1 00:00:09,700 --> 00:00:13,000 You're listening to the identity of the center podcast, this is 2 00:00:13,000 --> 00:00:15,600 the show that talks about identity and access management 3 00:00:15,700 --> 00:00:18,600 and making sure you know who has access to what let's get 4 00:00:18,600 --> 00:00:27,000 started. Welcome to the identity of the 5 00:00:27,000 --> 00:00:28,800 sender podcast I'm Jeff and that's Jim. 6 00:00:28,800 --> 00:00:32,900 Hey Jim hey, Jeff, how are you? That's a bad yourself good? 7 00:00:32,900 --> 00:00:37,300 Yeah I see whatever we start the podcast just for people who are 8 00:00:37,300 --> 00:00:39,600 listening on audio which I guess is everybody. 9 00:00:39,900 --> 00:00:42,100 We have video going. What, what else would you be 10 00:00:42,100 --> 00:00:43,300 listening to us? Not audio. 11 00:00:43,600 --> 00:00:45,700 That's true screens. That's true. 12 00:00:45,700 --> 00:00:48,000 And we but we can see each other. 13 00:00:48,200 --> 00:00:50,300 Yeah. And I always crack a smile. 14 00:00:50,300 --> 00:00:53,600 And then you crack a smile because, you know, I'm going to 15 00:00:53,600 --> 00:00:56,400 get into some Thing and you just don't know what it's going to 16 00:00:56,400 --> 00:00:58,100 be. But pretty sure this is the 17 00:00:58,100 --> 00:01:00,800 Jeffrey act section where I have no idea what Jim is going to 18 00:01:00,800 --> 00:01:02,700 say. So for you, for those listening, 19 00:01:03,000 --> 00:01:05,099 you know, answer to the show and then I say, hi. 20 00:01:05,099 --> 00:01:06,800 Jim. And then Jim comes at me with 21 00:01:06,800 --> 00:01:09,300 something that I have no preparation whatsoever. 22 00:01:09,400 --> 00:01:11,000 So, this is all thinking on my feet. 23 00:01:11,600 --> 00:01:13,700 Yeah. Well this is this was easy 24 00:01:13,700 --> 00:01:16,000 because I'm going to base it on real life. 25 00:01:16,000 --> 00:01:20,300 Experience of I want to talk about the Gartner, I am Summit 26 00:01:20,300 --> 00:01:24,200 that were scheduled to go to. What is that? 27 00:01:24,300 --> 00:01:30,700 The 22nd through the 24th, fourth day for website and so 28 00:01:31,300 --> 00:01:35,400 we've got a recording spot. We're going to set up some 29 00:01:36,300 --> 00:01:39,900 podcast recording. So starting to invite people. 30 00:01:39,900 --> 00:01:44,700 And I'm letting people know that they need to schedule time to 31 00:01:44,700 --> 00:01:48,300 get from wherever they are to the time of the recording 32 00:01:48,300 --> 00:01:54,200 because Caesars might be the biggest maze on the planet. 33 00:01:54,700 --> 00:01:58,400 Me getting that point. A to point B is pretty difficult 34 00:01:58,400 --> 00:02:00,300 at times. Usually you figure it out by 35 00:02:00,300 --> 00:02:03,500 Wednesday and is just in time to leave. 36 00:02:04,000 --> 00:02:05,800 Yeah yeah. It's a big spot. 37 00:02:05,800 --> 00:02:09,100 I mean I think you if Gartner is where it usually is and I don't 38 00:02:09,100 --> 00:02:11,600 know name of the spot but it's kind of like it's got a view 39 00:02:11,700 --> 00:02:15,500 overlooking like the the pools or whatever it may be, the rooms 40 00:02:15,500 --> 00:02:19,300 could be half an hour away and you and I and courtesy of our 41 00:02:19,300 --> 00:02:22,800 friends at RSM, have a suite that we have booked that will be 42 00:02:22,800 --> 00:02:24,400 sort of like our recording home base. 43 00:02:25,000 --> 00:02:28,000 I have put in a request to make it as convenient as possible. 