How a zero trust approach protects governments and constituents against fraud
Kedar Shah
Google Cloud Architect, Customer Engineering, Google Cloud
Tommy Cathey
RVP, ForgeRock Public Sector
With the rise in digital services, government programs that distribute money to constituents are facing serious identity fraud challenges. In 2020, the massive increase in available benefits attracted significant fraudulent activity–leading to billions of misdirected funds, such as $6 billion in alleged losses to federal healthcare programs1. Fraudsters use stolen identities to file false tax returns, claim compensation from government services, or seek employment.
Government agencies must adopt a zero trust approach to defend themselves and their constituents against fraud. A key principle of zero trust is that all access to data and services must be authenticated and authorized based on the identity of the user. Modern identity and access management (IAM), multi-factor authentication (MFA), and bot detection with Google reCAPTCHA are security components that can be integrated for multiple layers of defense against bad actors. Google Cloud artificial intelligence and machine learning (AI/ML) can apply rules-based pattern recognition to detect improper payments before they happen. During the pandemic, AI/ML enabled states like Wisconsin to quickly process high volumes of legitimate unemployment claims, while simultaneously flagging improper claims. Together, these solutions offer an end-to-end approach for government agencies to protect high-value assets while improving the delivery of essential services to constituents.
The role of identity in fraud prevention
Modern IAM systems allow agencies to create a profile of a constituent that follows them as they interact with various services. Solutions such as ForgeRock Intelligent Access, part of the ForgeRock Identity Cloud which is purpose-built on Google Cloud, can detect anomalies both before and after each user authenticates while accessing a government service. Using a simple drag-and-drop configuration, ForgeRock collects context about the user, their session and access, which can then be used to evaluate risk. This continuous authentication and authorization protects both the agency and the constituent seamlessly.
Combining IAM with Multi-Factor Authentication (MFA), reCAPTCHA, and Google Cloud AI/ML solutions creates a powerful security system that reduces the chance of fraud. Multi-factor authentication adds an extra layer of identity verification. reCAPTCHA protects against bots, and AI/ML solutions apply rules and pattern recognition to detect potential fraud before improper payments are made.
State of Utah: Saving millions and protecting 1.7 million identities from fraud
Utah implemented the ForgeRock Identity Platform in 2019 and has already saved an estimated $15 million through efficient consolidation of IAM platforms. Today, the state has over 1,000 apps and online services using ForgeRock serving over 1.7 million identities.
ForgeRock Identity Platform enabled Utah to create a single snapshot of constituents across multiple programs and verify Utah caseworker access based on permissions. Utah applied Google Cloud’s built-in IAM controls on data pipelines and Application Program Interfaces (APIs), enabling a complete audit trail of all system activity.
In the beginning of the pandemic, ForgeRock and Google Cloud helped Utah securely scale digital services, leading to Utah having the third-lowest improper payment rates in the country.
Improving identity security
ForgeRock Identity Cloud is a Software-as-a-Service (SaaS) running on Google Cloud. It is a multi-tenant SaaS offering that provides a distinct, dedicated, and sovereign environment to each customer by leveraging Google's built-in security. Using ForgeRock, government agencies can federate a unique constituent identity across all departments. ForgeRock’s orchestration facilitates authentication and authorization journeys, allowing easy configuration of included MFA and risk management features while leveraging third-party partner solutions to provide identity proofing and advanced authentication methods. This saves organizations money and reduces the likelihood of fraud. Organizations can also tackle the scalability problem easily since ForgeRock Identity Cloud utilizes the on-demand built-in scaling of Google Cloud.
To learn more visit the ForgeRock Identity Cloud Page and check out this webinar on Quick Wins for Reducing Government Services Fraud with IAM.
1https://oig.hhs.gov/newsroom/media-materials/2020takedown/