Civic News

For this Okta VP, a zero trust, secure digital government is possible — if identity tech is center stage

Dean Scontras, a Herndon-based VP of state, local and higher education at Okta, spoke to us about why identity tech is a crucial building block in digital infrastructure

The John A. Wilson Building, where the Council of the District of Columbia meets.

(Photo by Flickr user Wally Gobetz, used via a Creative Commons license)

In the digital world, there are endless possibilities and applications to boost digital infrastructure — a term not quite as limitless as tech, but still one with tremendous relevance and potential.

In the state and local govtech ecosystem, it’s shown up in a few different ways, including security and identity tech for those using government sites. When the Infrastructure Investment and Jobs Act was signed last year, according to Okta state and local VP Dean Scontras, it brought a lot of attention to zero trust and multifactor authentication models in government. Zero trust would require users in and outside of government to be continuously authenticated to ensure digital identity. This has obvious advantages for the protection of government employees and their data, but it also could keep going as digital infrastructure continues to matter.

For DC, the act offered $100 million over five years to boost broadband expansion. So far, district CTO Lindsey Parker said earlier this year that the money is earmarked for expanding the city’s district-owned network, as well as the creation of a Broadband and Digital Equity Office. But building digital infrastructure at a state and local level is a goal that involves a multitude of solutions and needs.

One idea that’s percolated in council and government department meetings over the past few years is the concept of sovereign citizen identity, Scontras said, which would give citizens a safe digital credential to log in to government sites.

“[Giving citizens] something that they own that they can ultimately use as a credential or social login, that’s a bit more futuristic,” Scontras told Technical.ly. “But I think everybody is trying to at least provide a path to that.”

For some, that might look like a singular digital identity solution that can go all the way from the state level to towns, cities and counties. But doing it well, he noted, is a topic constantly on everyone’s mind, and security is a crucial first step. While councils previously left topics like multifactor identification to the IT team, many are acutely aware of the role security has to play following the myriad highly-publicized large data breaches affecting government agencies.

Advertisement

In an ideal, somewhat far-off world, Scontras would like to see a mandate for a single identity that can be used across all towns, cities, counties and states — and even across state lines, similar to a driver’s license. But it’s something that needs airtight security, not only for the potential of a breach, but also to gain citizen trust in the tech.

This need was made apparent in an identity tech issue earlier this year, involving McLean, Virginia company ID.me. After negotiating a deal to provide a photo-based, multi-factor identity verification technology to the Internal Revenue Service (IRS) for tax filing, the company came under fire over concerns about privacy and bias in facial recognition software. Ultimately, the IRS decided to stop using ID.me for new accounts, and the House Oversight Committee launched an investigation into the company.

Avoiding this kind of discourse, in Scontras’ opinion, means starting with security when building digital identity tech for citizens. He does think there are ways to get there with existing technology, though it would need to come from multiple outside companies. And if it’s successful, there are some very valuable options, he said.

“If you peer around the corner in all the various use cases…even something like voting, that’s kind of the top of the mountain,” Scontras said. “Where you could truly be able to vote in a way that’s secure but allows everybody to participate in the process, I think that’s a really, really intriguing end game. And that should be the end game.”

In his work with state and local governments, Scontras said that while the end goal might be one, centralized digital identity for every citizen, it’s also important that each agency addresses its specific needs. Universally, he thinks citizen data and employee data need the strictest possible controls. Beyond that, he wants to see individual agencies making decisions about the digital solutions they want to provide.

In practice, this likely means as much customization as possible — be it in-house development or a choose-your-own-adventure with tools from a variety of third-party vendors. That also means that to create a safe and usable solution, third-party tech companies need to be building tools that are able to be integrated with other solutions and applications.

The end result, he thinks, is more than just avoiding lines at the DMV and a more seamless experience when working through a government website. For him, it’s about giving people more access to voting, government aid and other types of engagement through zero trust.

“It’s greater participation,” Scontras said. “There’s an equity piece of that where you get services to people who are or previously were disenfranchised or couldn’t get access to them. That’s important.”

-30-
Subscribe to our Newsletters
Technically Media
Connect with companies from the Technical.ly community
New call-to-action

Advertisement