Presented by Ping Identity & Carahsoft
As state and local governments modernize, the goal is increasingly clear: citizens should be able to access services through seamless digital experiences that feel intuitive, consistent, and fast. But as those services move online and agencies work to reduce friction, one reality becomes impossible to ignore. Governments cannot cut corners on cybersecurity.
Ames Fowler, Manager of Sales Engineering for State, Local and Education at Ping Identity, argues that the path forward depends on a strategic approach to digital identity. In his view, identity is not simply a login system or a security requirement. Identity is the foundation that connects citizen services across agencies, reduces duplication, and enables government to deliver digital experiences that feel modern without sacrificing trust.
Fowler describes a truly citizen-centric journey as one that honors the citizen’s time and protects their identity at every step. He emphasizes that government should not expect citizens to tolerate a lower-quality experience than what they receive in the commercial world. Whether someone is interacting with a state workforce system, a licensing office, a benefits portal, or an education service, the experience should feel consistent and respectful of the user.
That begins with trust.
In the current environment, trust is not a one-time event. Fowler explains that governments must build verified trust in an era of sophisticated threats, including AI-enabled fraud, deepfakes, and bots. It’s not enough to validate identity once and assume the user remains trustworthy throughout the interaction. Instead, identity must be continuously managed across the session, ensuring the digital identity corresponds to a real, verified human being — especially when high-assurance services are involved.
government, it’s tempting to treat every service interaction as high risk and require a full authentication process at every step. But Fowler argues that excessive friction can be just as damaging as weak security. In the workplace, too much friction is frustrating. In citizen services, it can become a barrier that prevents people from accessing what they need — especially when they are under stress, dealing with emergencies, or navigating complex personal circumstances.
A citizen-centric identity strategy, Fowler explains, is built on contextual security. Government should request only the information necessary for the task at hand, and elevate security only when digital risk is present. Where anonymous access is adequate, login should not be required. When a user is simply accessing broad resources, reading information, or reviewing public guidance, forcing them to create an account or authenticate can create unnecessary barriers.
But when risk increases — for example, when a citizen is accessing personal records, submitting sensitive data, updating account details, or performing financial transactions — security must rise accordingly. Fowler describes the importance of applying the right level of friction based on the situation, the service, and the risk profile.
The key is making security feel invisible.
Fowler describes modern identity technology as capable of delivering “invisible security,” where friction is minimized and the user is not burdened with repeated authentication steps. This approach allows governments to maintain strong protection while still delivering a smooth experience.
To build this kind of system, Fowler outlines several foundational building blocks.
The first is a centralized identity directory. This provides a single pane of glass for citizens to manage their digital identities and preferences, while giving agencies a unified view of the access that is allowed. Depending on the environment, this may involve migrating a master user record, or consolidating multiple agency records into a central directory. Either way, the goal is the same: one citizen, one identity, not multiple siloed identities across government.
The second is citizen access orchestration tools. Orchestration enables flexible and secure deployment of the citizen journey. It allows real-time adaptation based on use case, application risk, and user behavior. This is how governments can provide the best possible experience while maintaining security standards.
The third is progressive profiling. Fowler explains that governments should allow users to share information only when it becomes material to the task at hand. Rather than demanding extensive personal data upfront, progressive profiling builds the identity relationship gradually, reducing friction and increasing user comfort.
The fourth is risk and fraud capabilities. These tools inform the orchestrated citizen journey, ensuring security remains uncompromised even as friction stays low. In an era of AI-enabled fraud and sophisticated automated attacks, risk intelligence becomes essential.
Finally, Fowler highlights identity verification as a core component of verified trust. When high assurance is required, governments must validate that the digital identity is the human user. That verification must support continuous trust throughout the interaction.
From there, Fowler returns to the idea of identity as the common thread across citizen services. He explains that identity is not “glue” so much as it is the platform that connects services across agencies. Every service management system is designed to track events and processes — and those events and processes are tied to a common identity, regardless of agency mission.
That means citizen services should rely on a central source of truth.
Fowler outlines practical integration approaches: consolidating directories, enabling pre-registration for automation or in-person validation, implementing mature API security so services can gain scoped access appropriate to the authorization needed at the time, and using identity verification to provide delegated access on behalf of the citizen.
He also emphasizes the importance of offering a broad set of modern and accessible validation options. Some are familiar, such as multi-factor authentication. Others are emerging, including zero-trust biometrics.
Fowler argues that biometrics may represent the best balance of speed and security for many high-risk services. Biometrics can deliver strong identity assurance quickly, without requiring the citizen to remember passwords or navigate complicated authentication workflows.
But Fowler is careful to note that modern government services must be designed for modern communities — and not every citizen has the same access, tools, or comfort level.
He describes digital equity as one of the defining challenges of modern service design. Citizens use different devices. Some access services on desktop computers, others on mobile devices. Language needs vary. Broadband access is not uniform. Some citizens experience intermittent connectivity. Others may not have traditional documentation. Some may not have an email address. Some may not have a smartphone, or may not be able to afford one.
Fowler references research identifying intersecting factors that affect digital access: inherent factors like age, disability, or health; situational factors like economic conditions and device availability; and pathologic or interpersonal factors such as mistrust, bias, or discomfort with face-to-face encounters.
In this context, Fowler argues that identity systems must adapt. The solution lies in orchestration and tailored journeys — designing flexible identity validation pathways that meet citizens where they are.
For some, modern options like biometrics and digital credentials will work well. For others, those options may not be feasible. Digital credentials, for example, often require a smartphone or another device capable of storing the credential. That doesn’t work for everyone.
This is where Fowler introduces the idea of trusted delegation. For citizens who cannot validate identity through modern digital tools, government must have the ability to delegate identity validation to a trusted source. That trusted source could be a relative, a caregiver, or a state employee — someone who can help bridge the gap for citizens who would otherwise be left behind.
Fowler closes by emphasizing scalability and leadership.
Scaling identity across government can seem daunting, but Fowler says it begins with a simple recognition: identity needs to be centralized because government is serving the same person across multiple agencies. Siloed identities don’t make sense to citizens, and they create repeated friction. Citizens don’t want to answer the same questions repeatedly. They don’t want to retell their story every time they transfer services from one agency to another.
The goal is uniform service.
To get there, Fowler argues that digital identity management must be treated as a program, not a project. Governments should start small, but build with the expectation that identity services will proliferate. Agencies will need to cooperate, and leadership must drive the effort. The C-suite must be involved, just as the commercial world increasingly treats identity as a strategic executive responsibility.
For governments seeking seamless, secure, citizen-centric digital services, Fowler’s message is clear: identity is not a feature. It is the foundation.