Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Developing Countries
National ICT Identity
Governance
Strategy
Huntington Ventures Ltd.
The Business of Identity Managemen...
This Deck…
• Reviews the governance components required to
successfully implement and maintain an e-
government strategy:
...
Guy Huntington
Guy Huntington is a very
experienced identity
architect, program and
project manager who has led,
as well a...
Identity Governance
• Many people don’t understand the governance
requirements to successfully implement and
maintain an e...
Birth
Name Change
Gender Change
Death
Address Change
Tel. Number Change
Parent/Guardian Change
Marriage
Divorce
Authoritat...
Who Has Legal Responsibility?
• For each of the identity data on the left hand side of
the previous screen, what governmen...
Legal Vs. Operational Responsibility
• Once the legal governance for each piece of identity data
is determined, then there...
Shared Services
• About 20 years ago, when large global
enterprises began to digitize themselves and
centralize operations...
Identity Infrastructure et al
• Shared Services are usually the group who is
responsible for the operational management of...
BUT Sometimes Shared Services
Is Legally Responsible…
• Sometimes, the shared services group also looks
after things like ...
Government Identity Steering Committee
• Many enterprises deploying global identity
strategies quickly come to the realiza...
Laws and Regulations
• If one examines governments who have already
successfully deployed national e-identity programs,
li...
Legal Framework
• Digital Signatures Act -
https://www.riigiteataja.ee/en/eli/508072014007/consolide
• Public Information ...
Identity and Credential Assurance
• Your government will have to create two standards; identity
and credential assurance
•...
Federation Agreements
• Your government’s e-identity strategy will also
require the national identity and authentication
s...
Governance Challenges
• Creating, implementing and sustaining an e-
identity strategy IS VERY CHALLENGING because:
– Cross...
Strong, Sustained Leadership
• Therefore, from the top of your government on
down, all must be not only aware but take a
s...
There’s A Lot To Governance
• It has been my own past experience that most
enterprises commencing large, global, identity
...
Governance Should Be Addressed First
• At the very least, governance should be one of
the main project tracks
• Many diffe...
Changing the World a Bit
• Guy wants to change the world a bit by assisting
developing countries to leapfrog ahead of most...
If You Thought This Is Thought Provoking
• Then please pass along a link to the presentation
to people in your country who...
Upcoming SlideShare
Loading in …5
×

Developing Countries National ICT Identity Governance Strategy

238 views

Published on

Reviews the governance components required to successfully implement and maintain an e-government strategy:
* Identity data governance
* Identity infrastructure governance
* Laws and regulations governance

