Nearly every organization across industries, whether in the public or private sector, is trying to keep up with advances in technology and create modern systems that seamlessly provide services.
No where is this more true than at the United States Department of Veteran Affairs. There are nearly 22 million veterans in the U.S. and of those, about 11 million use the VA, whether it's benefits from the GI Bill or healthcare. The agency is also the largest healthcare provider in the country.
To better provide services access to veterans, the VA has been going through a technology modernization process, bringing its systems to bear for the digital age.
In May 2016, the VA awarded a contract to a team of technology providers led by Ad Hoc LLC to create Vets.gov. The VA wanted to create a single, self-service portal for the agency's existing services. By summer 2017, the VA will consolidate more than 500 public facing websites into a one portal. Not only is the new platform consolidated, it's user friendly, no longer complicated and unwieldy.
To make its consolidated platform work, the VA teamed with ID.me, an Identity as a Service company co-founded by U.S. veteran and CEO Blake Hall, to allow for the creation of veteran accounts that reach Level of Assurance 3. A standard set by NIST, LOA3 provides multi-factor authentication and allows those with proofed accounts to access more restricted or proprietary services that require a higher level of confidence in a person's identity.
"I don’t think we’re playing catch up with LOA3. LOA3 is a stretch even in the private sector right now."
VA Digital Service expert
In December, veterans will be able to create LOA3 accounts and access select services through Vets.gov. Though there will be only a few services at first, the agency will launch products iteratively, quickly adding services between December and summer 2017.
LOA3 is a big change for a department that has struggled with providing efficient services, with reports of extended wait times for veterans to see doctors. But the additional levels of identity verification puts the VA at the forefront of authentication standards.
"I don’t think we’re playing catch up with LOA3," said Kelly O’Connor, an expert with the VA Digital Service. "LOA3 is a stretch even in the private sector right now."
Just four providers are accredited in the U.S. that meet LOA3: Verizon Business, Symantec, ID.me and Athenahealth.
Since moving to the cloud on Veteran's Day 2015, the agency has had a better, higher-performing technology base that has allowed them to build more flexible and innovative services, which has served as the foundation for Vets.gov.
"The first thing is with the cloud is you have a modern technology platform. So, Vets.gov is just one of the projects our team does here, but it's not just a website, it's a whole platform. This enables us to build higher performing services with more availability and better performance," O'Connor said.
"Just plopping something in the cloud doesn't mean you can develop good products and it's Veteran focused and it's fast," she said. "The way the VA Digital Service works here, and I hate using the term agile, but we've reduced the release cycles from 90 days to 7 days. We'll go to daily in a few months. We're pennies on the dollar for what it would normally cost to developing government."
See Also: The shifting state of federal CIOs »
Making services more accessible
The effort to provide the technology so veterans can have a LOA3-proofed account is all about increasing access. In certain systems, it is important to validate who a veteran so the VA can look up their accounts across systems and interact on their behalf on Vets.gov, according to Robert Holmes, an expert with the VA Digital Service.
"What it means for the veteran is one logon, one password for all of the services provided by Vets.gov, which is a huge improvement to user experience," O'Connor said. No longer will veterans have to create multiple logins across the different sites they have to use to interact with the VA and receive services.
Under the current systems, veterans had to create a wide array of accounts to access specific services. My HealtheVet required certain credentials, while veterans might already have other credentialed accounts, such as DS Logon, when coming out of military service. But to access many services, veterans still had to go in person with documentation to validate their identity.
Following his service, when Hall had to get LOA3 several years ago, he had to go to an actual VA center to get his identity proofed. "If you think about it from an accessibility issue, it's annoying for me here in Washington, D.C. to the point where I didn't do it, but imagine if you live in a rural part of the country and you just don't have easy access to a physical VA center."
It’s all about trust
In recent years, with major data breaches frequently making headlines — from the 500 million breached accounts at Yahoo to the breach at the Office of Personnel Management — there are widespread concerns about privacy and identity security.
"Identity is not a sexy topic. It's infrastructure. If it's working right, you just don't notice it, which is awesome," Hall said.
Though some breaches can seem innocuous, a breach in the private sector, where the provider did not have secure-login standards and require multi-factor authentication could absolutely be used to access benefits in the public sector, according to Hall.
"Identity is not a sexy topic. It's infrastructure. If it's working right, you just don't notice it, which is awesome."
CEO and co-founder of ID.me
Because those breaches pose a threat to the security of personally identifiable information, there are increased concerns and standards for how agencies can handle data.
"If you are going to release W2s or prescription information from the VA, you want to be sure you're dealing with the appropriate person because the amount of PII could really bring harm to someone," Hall said.
Privacy and security are at the center of the VAs mission, so assuring identity and reaching high security standards is necessary, particularly when dealing with so much sensitive information.
Now, with the efforts to create Vets.gov and increase identity trust, the VA can serve as a case study for supplying services more securely and efficiently.
"As you might imagine, just moving from like legacy data centers to the cloud is a huge deal for the government and identity is just one of those things that kind of goes along with it," Hall said. "If you're moving to a more cloud-based posture for infrastructure, then Identity as a Service is one of those kind of critical functionalities that you need to account for when you're making that transition."