44 00:02:28,100 --> 00:02:29,800 I know there's a bank of elevators, I got to go kind of 45 00:02:29,800 --> 00:02:32,800 go up and down from where the gardener areas, but I have no 46 00:02:32,800 --> 00:02:35,100 idea if that request will be honored or if it's even 47 00:02:35,100 --> 00:02:38,700 available, so we'll see. But yes, if you are planning on 48 00:02:38,700 --> 00:02:41,500 being on the show or even just want to watch a show, get 49 00:02:41,500 --> 00:02:45,200 recorded and you know, reach out to Jim and I and Linkedin and 50 00:02:45,200 --> 00:02:47,600 just kind of account for time. I know we're kind of booking 51 00:02:47,600 --> 00:02:50,500 things out right now and working through schedule but it'd be 52 00:02:50,508 --> 00:02:52,700 kind of cool it'll be the first time Jim and I are actually at a 53 00:02:52,708 --> 00:02:56,600 conference together since As I'll never let him live it down. 54 00:02:56,600 --> 00:02:59,000 He ditched me for aesthetic 8 last year with the phyto 55 00:02:59,000 --> 00:03:03,000 conference but be get an opportunity to fist bump, you 56 00:03:03,000 --> 00:03:05,500 know, shake hands. Whatever the greeting du jour is 57 00:03:05,500 --> 00:03:09,200 for the day and then if you want to watch or be part of a show, 58 00:03:09,200 --> 00:03:11,300 you know let us know. Be happy to try and figure out 59 00:03:11,300 --> 00:03:15,100 how we can accommodate that Jeff have a pro tip for getting an 60 00:03:15,100 --> 00:03:19,000 upgrade of room or whatever your request is pictures of benzene 61 00:03:19,000 --> 00:03:23,800 dollar bill on palming it to the second trailer goes you know to 62 00:03:23,800 --> 00:03:29,300 talk about That's not going to get you quite as far as Benjamin 63 00:03:29,300 --> 00:03:34,300 Franklin will, and it gets an extra towel if you want to. 64 00:03:34,500 --> 00:03:38,100 If you want to feather free room, I think you're in luck 65 00:03:38,100 --> 00:03:39,900 with the Choi dollar bill. Yeah. 66 00:03:40,100 --> 00:03:42,600 Do you have a, do you have an actual tip or you going with the 67 00:03:42,700 --> 00:03:45,000 palm the cash Tibbits? It's money. 68 00:03:45,000 --> 00:03:48,000 Yeah, I saw your phony talks and the other stuff. 69 00:03:48,000 --> 00:03:52,700 Better be doing the walking. Yeah, everyone will be doing the 70 00:03:52,700 --> 00:03:54,900 walking. That's what Vegas is as Well, 71 00:03:56,400 --> 00:03:58,900 anything else or should we get into our topic? 72 00:03:59,000 --> 00:04:01,300 Let's get into it, man. We've got a lot of a lot of 73 00:04:01,300 --> 00:04:03,200 ground to cover here. And no kidding. 74 00:04:03,200 --> 00:04:05,800 We're going to talk about identity and access management, 75 00:04:06,300 --> 00:04:09,400 really focusing on the state and local government sector and to 76 00:04:09,400 --> 00:04:11,700 help with that conversation. We've got our new friend, Robert 77 00:04:11,700 --> 00:04:13,800 Snodgrass. He's a director in the security 78 00:04:13,800 --> 00:04:17,200 practice here with us at our SM, welcome to the show Robert. 79 00:04:17,800 --> 00:04:19,200 Yep. Happy to be here. 80 00:04:19,800 --> 00:04:22,000 Longtime listener. First-time caller. 81 00:04:22,000 --> 00:04:24,400 So thanks for having me on if I was Brave. 82 00:04:24,500 --> 00:04:27,100 Use my soundboard to do some kind of wacky sound effect, but 83 00:04:27,400 --> 00:04:29,500 just imagine in your head if you're listening to right now, 84 00:04:30,300 --> 00:04:32,700 it is very cool, it's been great to kind of get to know your last 85 00:04:32,700 --> 00:04:35,500 couple of months since we've kind of both been on boarded and 86 00:04:35,500 --> 00:04:37,300 working through a lot of projects. 87 00:04:37,700 --> 00:04:39,800 You've got a ton of experience in this space. 88 00:04:40,700 --> 00:04:43,000 One of the things that we like to do when we have a new guest 89 00:04:43,000 --> 00:04:45,300 on the show though is kind of learn about their origin story 90 00:04:45,700 --> 00:04:48,000 and really kind of find out, you know, how did you get into 91 00:04:48,000 --> 00:04:49,700 either Identity or sort of infosec? 92 00:04:49,700 --> 00:04:52,900 Is it something that you chose to or did it choose? 