Developing an online government platform for secure identity verification
The challenge
Objective
To enable the secure upload of sensitive, personal information to a central government online portal and facilitate fast cross-corroboration across numerous third-party systems to verify people’s identities for processing.
Outcome
- Robustness of the system following our comprehensive security assessment
- A streamlined information validation process
- Enhanced data protection and system security
Results that matter
- The platform was fortified and delivered in just 72 hours
- The risk of any malicious data exposure is significantly reduced
- Our client now has a rigorously assessed and assured secure online system
Securing personal details online
Our client, a central government department, deals with people in specific, vulnerable situations and their personal information requires secure management without risk of external disclosure.
When handling this data, the verification of personal IDs and legal documents had to be cross-checked against several different systems, a few of which are held by third-party organisations. Along with securely managing the data from these complex information sources, the department also needed to safeguard its platform and the upload of sensitive documentation.
Confronted with potential extraordinary threats, the department needed an essential security measure to protect over 200 million personal records that foreign actors would find interesting.
Swift action from potential threats
We responded quickly to this critical request for enhanced security. Our round-the-clock client collaboration guaranteed that all urgent requirements were dealt with and the solution remained within its existing boundary. This ensured that no agreements were violated and that no customer data was put at undue risk.
Applying our proven end-to-end experience in cyber security, we deployed our technical capabilities to create a holistic solution on a large scale. Being centrally involved in designing and developing the department’s existing infrastructure, we were well positioned to repurpose their online platform for future cyber threats.
Our team started with a threat assessment and adopted the perspective of potential criminals. We considered various strategies, for example if a deceptive webpage could be designed that mirrors the department’s system and assessing the platform’s susceptibility to phishing and social engineering scams. We investigated the probable origins of malicious activity and also evaluated the robustness of the system by identifying errors in loading information that could potentially cause it to crash.
By rigorously checking the platform and services that host personal information and verifying identities across multiple external systems, risks of malicious exposure from anywhere in the world are now minimised.
A repurposed platform for the future
The platform was secured and delivered to our client in only 3 days — a process that typically takes over 3 weeks.
Based on the threats identified, a risk assessment was carried out; we recommended and helped implement security controls, including 24/7 monitoring with bespoke alerts. As a National Cyber Security Centre (NCSC) approved CHECK [1] company, we penetration tested our client’s IT systems to further identify potential vulnerabilities and validate that the controls implemented were performing as expected.
With these security controls in place, the department now has an online platform enabling people in vulnerable situations to achieve faster, simpler and more secure transactions of personal data, while also achieving the intended process outcome.
Designed for a complex environment and being both scalable and adaptable, the portal also has good capability for the future. Not only is it able to meet the high demands of data security as threats become more diverse, it can also manage higher request volumes for the future.
