Civic News
Digital access / Federal government / Technology

For this Okta VP, a zero trust, secure digital government is possible — if identity tech is center stage

Dean Scontras, a Herndon-based VP of state, local and higher education at Okta, spoke to us about why identity tech is a crucial building block in digital infrastructure

The John A. Wilson Building, where the Council of the District of Columbia meets. (Flickr/Wally Gobetz)

This editorial article is a part of Digital Infrastructure Month of Technical.ly's 2022 editorial calendar. This month’s theme is underwritten by Verizon 5G. This story was independently reported and not reviewed by Verizon before publication.

In the digital world, there are endless possibilities and applications to boost digital infrastructure — a term not quite as limitless as tech, but still one with tremendous relevance and potential.

In the state and local govtech ecosystem, it’s shown up in a few different ways, including security and identity tech for those using government sites. When the Infrastructure Investment and Jobs Act was signed last year, according to Okta state and local VP Dean Scontras, it brought a lot of attention to zero trust and multifactor authentication models in government. Zero trust would require users in and outside of government to be continuously authenticated to ensure digital identity. This has obvious advantages for the protection of government employees and their data, but it also could keep going as digital infrastructure continues to matter.

For DC, the act offered $100 million over five years to boost broadband expansion. So far, district CTO Lindsey Parker said earlier this year that the money is earmarked for expanding the city’s district-owned network, as well as the creation of a Broadband and Digital Equity Office. But building digital infrastructure at a state and local level is a goal that involves a multitude of solutions and needs.

One idea that’s percolated in council and government department meetings over the past few years is the concept of sovereign citizen identity, Scontras said, which would give citizens a safe digital credential to log in to government sites.

“[Giving citizens] something that they own that they can ultimately use as a credential or social login, that’s a bit more futuristic,” Scontras told Technical.ly. “But I think everybody is trying to at least provide a path to that.”

For some, that might look like a singular digital identity solution that can go all the way from the state level to towns, cities and counties. But doing it well, he noted, is a topic constantly on everyone’s mind, and security is a crucial first step. While councils previously left topics like multifactor identification to the IT team, many are acutely aware of the role security has to play following the myriad highly-publicized large data breaches affecting government agencies.

In an ideal, somewhat far-off world, Scontras would like to see a mandate for a single identity that can be used across all towns, cities, counties and states — and even across state lines, similar to a driver’s license. But it’s something that needs airtight security, not only for the potential of a breach, but also to gain citizen trust in the tech.

This need was made apparent in an identity tech issue earlier this year, involving McLean, Virginia company ID.me. After negotiating a deal to provide a photo-based, multi-factor identity verification technology to the Internal Revenue Service (IRS) for tax filing, the company came under fire over concerns about privacy and bias in facial recognition software. Ultimately, the IRS decided to stop using ID.me for new accounts, and the House Oversight Committee launched an investigation into the company.

Avoiding this kind of discourse, in Scontras’ opinion, means starting with security when building digital identity tech for citizens. He does think there are ways to get there with existing technology, though it would need to come from multiple outside companies. And if it’s successful, there are some very valuable options, he said.

“If you peer around the corner in all the various use cases…even something like voting, that’s kind of the top of the mountain,” Scontras said. “Where you could truly be able to vote in a way that’s secure but allows everybody to participate in the process, I think that’s a really, really intriguing end game. And that should be the end game.”

In his work with state and local governments, Scontras said that while the end goal might be one, centralized digital identity for every citizen, it’s also important that each agency addresses its specific needs. Universally, he thinks citizen data and employee data need the strictest possible controls. Beyond that, he wants to see individual agencies making decisions about the digital solutions they want to provide.

In practice, this likely means as much customization as possible — be it in-house development or a choose-your-own-adventure with tools from a variety of third-party vendors. That also means that to create a safe and usable solution, third-party tech companies need to be building tools that are able to be integrated with other solutions and applications.

The end result, he thinks, is more than just avoiding lines at the DMV and a more seamless experience when working through a government website. For him, it’s about giving people more access to voting, government aid and other types of engagement through zero trust.

“It’s greater participation,” Scontras said. “There’s an equity piece of that where you get services to people who are or previously were disenfranchised or couldn’t get access to them. That’s important.”

Series: Digital Infrastructure Month 2022
Engagement

Join the conversation!

Find news, events, jobs and people who share your interests on Technical.ly's open community Slack

Trending

How venture capital is changing, and why it matters

What company leaders need to know about the CTA and required reporting

Why the DOJ chose New Jersey for the Apple antitrust lawsuit

DC daily roundup: Dcode Capital's $19M; tech for sports events; the Key Bridge disaster

Technically Media