recommended reading

Verizon becomes first firm to offer certified online ID protection

Verizon has become the first company certified to offer high-level online identity protection for federal personnel and visitors to dot-gov websites, officials at the telecommunications firm announced Monday morning.

With agencies under budgetary pressure to move services online and data breaches spiking, ID providers are vying to offer departments, as well as businesses, easy, affordable means of ensuring people are who they say they are online. Verizon officials said the win opens the door for potential contracts with the Internal Revenue Service and other agencies that require a high level of ID trustworthiness for transactions, such as filing taxes directly through IRS.gov.

Until now, companies, including Google and Equifax, met the federal government's criteria for offering websites only the lowest of four "levels of assurance" -- Level 1, which simply confirms a username and password. Level 3 assurance, which Verizon now carries, requires checking a second piece of identifying data, such as a smart card containing personal information and biometric fingerprints.

"We are the first and only identity provider that's been certified at Level 1, 2 and 3," Verizon's chief identity strategist Tracy Hulver said.

During the past year, a number of government officials have had their personal and professional email credentials held hostage by hackers with a grudge, most recently at the United Nations. Some security experts say a two-step ID validation process may have quashed an invasion by hacktivists of the U.N.'s mail server.

Outsourcing credentialing to trusted ID providers could further shield federal employees from identity theft, Hulver said. "It greatly reduces the likelihood that someone is trying to pose as you," he added.

Commercial IDs allow Internet users to log in with one set of credentials on many sites without having to register their Social Security numbers across the Internet -- an added privacy bonus, say some civil liberties advocates. Several prominent agencies, including the IRS and Veterans Affairs Department, have dismal track records in securing personal information in-house, according to government audits.

The White House recently issued a directive ordering all federal agencies launching or upgrading Level 1 dot-gov sites to offer citizens the option of opening accounts using their existing commercial credentials. For example, visitors on CPSC.gov would be able to register through their Gmail accounts to receive recall updates from the Consumer Product Safety Commission. The Oct. 6 memo stated that departments only have to offer the type of sophisticated ID verification that Verizon now supplies "where appropriate and as resources permit."

Equifax is applying to become a certified Level 2 and Level 3 provider for the government, according to officials at Anakam, Equifax's identity proofing unit. The Obama administration this spring released a plan for linking together all ID providers in an "identity ecosystem," akin to a credit card payment system for verifying online IDs. The main hang-up with the National Strategy for Trusted Identities in Cyberspace, is not the technology, but rather universal buy-in from Internet companies, governments, businesses and consumers, according to administration officials. Verizon executives said they are committed to moving forward on the endeavor with competitors, including Google, McAfee and others.

By subscribing to Verizon's Level 3 services, federal customers essentially would hand over ID management to the company, including the work of enrolling users' personal data, distributing logins securely to them, and verifying those credentials for each transaction, Verizon officials said. Agencies would have the option of buying physical tokens for users or one-time passwords sent to their cellphones. Currently, no vendors are certified to provide the strongest layer of protection, Level 4, which requires a user to prove his or her identity in person before obtaining credentials.

Hulver said the cost of Verizon's offerings vary based on the size of a department's user base. A small, 50,000-person agency could pay between $8 and $20 per user. A department as big as the IRS, with hundreds of millions of users, may be charged $1 per person because the more users, the lower the unit cost of providing the service.

Threatwatch Alert

Software vulnerability

Malware Has a New Hiding Place: Subtitles

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.