Last week our country voted to keep a president and change our congress… and not a single shot was fired in anger to do it. I’ve been enthralled by the seamlessness of this process since a very young age.
By 9 years old, I was already pouring over Collier’s Encyclopedia (my family owned a set), volume 19, and finding myself totally engrossed in the voting results of the presidential elections in U.S. History. As further testimony to my election “geekness,” I even owned a board game called “Landslide” where you bid for the electoral votes of each state to win the presidency… and from that game I used to know the Electoral College totals for all 50 states.
As I look back on this, I realize that what never seemed to come up when I was young, however, was the issue of voter identification. It seemed we were a much more trusting nation back then and our communities were closer, so the people at the poles generally knew most if not all the people who came in to vote.
Completely unheard of was the issue of cyber security around voting. Obviously the lack of Internet in my youth precluded such matters, but even as the Internet has become available over the last 15 years issues of cost, privacy and identity and access management have not been big news because nobody has proposed a legitimate plan for online voting.
But technology has advanced considerably and today we are a nation on the cusp of moving toward online voting as an option. We’ve already seen a small measure of it following the destruction wrought by Hurricane Sandy; some Eastern states actually allowed people to cast their votes by electronic means — by fax and email — just to ensure they were able to vote.
This was an emergency measure and concerns about group management and user provisioning management had to be set aside in the interest of voter inclusion. But if online voting is to move forward, what measures should we be looking at to ensure everyone gets to vote and there is only one vote for every person?
Borrowing from the modern business model I pledge we cast our ballot for the following steps that need to be considered to ensure the access certification, compliance management and governance needed for both inclusion and security of online voting:
- Data-Driven Voter Lists: municipalities will need to think about how their voter lists are populated and ensure voters receive appropriate access to applications or email distribution lists based on their locations and party affiliations
- Automation of Voter Rolls: keeping the list of voters current will require automatic group management by connecting it with critical, authoritative data such as address information from assessors’ offices, the registrars of deeds or other departments of vital records; this way by applying rule based group management, when people move, their voter access can be automatically switched to their new voting location or when people die, they can be removed from the voter list
- Voter Scheduling: just like we do now, voting would still need to be confined to specific periods of time; automating access to actual voting during only X days before an election will add a layer of access governance and eliminate risk of votes being cast too early or, even more important, after polls have closed
- Voter Alerts: municipalities will need to take a strategic and automated approach to protected, trusted and compliant group management by establishing a system of automated alerts that continuously monitor voter integrity and detect potential cyber security threats as they happen
- Continually Test the Validity of the List: view identity matches from the target and source including missing, removed, and new voters
With these cyber security measures in place, online voting could represent the next popular trend in voting.
With Compliance Auditor, identity and access governance audits are simple to conduct and make part of your continuous improvement operations.
Learn the top 10 Access Governance Best Practices for successful implementations from experts. Sidestep the challenges that can derail GRC software and compliance management projects.