Transforming Identity and Access Management in the Public Sector

Upgrading IT Security

With large amounts of data, often collected outside of offices and spread across multiple sites around the country, information security needed upgrading at the Government Agency. On top of that, the increased compliance requirements for protecting personal and other sensitive data were also a major security driver. As part of a larger digital transformation project, the decision was taken to update the IAM platform with a trusted provider who could not only implement a solution but also support the long-term support and maintenance requirements of the organization.

Long-term framework agreement

“A public tender was issued to find a provider to deliver a solution over a two-year period, with the option to extend support for one plus one years,” says Anders Essner, Ductus Head of IAM. “We proposed an IAM/IdP architecture and design proposal utilizing the Curity Identity Server to meet both immediate and longer-term requirements. The solution had to be available as on-prem (locally), although today, it’s a hybrid solution run on virtual servers. It had to encompass and secure broad information sets, from sensitive personal information, such as work-related data, through to personal data such as salaries and pension contributions while adhering to the strict compliance requirements relating to these data types, set by e.g. GDPR and NIS2. And it had to future-proof and support IAM operations across the wider IT environment, integrating with other systems, applications and servers in and beyond the ecosystem to streamline authentication and authorization for the in-house development team.

IAM strategy, architecture, and implementation

“Our first task was to implement the IAM architecture according to the proposed timeline that would deliver on immediate and longer-term requirements. This included both the integration of the Curity Identity Server and the roles of Ductus developers and the Agency tech team – to ensure the optimal collaborative environment,” continues Essner.

With the IAM platform approved, work began on connecting the first application, the salary system, to the platform. “Starting with one system gave us the perfect opportunity to implement and test the IAM solution in the environment before rolling it out across more applications and, at the same time, satisfying the stricter personal data security demands put on the Agency” says Ductus developer Hannes Larsson. “Once this was achieved, we worked closely with developers at the Agency to integrate and migrate more applications to the server.”

Streamlined authentication and authorization

The Agency is responsible for maintaining, updating, and the day-to-day management of the IAM server and environment, with Ductus experts available to support and advise as and when required. Thanks to the standardized IAM/IdP solution, whenever new architecture is built authentication and authorization is no longer done on a case-by-case basis, as they can utilize the Curity Identity Server, which saves a lot of time and resources.

Improved User Experience

On the front-end, SSO (Single Sign-On) has been implemented so that users don’t have to use multiple passwords. They can easily and securely access the data that they are authorized to. This service is being rolled out for external consultants, customers and other stakeholders. Other ongoing projects by the Ductus team include DevOps and network modernization to support the IAM environment.

Extended collaboration

“The collaboration with the Agency has been very smooth, as we have been two teams working collaboratively towards the same goals. Of course, you need KPIs to measure that you are meeting customer success, but I think for me the best reflection of our achievements is that the Agency has taken up the option to extend our contract. That says everything,” concludes Essner.

Anders Essner

Phone: +46 (70) 513 56 19
anders.essner(at)ductus.se