Officials from the Justice Department (DoJ) and Government Accountability Office (GAO) this week rated the chances of government organizations moving to single identity credentials, and what further steps need to be taken to get there.
Jennifer Franks, director of the Information Technology and Cybersecurity Team at GAO, talked about the likelihood of moving to a single credential during a panel discussion at the Okta City Tour and Gov Identity Summit on June 13.
“It’s possible, I like to say ‘never say never,’” said Franks. “I do think it’s possible as we move forward with creating global passes, for example, of ways to institutionalize our resources, our systems, our services, to creating like a one-stop shop for how it is we integrate and create interoperable systems to utilize our services,” she continued.
One of the main obstacles to implementing single identity credentials, Franks said, is protecting personal data, Franks said.
“Protecting someone’s personally identifiable information will have to be first and foremost something that is protected,” she said. “If we’re holding everyone’s data, we want to make sure that we’re protecting their data – especially if it’s all in one repository, because as we know threats to our environment are always increasing.”
During the same panel discussion, Jaime Lynn Noble, director of IT Security and chief information security officer (CISO) in the Office of Justice Programs at DoJ, talked about how her department has been taking steps to further a single identity system through the use of interoperability between different systems.
“There is a lot of interoperability between our systems, and it’s allowed all of our components to do business with each other,” she said. “We’ve federated identities with the rest of the Department of Justice, obviously with identities within our own organization.”
To move the solution closer to adoption, Franks said IT and security officials need to continue to “read some of the Federal guidance out there … that really helps us to kind of form and accomplish some goals around identity management and some of the solutions in accomplishing that.”