Several high profile access management initiatives are being undertaken in the public sector.
The most ambitious may very well be Government On-Line, the Federal Government of Canada’s proclamation that all government services will be delivered on-line by 2004. This undertaking is requiring
the government to re-architect and consolidates many of its major underlying employee and constituent data repositories, telecommunications channels and security requirements and technologies. This is requiring the departments and crown agencies to work in a more collaborative fashion to plan and execute a wholesale infrastructure upgrade on a scale that has never been contemplated in the past. All reports to date suggest that while the timing may be too aggressive, the pieces are starting to come together in the right way.
At the provincial level, early adopters are starting to engage the vendor community to undertake an aggressive re-tooling of their infrastructure, particularly that which sits in front of their web applications. For example, in the Province of BC, an access management solution is being rolled out along with the government portal that includes products such as Broadvision, Netegrity and Microsoft Active Directory. In Alberta, the government is investing in a bandwidth superhighway that will become the backbone on which these access management solutions will allow all Albertan’s to interact with the government ministries in a virtual service community.
At the municipal level, many cities and regions are beginning the long road of deploying portals to deliver service such as parking ticket payment, fishing licence issuance on-line. Along with that they are implementing access management suites and directory service technologies and challenging some of the administrative processes that they followed in the past.
At the end of the day, governments and organizations at all levels are being compelled to reinvent their underlying businesses practices and toolsets in order to deliver more seamless and consistent service to their customers, constituents and partners in an automated real-time fashion. That inherently means investing first in the “plumbing” called enterprise access management first.
Andreas Faruki, CA, CISA, CISSP (afaruki@deloitte.ca) is a senior manager in Deloitte & Touche’s Security Services practice. He leads their iMAAP service offering across Canada that focuses on helping clients design, implement and sustain IT security solutions.