Office of Personnel Management (OPM) Chief Information Officer Guy Cavallo said today that his agency’s work with the General Services Administration’s (GSA) login.gov technology for authentication and identity verification pays off in OPM’s ongoing efforts to drive enterprise-wide technology improvements.
During a keynote hosted by FCW and focused on Identity, Credential, and Access Management (ICAM) topics, Cavallo explained that OPM provides multiple “touchpoints” of service for citizens and federal employees through sites such as USA Jobs and USA Performance. In line with the goal of improving customer experience, OPM wants to move away from requiring separate identities for different applications, he said.
“We’re moving to a one-size-fits-all approach so they don’t have a different identity with each different app,” he said. “So ideally we can make identity management across the federal government much easier.”
As part of this effort, OPM has partnered with GSA and “leans quite heavily on login.gov as a common enterprise approach to remote identities,” he said. “GSA designed this to be something you can connect to all agencies and all apps.”
“What we’re seeing are real benefits,” Cavallo said.
“On the staff side, my tech team works with a common solution, so when they add login.gov to one of our apps, it’s the same code, it’s the same approach, and it’s easier for my staff to take it over,” he said.
“It also allows us to see the big picture of the business, instead of treating each application as a silo,” he said.
He said the OPM uses login.gov for identity management of non-federal employees, and for current federal employees, it allows the use of a Personal Identity Verification (PIV) card, or login.gov also. “This has been very well received by feedback from our customers.”
Cavallo also explained improvements to identity management in the context of President Biden’s cybersecurity executive order issued last year. Among its many other provisions, he said the order means “you can’t treat identities as a silo outside of these other data encryption requirements and your supply chain and who goes into your applications and how share them better between the agencies”.
The OPM CIO placed particular emphasis on the need for an integrated approach to enterprise-wide improvement.
“A lesson I’ve learned over my long career is that at the executive level of an IT organization, you can’t treat each of these initiatives as a separate silo, they all impact each other. “, did he declare.
“Identity management should coexist with your zero trust strategy, which should coexist with your cloud strategy,” he said. “Doing these projects as separate projects with separate teams will only make things more difficult and significantly increase your costs.”
Elsewhere during his remarks, Cavallo pointed out that large chunks of the federal workforce would likely continue to work remotely even as the coronavirus pandemic settles into an endemic phase. He recalled that federal agencies used to have 90% of their employees working from fixed office locations before the pandemic, but the government very quickly switched to allowing remote work.
“I don’t think he’s going to go back to where he was,” he said. “I think what we’ve learned in this hybrid work world – I can tell you from my perspective – instead of just hiring people in the Washington DC area, or asking someone who is a great tech guy and lives… in Colorado or far west to move to DC and buy an expensive house and come work for us, now I’m able to hire these people and let them work where they He added, “It’s a different world from where we were.”