Identity security key to government efficiency and integrity

September 2025
M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30
« Aug		Oct »

Published on the 04/09/2025 | Written by Heather Wright

SailPoint NZ_Dickinson_Identity security

From access to action…

“Identity is absolutely fundamental to what most government agencies are trying to achieve today,” says Raymond Dickinson.

No surprise then that Dickinson, who is New Zealand country manager at SailPoint, says identity security is the ‘secret sauce’ of transformation for government, enabling secure, efficient citizen-centric services while reducing risk and complexity behind the scenes.

As agencies adapt to a world of closer collaboration between departments, hybrid workforces and an expanding network of third-party partners, the role of identity security and governance has never been more important.

“It mitigates the risk and prevents [staff] becoming a conduit for criminal activity”

“Here in New Zealand organisations are more worried about making sure no one can get through the front door, rather than actually understanding who has access to what inside the organisation,” he says. “That’s where identity governance comes in – it’s about controlling the inside as much as the outside.”

In practical terms, identity security can provide government agencies (and businesses) with seamless on- and off-boarding of staff, including contractors and third parties; and ensure the right access – and no more – is provisioned at the right time to improve productivity and reduce risk exposure through lingering or inappropriate access.

It’s also a driver for government operational efficiency, enabling self-service, and minimising the errors and support tickets which can often result from manual provisioning.

Dickinson says that when agencies automate these processes, onboarding times shorten, disruptions drop away, and resources can be used where they’re most needed across the organisation.

Automated policy enforcement supports regulatory compliance around legislation such as the Privacy Act and Public Records Act, as well as streamlining audit readiness with transparent access, logs and even attestation trails.

“Plus there are a lot of other things around segregation of duties, providing strong oversight of who can view or change sensitive information,” he adds.

A recent New Zealand Ministerial Advisory Group warned that transnational, serious and organised crime is increasing the threat for New Zealand, particularly where insiders exploit access to sensitive systems. Dickinson says weak access governance doesn’t just enable mistakes, it provides the foothold to cause real damage.

“Strong identity security and governance are essential to prevent insiders becoming conduits for criminal activities, which is what we have been seeing in New Zealand recently.”

Recent reports have highlighted how private sector employees in ports and airports have been compromised, with ‘rip-on, rip-off’ methods where trusted insiders are used to help retrieve concealed shipments before customs inspections.

“If these staff don’t have access to do these things, it mitigates the risk and prevents them becoming a conduit for criminal activity,” he says.

“Identity security ensures that only the right people have the right access to the right systems at the right time and this prevents breaches, data leaks and insider threats, and enforces least privilege and zero trust principles.”

Anomalies in user behaviour and access patterns can also be quickly detected.

Critically, Dickinson believes identity security has a major role to play in improving public trust in government services – an area where all governments are feeling the heat.

“If you’re getting it right when you’re on-boarding or off-boarding an employee, it has a massive flow on effect all the way through to public trust because citizens want to know their data is well protected.”

Identity security gaps

But New Zealand, he says, is behind its peers in many ways. He notes that Australia has long recognised identity governance as a core digital infrastructure, something that has been reflected in its strategic approach to national cyber resilience, public sector reform and digital trust.

“Here in New Zealand, we’ve been slower to adopt this mindset and it has left us with a bit of a gap in several areas, one of those being regulatory pressure – we just don’t have those controls in place here like they do in Australia,” he says alluding to the likes of Australia’s Essential Eight maturity model of mitigation strategies, recommended by the Australian Signals Directorate.

Budgeting and resourcing constraints are also hampering identity security among Kiwi government agencies, Dickinson says. Many don’t understand how critical identity platforms are to their entire organisation and, as such, they aren’t budgeting appropriately to implement this critical capability.

“In Australia, they have larger budgets and understand the criticality of identity security , so they are adopting the capability earlier than here in New Zealand.”

Dickinson points to New South Wales’ Department of Customer Service’s (DCS) transformation as an example New Zealand can learn from.

The NSW Government has committed to becoming the world’s ‘leading customer-centric government’ by 2030, with the DCS, which is responsible for delivering customer service, digital transformation and regulatory reform, at the vanguard for the transformation.

It is, Dickinson says, a great example of an agency which sees identity as a key part of digital transformation.

“They place identity security at the core of their service delivery. They’ve recognised that secure, seamless identity is essential to enabling digital services at scale and have invested in robust identity governance and access management as foundational infrastructure, not just as a security function.”

Rather than siloed systems, NSW has built shared platforms across the agencies, reducing costs, improving interoperability and creating consistent experiences. Cybersecurity and digital policies have been integrated and Dickinson says they measured success in trust and usage.

“The result has been higher citizen uptake for NSW, improved operational efficiency and increased public trust in the government services, which is a great outcome for any government agency.”

The automation and AI factor

Of course, we can’t not mention AI and automation.

Dickinson says they have a huge role to play in helping reduce identity related attacks while improving service delivery.

“At the end of the day an identity platform is all about automation and the key ones are removing human error and taking away manual activities across the organisation.”

Automation ensures processes are executed consistently and in real time, reducing the risk of forgotten accounts, over-provisioned access or delays in removing access.

Service delivery and user experience are enhanced with automated self-service access to requests and approvals, and can go further, automating many of the processes within an organisation.

“It is very wide reaching when you start looking at identity.”

AI and machine learning, meanwhile, can provide the information required to identify areas of excess access – something that would previously be done in spreadsheets, taking hours of data manipulation.

Putting identity security into practice

When it comes to getting an organisation to treat identity as foundational infrastructure, Dickinson has three key recommendations – and it starts with getting executive buy-in.

“This is going to be a transformation and a program of work that is going to take a number of years, so having executive support is important.”

It’s also a change that will impact many areas within the organisation, necessitating wide involvement. And, of course, there’s the funding element which makes executive support critical.

Establishing an identity governance framework to define the policies for life cycle management, role design, access reviews and certifications, is also important.

“Get those done and you’re heading in a good direction.”

Lastly, he urges organisations to ensure they have identity built into their broader security and information initiatives – and to build the frameworks early to ensure the right outcomes for the organisation.

“Identity governance isn’t a passing concern; it’s a permanent requirement. Cyber breaches are not going away, and delaying action only increases your organisation’s exposure. The earlier you begin this journey, the faster you’ll reach a secure, sustainable outcome. Waiting due to uncertainty doesn’t eliminate the challenge, it only heightens the risk for the organisation you’re entrusted to protect.”

SailPoint has recently released its Horizons of Identity Security 2025–2026 report. To explore the findings and see where your organisation stands, download the report here (note that your human-ness will be checked!).