SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
How government agencies can deliver secure digital services to citizens
Tue, 9th Nov 2021
FYI, this story is more than a year old

The uncertainty of the global pandemic has had an unexpected upside for New Zealand government agencies, with 83% of New Zealanders seeing their government as being generally trustworthy, a significant increase from 53% recorded 12 years ago in 2009.

This increase in trust provides much-needed momentum to government agencies looking to introduce new digital services. As government agencies embrace digital channels to deliver services to New Zealanders, cybersecurity must remain paramount to maintain trust.

For the government's digital services to be successful, citizens need to start using them. However, if people don't trust the organisation to protect their personal data from improper use or a breach, then they simply won't use digital services.

Trust is currently high, so government agencies need to capitalise on that to introduce digital programs. However, the risk of eroding that trust through poor information security is real, so it's essential to implement strong cybersecurity protections to avoid a negative outcome.

There are three key focus areas that government agencies should consider to secure digital services and maintain trust:

Cloud security

As the hybrid workforce continues to grow, employees can now log into any network with any device at any time. This has made identity the new security perimeter for remote working employees. Governments need to prove that all identities in the cloud will be protected.


All government departments are subject to regulations and compliance. Governments must ensure that their systems comply with all relevant rules and regulations, such as the New Zealand Privacy Act and, potentially, the Global General Data Protection Regulation (GDPR).

Zero trust

Zero trust forms an essential part of a safe and effective security strategy. Users should be open to verifying their trustworthiness at each step to secure open networks and protect governments from a potential data breach. Regardless of where the request originates or what resource it accesses, every access request should be fully authenticated, authorised, and encrypted before being granted.

The key to encouraging widespread use of digital services is to build on the momentum of trust. Consumer expectations have grown across every industry, and government agencies are no different. Even a seemingly minor data breach could be enough to significantly damage the trust people are currently placing in their governments.

Maintaining this trust is also more complex in this fast-moving landscape. In the past, major technology projects enjoyed the luxury of three-to-five-year execution timeframes. However, with the rapid digital growth experienced in 2021, projects are more likely to face a two-year maximum before they become irrelevant or are superseded by a new technology or solution.

This has changed the nature of digital services to become quicker, more agile, and focused on providing outcomes for citizens. Digital solutions will also help governments understand what kind of services benefit the most people, letting them focus resources on where they can be most valuable.

This collaborative and evolving methodology is all about innovating fast, failing early and without publicity, and delivering services that citizens want right now. By adding the right security into the mix, New Zealand government agencies can continue building trust and digitally provide effective services.