Published in: Government & Nonprofit
  • Be the first to comment

Developing Countries National ICT Identity Governance Strategy

  1. 1. Developing Countries National ICT Identity Governance Strategy Huntington Ventures Ltd. The Business of Identity Management May 2016
  2. 2. This Deck… • Reviews the governance components required to successfully implement and maintain an e- government strategy: – Identity data governance – Identity infrastructure governance – Laws and regulations governance • So who am I?
  3. 3. Guy Huntington Guy Huntington is a very experienced identity architect, program and project manager who has led, as well as rescued, many large Fortune 500 identity projects including Boeing and Capital One. He recently completed being the identity architect for the Government of Alberta’s Digital Citizen Identity and Authentication program.
  4. 4. Identity Governance • Many people don’t understand the governance requirements to successfully implement and maintain an e-government strategy • There are several components: – Identity data governance – Identity infrastructure governance – Laws and regulations governance • Let’s start with identity data…
  5. 5. Birth Name Change Gender Change Death Address Change Tel. Number Change Parent/Guardian Change Marriage Divorce Authoritative Source Authoritative Source Authoritative Source Authoritative Source Authoritative Source Authoritative Source Authoritative Source Authoritative Source Authoritative Source Business Processes Business Processes Business Processes Business Processes Business Processes Business Processes Business Processes Business Processes Business Processes Citizen Tombstone Identity Directory National Citizen Identity Lifecycle
  6. 6. Who Has Legal Responsibility? • For each of the identity data on the left hand side of the previous screen, what government ministry is legally responsible for the data? • There are some new identity challenges that need to be addressed: – When a biometric is obtained from a person (e.g. infant, child or adult) which ministry is ultimately responsible for the biometric? – For Parents/legal guardians, which ministry is legally responsible for establishing this relationship – For citizen addresses and phone numbers, is there one ministry who will be legally responsible for the collection and management of this?
  7. 7. Legal Vs. Operational Responsibility • Once the legal governance for each piece of identity data is determined, then there needs to be a determination of who is operationally responsible for the collection of it • This is the second column in the previous diagram, i.e. business processes • Here’s a hypothetical example: – When a student goes to school for their first day, they will provide a face and voice print biometric • The school district or, a specialized identity team, might be the people who actually collect the biometrics • HOWEVER, the ministry legally responsible for the biometric will likely not be the Education Ministry • So regulations and standards need to be created and then audited for the operational governance of each piece of identity data
  8. 8. Shared Services • About 20 years ago, when large global enterprises began to digitize themselves and centralize operations, it became apparent there was a need for a shared services group to collectively manage IT infrastructure • Governments began to adopt this too • There needs to be a legal act and regulations regarding the formation of such an entity
  9. 9. Identity Infrastructure et al • Shared Services are usually the group who is responsible for the operational management of the identity infrastructure – This includes data centres, clouds, operational data, high availability, etc. – It may or many not include the security management • Note that the Shared Services group only has operational responsibility and not legal ownership for each of the underlying identity data components – The legal ownership remains with the ministry responsible for each identity data
  10. 10. BUT Sometimes Shared Services Is Legally Responsible… • Sometimes, the shared services group also looks after things like identity phone numbers and addresses, since there usually isn’t one ministry assigned to this • At the last government client I worked with, their shared services ministry not only managed the identity infrastructure but also was responsible for the centralized citizen telephone numbers and address collection and management – Citizens would go to one place online to change their addresses and phone numbers
  11. 11. Government Identity Steering Committee • Many enterprises deploying global identity strategies quickly come to the realization that identity crosses all the enterprise administration silos – It’s thus not only operationally very important, BUT also politically important • It is not uncommon in large enterprises for them to form a identity steering committee to oversee identity infrastructure, identity investments, etc.
  12. 12. Laws and Regulations • If one examines governments who have already successfully deployed national e-identity programs, like Estonia, one finds that a major component to do this is to create and/or change laws and regulations • The use of things like digital signatures, digital data retention, biometrics et al require well thought out acts and regulations • So your government will have to do this too • Let’s take a quick look at some of the laws that Estonia brought into being…
  13. 13. Legal Framework • Digital Signatures Act - https://www.riigiteataja.ee/en/eli/508072014007/consolide • Public Information Act - https://www.riigiteataja.ee/en/eli/522122014002/consolide • Personal Data Protection Act - https://www.riigiteataja.ee/en/eli/529012015008/consolide • Act on Intellectual Property • Uniform Bases for Document Management Procedures - https://www.riigiteataja.ee/akt/119062012007 • Archives Act - https://www.riigiteataja.ee/akt/112072014028 • Principles of Estonian Information Policy (1998, 2004) • Action Plan of Estonian Information Policy – (eEstonia) (1998, 1999, 2000, 2001,2002, 2003, 2004, 2005, 2006...) • http://egov2.eu/knowledge-base/an-overview-of-estonian- e%E2%80%91government-development-and-projects/
  14. 14. Identity and Credential Assurance • Your government will have to create two standards; identity and credential assurance • Identity assurance covers what documents and biometrics are allowable under what type of conditions to establish an identity • Credential assurance covers what type of credential is allowable for certain types of risk • There will have to be memorandums of understanding between the national government and local state and municipalities as well as crown corporations • These documents will also likely be legally referred to in federation agreements with third parties • As your country begins to work with other countries on recognizing national identities and verification, these documents must then become part of such agreements
  15. 15. Federation Agreements • Your government’s e-identity strategy will also require the national identity and authentication service to work with third parties like banks, telcos, insurance companies, etc. • Each of these parties will have to sign a federation agreement with the government • This covers many things like identity and credential assurance, liability, responsibility for when a session is dropped part way through, etc.
  16. 16. Governance Challenges • Creating, implementing and sustaining an e- identity strategy IS VERY CHALLENGING because: – Crosses over all ministry silo’s – Extremely public facing – Literally many thousands of decisions to be made as the systems are all interconnected – The system is prone to attack from organized crime and foreign intelligence agencies – Large budgets and time cycles involved
  17. 17. Strong, Sustained Leadership • Therefore, from the top of your government on down, all must be not only aware but take a strong, sustained leadership role • It’s when times get tough, like a denial of service attack, etc. that the top leaders have to be there to calm the public and ensure the system will be properly maintained
  18. 18. There’s A Lot To Governance • It has been my own past experience that most enterprises commencing large, global, identity programs don’t understand the implications of governance • It’s usually tacked on towards the end of the project • THIS IS A BIG MISTAKE since many projects go over time and budgets as they finally realize governance is complex and must be addressed
  19. 19. Governance Should Be Addressed First • At the very least, governance should be one of the main project tracks • Many different government governance initiatives must be launched in parallel to the business process and technical activities of the teams • Governance work takes time – so plan for it • If you do this, then there is an excellent chance your identity program will roll out the door on time and on budget
  20. 20. Changing the World a Bit • Guy wants to change the world a bit by assisting developing countries to leapfrog ahead of most western societies by: – Leveraging citizen’s use of the cell phone and their voice to then access online government services – Creating a new model for educating students – Leverage existing technology to deliver healthcare more effectively
  21. 21. If You Thought This Is Thought Provoking • Then please pass along a link to the presentation to people in your country who might be interested • You can contact me at: – guy@hvl.net – 1-604-861-6804 – Via LinkedIn (https://ca.linkedin.com/in/ghuntington) • Thanks for your time!

×