The Australian Government Information Management Office Archive
The content on this page and other AGIMO archive pages is provided to assist research and may contain references to activities or policies that have no current application. See the full archive disclaimer.
Conclusion
Implementing an effective authentication strategy requires technological and cultural changes. Agency policies must be designed to ensure that all systems (whether electronic or conventional) are only provided to appropriately authenticated individuals. As well, all staff members need to be made fully aware of why this goal needs to be achieved. These are essential steps if agencies are to reap the benefits of offering services online, such as improved customer service and reduced transaction costs.
Authentication solutions have advanced considerably in recent years, increasing the range of choices available. Planning to use these solutions can only be carried out effectively after giving consideration to the risks and benefits involved in providing a given service, and the costs of doing so. Consistency in procedures is as important as consistency in technology.
Agencies should carry out a risk assessment to determine which authentication solutions will be used. Risk management should be part of the ongoing business planning process, rather than a one-off event. It is important to remember that authentication in itself does not comprise the whole of an agency's plans for either online activity or security, but must work as part of an overall policy.
Basic solutions such as password authentication are often appropriate for simple information access applications, but may raise concerns over maintenance costs and privacy issues. More expensive solutions such as digital certificates or biometrics will be more effective in reducing risk, but the cost of installing them may prove prohibitive.
A solution based on public key cryptography, and possibly using the ABN-DSC, may prove convenient for many agencies. It will also ensure consistency between different departments and with the overall Gatekeeper strategy. However, as with any decision to use authentication, it should be based on a proper risk assessment, and backed by an appropriate management strategy.
6.1 Next steps
The four key steps for managers seeking to develop their agency's position on authentication are:
- Develop a business case for authentication.
- Conduct a risk assessment of different authentication solutions and business process choices.
- Decide on the most appropriate authentication solution and approach.
- Discuss your plans with NOIE and other agencies to further refine your strategy.
NOIE is available to assist managers with any inquiries that emerge at any stage.