OMB consolidates e-authentication

Technology vendors and systems integrators are applauding the Bush administration's new plan for buying authentication products and services governmentwide.

"It really does give the government an opportunity to save money, and it lets outside companies such as Verisign do what they do best, and lets the government focus on what it does best," said Barry Leffew, vice president of Verisign Inc.'s public-sector business. The Mountain View, Calif., firm sells managed authentication and identity management products.

The Office of Management and Budget said July 3 that agency investments in credentials and public key infrastructure services would be consolidated, with shared-service providers picked by Sept. 30. Agencies would move to those providers in fiscal 2004 and 2005.

OMB also asked agencies to refrain, where possible, from buying new authentication and identity management technologies, such as smart cards and digital certificates, while it develops a plan for making governmentwide acquisitions of those technologies.

"There will be no new funding in [fiscal 2006] for authentication or identity management investments not related to the selected shared-service providers," said Mark Forman, OMB administrator of e-government and information technology, in a memo sent to chief information officers of departments and agencies.

The federal government will spend more than $160 million in fiscal 2003 and 2004 on potentially inconsistent or agency-unique authentication and identity management infrastructure, Forman said.

Consolidating investments and buying governmentwide will save money and improve processes for authentication and identity management, he said.

Verisign hopes to be one of the service providers chosen by the government. "We fully expect to do whatever it takes to meet their requirements," Leffew said.

The company provides its managed service to agencies including the Interior Department's Bureau of Land Management, the Centers for Disease Control and Prevention and the Defense Department. Its service can cost $50,000 to $1 million annually, Leffew said.

The service allows agencies to control access to intranets and extranets, authenticate senders and recipients in exchanges over the Internet and attach legally enforceable digital signatures to electronic forms.

IT industry experts greeted the July 3 OMB memo about the enterprisewide authentication technology initiative with more enthusiasm than OMB's June 2 memo outlining plans for government- wide licensing of commodity-type software, such as anti-virus and office automation software.

The SmartBuy program for commodity software is broad, covering many types of software, while the authentication initiative is narrowly focused, giving it a greater chance of success, said Steve Charles, executive vice president of McLean, Va.-based immixGroup Inc., a consulting firm that helps technology companies do business in the public sector.

"The e-authentication initiative has a better chance of showing results more quickly. In the near term, OMB is saying 'Stop buying' until we set some standards," Charles said. Agencies will realize that if they buy before standards are set, they will have wasted their money, because the technology won't interoperate, he said.

Gordon Hannah of systems integrator BearingPoint Inc. said the initiative is good for integrators. The company's authentication work includes three Defense Department contracts, under which it has demonstrated the integration of biometrics with smart card technologies.

"It is lending a lot of credibility to these technologies," said Hannah, senior manager in the McLean, Va., company's federal services practice. "At first, a lot of companies were investing in PKI, but not a lot of people adopted it readily. Now, people are realizing there is great use for this type of technology."

Contract requirements are being developed. The acquisitions should begin in October, an OMB official said.

OMB intends to provide agencies with many options for purchasing the technologies, such as expanding contracts or purchasing through General Services Administration schedules or the SmartBuy program, the official said. Plans likely will be discussed with industry in August. OMB should proceed with caution, however, observers said, because agencies will have different authentication requirements, and because buying government- wide could become too burdensome if not well-managed.

"The question is do they want to procure technology that is optimized to meet their [agency] requirements, or do they buy something that meets everybody's requirements and may not solve a specific business problem," Hannah said. "The agencies in the Department of Homeland Security might have similar requirements and could procure together, but I'm not sure you could easily make the extension that all agencies should buy the same technology."

Floyd Groce, co-chair of the Defense Department's Enterprise Software Initiative, said enterprisewide buying requires a lot of collaboration and communication, as well as awareness that each party involved -- contractors, resellers, government buyers and government users -- must benefit from the deal.

Since 1998, ESI has negotiated agreements with 24 software publishers and avoided spending more than $1 billion on software, said Groce, who works in the Navy's Office of the Chief Information Officer.

"We think we are buying more efficiently," he said. "We are leveraging our ability to combine some of the smaller buying that was going on. With the knowledge of who is buying, when the licenses are no longer required by a particular organization, we can transfer those licenses to another organization."

Chip Mather, co-founder of Acquisition Solutions Inc. in Oakton, Va., said he's not sure true governmentwide buys are the way to go. His company consults with government agencies on contracting practices.

"I certainly applaud the aggregation of requirements, standardization and negotiation of most favorable pricing. My only question is at what level is that appropriate. At some point, the additional quantity fails to achieve meaningful discounts and adds significant complexity to managing the license," Mather said.

Still, technology providers with significant government experience, as well as new players, said they'll benefit from the governmentwide initiative.

Jeff Minushkin, chairman and chief executive officer of Priva Technologies Inc., said the delay in purchasing would give the Arlington, Va., company time to get its solution in front of government decision-makers.

"It's in our best interest to have somewhat of a delay as we allow time for awareness for our product. It gives us time to meet with folks like Mark [Forman]," Minushkin said.

Last month, the company rolled out what it calls the world's first four-factor authentication solution, which allows disparate groups to merge identification, validation and transaction verification into a cross-product platform.

"You can take one platform and allow it to transfer its capabilities from physical control to network access control to computers to cell phones to PDAs," Minushkin said.

Dan Burton, vice president of government affairs for Entrust Inc., Addison, Texas, said OMB's effort to get consistency in authentication technologies across government will be "a net positive" for firms such as his. Half of the company's sales are to government agencies around the world.

"For companies that are already well established in this space, I think there will be lots of overlap between what's working successfully and what the new e-authentication framework is," Burton said. "Hopefully it will result not only in more volume sales for industry, but also in more interoperability across federal departments and more savings and efficiency for government."

Staff Writer Gail Repsher Emery can be reached at gemery@postnewsweektech.com.