the way Australian Governments classify data? How can this be handled better?
Enoch: There’s an idea around the population’s fear of what national digital identity means to them. All organisations have an important role to play in educating citizens about what it means, so we can approach it without fear and build trust towards national digital identity or a framework around it.
The IRAP classification to ‘Protected Level’ makes sense given the use cases and the sensitivity of critical data that governments work with. That’s why Okta going through the IRAP assessment to ‘Protected Level’ was perfect for us to ensure that we build that trust and that government departments and agencies know that they have a trusted partner to work with in this space.
Okta will be appearing at FSTGov’s Future of Queensland Government Summit 2024, speaking on how the government can navigate the future of digital identity for both employees and citizens and tips on maintaining the balance between security and user experience (UX).