93 00:04:52,900 --> 00:04:56,000 You can kind of walk us through. How you got to where you are 94 00:04:56,000 --> 00:04:57,700 right now? Sure. 95 00:04:57,700 --> 00:05:02,100 So I've spent my entire career in cyber security Consulting and 96 00:05:02,100 --> 00:05:05,300 my path to Identity, probably like a lot of people was a bit 97 00:05:05,400 --> 00:05:07,700 of a zigzag. I actually initially started my 98 00:05:07,700 --> 00:05:10,600 career working in a big for focused on actually your p 99 00:05:10,600 --> 00:05:15,700 implementations and as part of that gained a bit of notoriety, 100 00:05:15,700 --> 00:05:19,000 I call it some good and some bad as it related to dealing with 101 00:05:19,000 --> 00:05:22,300 distressed projects and helping to bring those projects back on 102 00:05:22,300 --> 00:05:24,300 track. So my focus. 103 00:05:24,700 --> 00:05:28,700 Is really around cybersecurity solution delivery. 104 00:05:29,200 --> 00:05:33,700 And as part of that path, it led me into both state government as 105 00:05:33,700 --> 00:05:36,600 well as specifically the identity sector and through 106 00:05:36,600 --> 00:05:38,600 that. I've had a great opportunity to 107 00:05:38,700 --> 00:05:41,200 take my experience, which initially started in financial 108 00:05:41,200 --> 00:05:43,900 services and particularly Fortune, 100 Banking. 109 00:05:44,400 --> 00:05:45,900 And I've had an opportunity to work with. 110 00:05:45,900 --> 00:05:49,900 Now, seven different state governments on various Cyber 111 00:05:49,900 --> 00:05:53,500 Solutions, including digital identity over the last 10 years. 112 00:05:54,600 --> 00:05:56,300 Different government. That's pretty good in 10 years. 113 00:05:56,300 --> 00:05:58,100 That's a that's a that's an excellent track record. 114 00:05:58,100 --> 00:06:01,900 I guess. You know, I will I'm going to 115 00:06:01,900 --> 00:06:04,400 shamelessly, plug your organizational skills because 116 00:06:04,400 --> 00:06:06,700 you are one of the most organized people. 117 00:06:06,700 --> 00:06:11,500 I think that I've ever met Sol most people call that OCD almost 118 00:06:11,500 --> 00:06:15,400 frighteningly. So I think that's that's quite a 119 00:06:15,407 --> 00:06:17,900 compliment coming from you job because I was going to say, 120 00:06:17,900 --> 00:06:20,800 you're one of the most organized people that I've ever met. 121 00:06:20,900 --> 00:06:23,100 That's now we're getting in the tearing structure which means 122 00:06:23,100 --> 00:06:28,400 Jim you're not organized at all. I'm not organized at all but I 123 00:06:28,400 --> 00:06:33,200 and yeah but I'm doing all the organization for our podcast for 124 00:06:33,400 --> 00:06:36,600 Gartner. So enjoy the outcome. 125 00:06:37,300 --> 00:06:41,100 Hopefully we have the nine or ten sessions recorded that were 126 00:06:41,100 --> 00:06:43,700 hoping for, but I think we'll be, we'll be fine. 127 00:06:44,000 --> 00:06:47,900 So, Robert today. We're going to discuss state and 128 00:06:47,900 --> 00:06:51,600 local government approaches to digital Identity or identity, 129 00:06:51,600 --> 00:06:54,900 and access management, and how they different from Private 130 00:06:54,900 --> 00:06:56,700 sector. And I guess, you know, if 131 00:06:56,700 --> 00:06:59,900 there's any differences between state and local government, I 132 00:06:59,907 --> 00:07:02,900 mean, do they take a different approach then one another? 133 00:07:03,900 --> 00:07:08,600 And also we found a recent article that talked about how 134 00:07:08,800 --> 00:07:12,400 states have been investing heavily over the past decade 135 00:07:12,400 --> 00:07:15,500 into kind of getting their Workforce. 136 00:07:15,500 --> 00:07:19,700 I am house in order and now they're kind of shifting their 137 00:07:19,700 --> 00:07:23,300 focus for investment into the citizen. 138 00:07:23,300 --> 00:07:25,800 I am space. So, just wondering if you could 139 00:07:25,800 --> 00:07:31,200 maybe talk about that and you know, explain a little bit about 140 00:07:31,200 --> 00:07:34,100 that Trend that's happening. Is that something is happening 141 00:07:34,300 --> 00:07:37,300 across the board? Or is it something that's just 142 00:07:37,400 --> 00:07:40,900 In Pockets? I think to really understand the 143 00:07:40,900 --> 00:07:43,500 trend of identity, as it relates to state government, we really 144 00:07:43,500 --> 00:07:47,500 need to understand the origin of Technology as it relates to 145 00:07:47,500 --> 00:07:49,900 state government, because it's really very different than what 146 00:07:49,900 --> 00:07:52,800 you might see in a traditional private organization. 