Remember the scene from Jurassic Park where the Park staff couldn’t access the computer control system because the rogue I.T. employee had locked them out (ah, ah, ah…you didn’t say the magic word! https://binged.it/2Gggu3k)? Or did you hear about the court whose e-filing system was compromised because its system for entering user I.D.’s and passwords was hacked? How about the time when a court’s lax user security system allowed staff to put passwords on sticky notes by their computers and didn’t require passwords to be routinely changed – are we then surprised that someone logged on and used the system illegally? These are examples of why we all should be concerned about identity and access management. No one wants the situations described above to happen!
“I.D., Please – The quest for a unified solution to identity and access.” was on the cover of the March issue of Government Technology magazine (vol 32 issue 2, www.govtech.com). The related articles made me more aware of the increasing challenges we face in implementing strong and secure identity and access management (IAM) in our electronic court systems. Here is a summary of what I learned.
The first article described the current status of IAM in state and local government in the United States. This graphic neatly summarizes the situation:
The data in this graphic show us that a sizeable majority of public sector organizations have not installed many key IAM technologies, which is poor. Using multi-factor authentication and biometric identification on the front end and robust reporting and monitoring components on the back end are widely available and important means of ensuring secure systems access. We need to do better.
The second article reports on how four states are trying to emulate the IAM solutions implemented by such retail giants as Amazon with simple and easy log-on methodologies. One big problem at the federal, state, and local government levels are the multiplicity of automated systems that are used in the courts. Often there are separate log-ons for court records, HR, financial, jury, calendaring, and personal productivity software/systems. This leads to confusion, use of duplicate passwords, high I.T. systems management overhead, lack of efficiency, etc. Short of combining all of these separate software applications into one (not necessarily a good idea), many jurisdictions are implementing “single sign on” log-in credentialing. This means a user logs on once, then the IAM system is configured to only allow access to those applications that the user is authorized to use. A neat solution, although it can be quite hard to implement.
The last article describes “how emerging technologies are poised to disrupt the way we identify ourselves online.” These technologies include cloud-based management, AI and machine learning, and blockchain. Each of these technologies have the potential to make IAM better able to handle the
- expanding expectations of court users,
- increasing widespread use of mobile access to court applications by users inside and outside of the court, and
- growing legal compliance constraints.
For instance, courts can outsource IAM to vendor providers via a cloud-based system (e.g., Google’s “Cloud Identity Tool”). AI is being used to efficiently monitor access traffic to systems 24-7, enabling much more robust security management. Blockchain can be used to set up secure digital user identity authentication that cuts across applications (and other government entities, like the DMV or voter registration), with users managing their own credentials. It is easy to see how technologies like these will undoubtedly revolutionize IAM in the courts. Let’s hope we have the talent and resources to make that happen sooner than later.
The explosion of digital systems, users, and data (it is estimated that by 2020, every person online will create roughly 1.7 megabytes of new data per second!) are universal, including in our courts. We must meet the challenge of implementing robust identity and access management in our automated systems to keep up with the world around us (or suffer the consequences). Doing so will increase service via secure accessibility to court information, resulting in expanding public trust in the judiciary.
Finally, IAM is a great example of how courts need to pay attention to how they are reducing organizational risk via Internal Control systems, the subject of the last few Vantage Point blog posts.
Let me know if you have any questions or comments, which are always appreciated.