For more than a decade, millions of New Zealanders have used digital authentication and identity verification platform RealMe to access government services, from applying for student loans and allowances to accessing tax information and applying for a NZ Passport. But like many teenagers, RealMe was starting to feel a little insecure and unprepared for the fast-changing demands of modern life. To give it a stable future (and save taxpayers a large bill in the process), the Department of Internal Affairs (DIA), following a competitive procurement process, selected citizen identity management experts UNIFY Solutions to create a more secure, scalable and easy to use service built on Microsoft’s Azure public cloud platform. Now New Zealanders have world-leading access to the services they need, and their digital information is safe for many years to come.
With everything from shopping to work to international diplomacy going digital these days, it’s virtually impossible to get by without a digital identity. Governments are a big driver of this, leveraging modern digital identity capabilities to transform the way they are designing and delivering services to their citizens – anywhere, anytime.
Administered by the Department of Internal Affairs (DIA), the RealMe platform has been a game-changer for the public service and New Zealanders for more than a decade. People are able to use a single username and password (with second factor authentication where required) to access services. One login – access to 163 services (and counting). People can also apply for a RealMe verified identity that they can use to prove their identity when accessing a service for the first time. Getting a RealMe verified identity requires a person to apply online using either a passport, citizenship, birth or immigration record. Once this process is completed, DIA is able to issue a RealMe verified identity, something that underpins trust for all users of RealMe logins.
But 14 years is a long time in technology, and DIA realised its legacy systems weren’t going to be enough to enable the next generation of more personalised digital services. Maintaining RealMe’s on-premise systems and servers was also a large expense for the government. Improvements typically required a long, expensive custom build, and the supporting network’s infrastructure needed upgrading to meet modern security requirements, something that would cost many millions of dollars.
Officials had also noted the huge efficiencies and scalability provided by the rise of public cloud.
“Our legacy system was built over a number of years, but the cloud has grown massively since, with all the advantages of automatic security updates, access to innovation from around the world and greater privacy protections at much better cost,” says Tim Waldron, Business and Market Development Manager for RealMe.
“Ten years ago, DIA had to develop its own solutions, but there are so many new tools available off-the-shelf in the public cloud. Rather than being our own developers, we wanted to leverage the innovations being made by external solutions developers and act before some of our existing software products were no longer supported. Every year we didn’t make this move, we were falling behind. Instead, we wanted to be at the forefront of digital identity around the world. Extensive market scanning led us to select Microsoft’s Azure Active Directory B2C (Azure AD B2C) capabilities as being most suited to enabling this in an effective, economic, flexible and secure way.”
Designing for trust
But transferring 163 services across 56 public sector agencies to the cloud is – naturally – a task that takes skill and planning. And above all, trust.
“For citizens to have trust in the government, they’ve got to have confidence that certain things have been done correctly and their identities are protected. That means government agencies need to be able to trust not just the technology but also the providers of digital identity management services,” explains Russell Craig, National Technology Officer for Microsoft New Zealand.
Whatever solution was chosen, it had to provide maximum protection for more than five million customer records while also enabling the sort of flexibility and personalised service people now expect. If not managed well, the project could have resulted in data breaches, poor customer experiences, massive disruption to services and above all, loss of confidence in the government.
UNIFY Solutions understood this well. As a premier provider of identity management solutions to New Zealand’s public sector, it too runs on trust, being responsible for ensuring the most stringent requirements are met. This mindset made a big contribution to UNIFY being an ideal Microsoft partner for delivery of this mission critical project.
UNIFY’s global track record of managing Azure cloud services for public sector organisations including the Ministry of Education and New Zealand Police was instrumental in sealing the deal, backed up by strong support from Microsoft’s own product engineering teams. In December 2019, work began.
Migrating the team of five million
Phase one was mapping the RealMe interface into Azure, mirroring the same customer flows, from login to changing passwords and signing up for an identity – across all government services. Throughout the process, regular independent privacy assessments were carried out, so any issues such as managing administrator access, data logs and helpdesk provision were managed along the way. Via Azure AD B2C, which specialises in identity and access management, separate ‘privacy domains’ were also created to ensure customers’ interactions with one agency were not shared with the others, protecting their personal information and privacy.
“With Azure, a lot of that stuff is automatically taken care of. Azure met all of the requirements straight out of the box,” Waldron says.
To complicate matters, however, while different agencies were at different stages of cloud maturity, with a range of vendors providing their legacy services and helpdesks, all of them had to be integrated into a single Azure service managed by UNIFY. And all five million-plus customer records then had to migrate to the new platform in one go. Not only that, the new platform had to roll out quickly to avoid disrupting those same services, and also avoid creating any hassles for customers such as needing to reset their usernames.
“Effectively, we had to rebuild the whole of country system and migrate to the cloud without disrupting New Zealand citizens’ use of the RealMe login service. We technically integrated agencies, ensuring all security, privacy and due diligence requirements were managed to a high standard, whilst putting in new service management arrangements,” says Tony Temaru, Strategic Account Manager, UNIFY NZ.
Even a global pandemic couldn’t stop the UNIFY and DIA teams getting the newly cloud-based RealMe platform live in just 18 months – with the rollout all managed within 48 hours.
Reaching the promised land
“The RealMe cloud migration is the ultimate, tangible example of digital government. We’re lucky that when it comes to global digital identity specialists, UNIFY is a world-class organisation,” says Craig.
Temaru says the results are all about saving people time and effort. “The new RealMe is quick and easy for the public to use, highly scalable and always on, so it’s much more reliable and future-fit for decades to come.”
Waldron is full of praise for the new Azure platform, which has saved the DIA (and taxpayers) costs from day one and made adding updates and new capability a much faster process. With all kinds of off-the-shelf solutions available, DIA doesn’t have to do all the heavy lifting when it comes to design, and security updates are automatic.
For customers, their privacy and security is assured and self-service tools will continue to be enhanced. The flexible cloud platform also enables the DIA to explore even further options that provide New Zealanders with more personalised experiences such as choosing the authentication methods they prefer. For clients, integrating with RealMe is now quicker, easier and less expensive, with many agencies also moving to cloud solutions.
“With Azure, customers can choose the level of authentication they want, like Multi-Factor Authentication, unlike other solutions that prescribe this, and this is one of the ways we’re looking to evolve RealMe services in the future to meet customer needs,” Waldron says.
“As a small country, public cloud offers us a global platform and scale that we can all benefit from, and provide a better experience for our customers at the same time. It’s the promised land.”