147 00:07:52,900 --> 00:07:57,700 So 20 years, Go agency is essentially operated 148 00:07:57,700 --> 00:08:00,500 independently within the state government landscape. 149 00:08:01,100 --> 00:08:04,400 So they had their own directors, they had their own budgets, they 150 00:08:04,400 --> 00:08:08,500 had their own IT staff, and for the most part operated 151 00:08:08,500 --> 00:08:11,700 independently as it related to delivery of those Solutions. 152 00:08:12,500 --> 00:08:18,400 So then in the early 2000s the legislative body got tired of 153 00:08:18,400 --> 00:08:22,100 essentially paying for 100 different, it shops and began to 154 00:08:22,100 --> 00:08:26,000 form Departments of it. Within States and that's been 155 00:08:26,000 --> 00:08:29,300 going on now for the last probably decade or so, is these 156 00:08:29,400 --> 00:08:32,400 these kind of centralized, it departments were generated, 157 00:08:32,799 --> 00:08:34,700 initially started with things like data centers. 158 00:08:35,000 --> 00:08:37,799 Obviously there's a huge capital investment makes a ton of sense 159 00:08:37,799 --> 00:08:40,600 for agencies to consolidate that investment into a single 160 00:08:40,600 --> 00:08:43,400 location. But with identity, it created a 161 00:08:43,408 --> 00:08:47,000 really unique challenge because you have agencies that are 162 00:08:47,000 --> 00:08:50,500 typically potentially very large, think Departments of 163 00:08:50,500 --> 00:08:54,300 Transportation Departments of Health that have 10:15. 164 00:08:54,500 --> 00:08:57,900 Thousand employees. They have their own domain 165 00:08:57,900 --> 00:09:02,000 structure, and then, how do you collapse that together into 166 00:09:02,000 --> 00:09:05,200 unified naming conventions? How do you take this, you know, 167 00:09:05,400 --> 00:09:09,400 Forest of various active directory, domains, and unify 168 00:09:09,400 --> 00:09:10,900 them. And that's really been the focus 169 00:09:10,900 --> 00:09:14,400 over the last you 10. 12 years is building. 170 00:09:14,400 --> 00:09:18,500 That integrated view of what is your Workforce identity, as it 171 00:09:18,500 --> 00:09:22,900 relates to an individual state I'd say, for the most part 172 00:09:23,100 --> 00:09:25,700 states have really gotten over that hurdle with in their 173 00:09:25,700 --> 00:09:28,700 Workforce and that's really why they're starting to look a 174 00:09:28,708 --> 00:09:34,200 little bit down the road and focusing on that, that citizen 175 00:09:34,200 --> 00:09:36,300 personas as you started to touch on. 176 00:09:37,400 --> 00:09:42,500 This is, some Persona is is a bit of a unique concept and it 177 00:09:42,500 --> 00:09:45,000 also isn't a unique concept. So the closest parallel I would 178 00:09:45,000 --> 00:09:49,700 put to this is you really think about a consumer Persona where 179 00:09:49,700 --> 00:09:52,500 the start of this was very Similar where it was really 180 00:09:52,500 --> 00:09:56,500 meant to be a way as you dealt with education, with 181 00:09:56,500 --> 00:10:01,400 transportation and so forth. How can we build a unified 182 00:10:01,400 --> 00:10:05,100 mechanism for individuals to access those Services? 183 00:10:05,100 --> 00:10:08,200 Basically, how do we reduce the barriers of entry for 184 00:10:08,200 --> 00:10:12,500 individuals to come in? To a digitized government beyond 185 00:10:12,500 --> 00:10:14,400 that though? I think there's some really 186 00:10:14,400 --> 00:10:17,600 unique things that states are starting to think about as it 187 00:10:17,600 --> 00:10:21,000 relates to the citizen Persona and why? 188 00:10:21,100 --> 00:10:25,600 I think state may start to see really interesting impacts in 189 00:10:25,600 --> 00:10:29,900 the private space. So one is the joining of both 190 00:10:29,900 --> 00:10:33,600 digital and physical identities. So if we think about your 191 00:10:33,600 --> 00:10:36,500 physical identity, as it relates to state government, driver's 192 00:10:36,500 --> 00:10:39,700 license, right? Or a really simple example of 193 00:10:39,700 --> 00:10:42,900 how you would go to various state agencies and prove who you 194 00:10:42,900 --> 00:10:45,800 are, there's a lot of interesting use cases that are 195 00:10:45,800 --> 00:10:49,400 being considered now about how do I join that with a digital 196 00:10:49,400 --> 00:10:53,300 identity in some Samples that I saw of recently, read things. 197 00:10:53,300 --> 00:10:57,800 Like, if you have your covid-19 vaccination card, can you put a 198 00:10:57,800 --> 00:11:00,700 QR code on that? As a way to sort of validate 199 00:11:00,700 --> 00:11:05,200 that record and have the most up-to-date information or on the 200 00:11:05,200 --> 00:11:09,900 flip side, how do I take my physical driver's license and 201 00:11:09,900 --> 00:11:13,500 digitize that and make that available to me, within my phone 202 00:11:13,500 --> 00:11:15,900 in some way shape before? Real interesting, there you 203 00:11:15,900 --> 00:11:18,100 wouldn't into the driver's license. 204 00:11:18,100 --> 00:11:20,800 I'd like to follow up on that, but just had a thought. 205 00:11:21,100 --> 00:11:25,200 As you were talking about kind of the transition that state 206 00:11:25,200 --> 00:11:29,400 governments have made from, you know, having decentralized it to 207 00:11:29,400 --> 00:11:35,300 centralize their tea and kind of the all the challenges to doing 208 00:11:35,300 --> 00:11:36,900 that. I just had to think there's a 209 00:11:36,900 --> 00:11:41,000 lot of big companies that have kind of found themselves. 210 00:11:41,300 --> 00:11:42,600 Go through the same Journey, right? 211 00:11:42,600 --> 00:11:47,500 If they were, you know, didn't have a push to centralize it. 212 00:11:47,500 --> 00:11:51,400 Departments within that company early on well, they Build a 213 00:11:51,408 --> 00:11:54,900 bunch of infrastructure, maybe they have some shared 214 00:11:55,500 --> 00:12:03,800 infrastructure, like the network layer and but, you know, 215 00:12:03,800 --> 00:12:07,000 normally I've seen a lot of companies where, you know, 216 00:12:07,000 --> 00:12:10,100 active directories, where separate at one point, and 217 00:12:10,100 --> 00:12:13,200 they've had to kind of go through the process of merging 218 00:12:13,200 --> 00:12:17,800 it and really, that also kind of sets the stage for other 219 00:12:17,800 --> 00:12:20,300 identity and access management challenges. 220 00:12:20,300 --> 00:12:24,900 So, I mean, I don't think that's completely unique to States. 221 00:12:24,900 --> 00:12:28,500 It sounds to me like that's where almost every state has 222 00:12:28,500 --> 00:12:31,500 kind of found themselves. But, I mean, we see this a lot 223 00:12:31,500 --> 00:12:33,700 in like, University context and see it. 224 00:12:33,708 --> 00:12:37,000 A lot in big multinational companies especially if they've 225 00:12:37,000 --> 00:12:40,200 grown by acquisition. Is that kind of your experience 226 00:12:40,200 --> 00:12:42,300 as well. Yeah, absolutely. 227 00:12:42,300 --> 00:12:46,300 So I worked for a fortune 10 bank for four years at the start 228 00:12:46,300 --> 00:12:49,400 of my career and a big element that we had to work through is 229 00:12:49,400 --> 00:12:52,000 that they grew very rapidly. Through acquisition. 230 00:12:52,000 --> 00:12:55,200 They had organizations almost of equivalent size that they were 231 00:12:55,200 --> 00:12:57,700 trying to bring under single identity umbrella. 232 00:12:58,100 --> 00:13:01,000 And I think the challenges that we Face, there are almost 233 00:13:01,000 --> 00:13:03,200 identical to the challenges that we faced within state 234 00:13:03,200 --> 00:13:05,300 government. I think the difference is you're 235 00:13:05,300 --> 00:13:08,600 facing them 10 12, 15 years later. 236 00:13:08,900 --> 00:13:12,100 So, in some ways you have the advantage in that you can take 237 00:13:12,100 --> 00:13:15,900 those proven use cases from the private sector and really apply 238 00:13:15,900 --> 00:13:19,200 them into the public one. I think that lag is helpful 239 00:13:19,200 --> 00:13:21,200 right? Sometimes sometimes it might be 240 00:13:21,208 --> 00:13:22,400 a little of a hindrance or they go. 241 00:13:22,400 --> 00:13:24,300 Why isn't this? Why isn't this service easy to 242 00:13:24,300 --> 00:13:25,200 use? Like what do you mean I have to 243 00:13:25,200 --> 00:13:27,100 like fill out a piece of paper, right? 244 00:13:27,200 --> 00:13:29,000 Look it's only 22 are doing that sort of thing. 245 00:13:29,200 --> 00:13:31,000 I want to touch back a month because I might get to privacy 246 00:13:31,000 --> 00:13:32,500 for a second. But before I get to that, you 247 00:13:32,500 --> 00:13:36,600 mentioned earlier on that a lot of legislators have gotten 248 00:13:36,600 --> 00:13:40,300 together to essentially kind of form these centralized 249 00:13:40,400 --> 00:13:43,600 Departments of it or services or whatever might look like. 250 00:13:44,000 --> 00:13:46,500 Is that something that you've seen across the board 251 00:13:46,500 --> 00:13:49,900 essentially for like all 50 states or is that you know, half 252 00:13:49,900 --> 00:13:52,600 the state's, you know, like what What's been the adoption of sort 253 00:13:52,600 --> 00:13:56,500 of that sort of mindset of a central shared infrastructure, 254 00:13:56,500 --> 00:14:00,000 group of some sort at this stage and I can't speak for all 50 255 00:14:00,000 --> 00:14:02,000 states because I've interacted with all 50 states. 256 00:14:02,000 --> 00:14:05,000 But at this stage, you know, beyond serving directly with 257 00:14:05,000 --> 00:14:07,800 seven states, I probably interacted with another 20 to 258 00:14:07,800 --> 00:14:14,300 25, every single one of them has some level of centralized it the 259 00:14:14,600 --> 00:14:18,700 way in which they're funded and the level of service that they 260 00:14:18,700 --> 00:14:21,900 provide to both state. And Or local governments will 261 00:14:21,900 --> 00:14:25,100 vary dramatically between States but all of them will have a 262 00:14:25,108 --> 00:14:29,200 central it department and in every single one of those 263 00:14:29,200 --> 00:14:31,600 circumstances. That is the department that is 264 00:14:31,600 --> 00:14:34,700 driving the identity discussion. It seems to me like it's a great 265 00:14:34,700 --> 00:14:37,700 opportunity to have more interoperability between the 266 00:14:37,700 --> 00:14:41,300 different states for those types of scenarios like vaccine or 267 00:14:41,300 --> 00:14:45,400 driver's licenses or other forms of being able to check things 268 00:14:45,800 --> 00:14:48,900 which you know, if I put my tinfoil hat on now I'm starting 269 00:14:48,900 --> 00:14:50,900 to talk about privacy and there's this natural. 270 00:14:51,100 --> 00:14:55,000 Enough, what is the government doing with my data on? 271 00:14:55,000 --> 00:14:57,700 You know, we've seen some some recent things at least at the 272 00:14:57,700 --> 00:15:01,800 federal level with things like the IRS and ID me, I guess from 273 00:15:01,800 --> 00:15:06,700 a, from a privacy standpoint, you know, what is the sort of 274 00:15:06,700 --> 00:15:09,000 data that state or local governments want? 275 00:15:09,000 --> 00:15:12,300 What are the constraints that go around how they might utilize 276 00:15:12,300 --> 00:15:13,800 it? Or, you know, those types of 277 00:15:13,808 --> 00:15:14,900 scenarios? Like, what are some of the 278 00:15:14,900 --> 00:15:18,800 things that that those operations are thinking about to 279 00:15:18,800 --> 00:15:22,500 try and protect the citizenry? You know, and their data so you 280 00:15:22,500 --> 00:15:25,400 mention ID me but I think probably the better parallel 281 00:15:25,400 --> 00:15:28,800 from a state identity identity to Federal identity perspective 282 00:15:28,800 --> 00:15:32,300 is login dot-gov. So log in.gov if you've 283 00:15:32,400 --> 00:15:35,800 registered for things like TSA PreCheck or Global Entry is the 284 00:15:35,800 --> 00:15:40,400 mechanism in which you log in and so what login dot gov did 285 00:15:40,400 --> 00:15:44,400 and what states are doing is really trying to build a shared 286 00:15:44,800 --> 00:15:49,300 set of piping in order to facilitate authentication that's 287 00:15:49,300 --> 00:15:50,900 primarily what they're driving towards. 288 00:15:51,300 --> 00:15:53,500 The Privacy question is a good one. 289 00:15:53,900 --> 00:15:56,900 Because in some ways, not to the same extent that the federal 290 00:15:56,900 --> 00:16:00,400 government does, but state government has more information 291 00:16:00,400 --> 00:16:04,000 about the individual than just about any other industry, 292 00:16:04,000 --> 00:16:08,700 vertical that's out there. And there is no unifying law, 293 00:16:08,700 --> 00:16:12,100 around collection, and usage of that information. 294 00:16:12,400 --> 00:16:16,000 Now, I would say in the last five years, five to ten years, 295 00:16:16,000 --> 00:16:20,900 there's been a definite trend of States, hiring permanent data, 296 00:16:21,000 --> 00:16:25,100 Data privacy officers and or data governance officers to 297 00:16:25,100 --> 00:16:28,700 better understand the data they have and how it's being 298 00:16:28,700 --> 00:16:31,600 utilized. But laws that people often 299 00:16:31,600 --> 00:16:35,500 associate with State privacy, like the California consumer, 300 00:16:35,500 --> 00:16:40,200 protection act are focused on consumers not government 301 00:16:40,200 --> 00:16:43,900 services. So there isn't, you know, that 302 00:16:43,900 --> 00:16:46,900 one place to look at to really understand those questions. 303 00:16:46,900 --> 00:16:49,900 And a lot of cases, you're seeing very agency. 304 00:16:51,500 --> 00:16:55,100 Laws and regulations driving that so Center, for Medicaid, 305 00:16:55,100 --> 00:16:58,000 and Medicare services. For example, has a view on this, 306 00:16:59,000 --> 00:17:01,300 the Social Security Administration has a view on 307 00:17:01,300 --> 00:17:03,700 this. The driver's license privacy 308 00:17:03,700 --> 00:17:05,500 protection act has a view on this. 309 00:17:05,800 --> 00:17:10,200 And so, it's a really hard question to answer sometimes, 310 00:17:10,200 --> 00:17:14,000 when you're trying to go through this view of, how do I balance 311 00:17:14,099 --> 00:17:18,099 building out a very robust process to identify and proof an 312 00:17:18,099 --> 00:17:24,700 individual, but not create A honey pot of data that both 313 00:17:25,000 --> 00:17:31,200 exposes the can the individual constituent as well as violates 314 00:17:31,200 --> 00:17:33,900 their understanding of how the data was going to be utilized. 315 00:17:34,100 --> 00:17:35,700 Yeah, I think that's that's the main concern, right? 316 00:17:35,700 --> 00:17:39,700 Is we're in the age of breeches. So, of course, the more data you 317 00:17:39,708 --> 00:17:42,400 consolidate in the one spot. The more a concern there is that 318 00:17:42,400 --> 00:17:45,400 all that stuff gets out there and now we start thinking about 319 00:17:45,400 --> 00:17:47,400 things like biometric, you know, you can change your password, 320 00:17:47,400 --> 00:17:50,800 can't change your fingerprint at least not legally or maybe even 321 00:17:51,000 --> 00:17:55,400 Only so things like that become a lot more sensitive from a 322 00:17:55,408 --> 00:17:57,700 sharing perspective and where is it being stored? 323 00:17:58,500 --> 00:18:00,700 I think of you know you mentioned login dot gov and you 324 00:18:00,700 --> 00:18:03,500 know I have PreCheck and I have a passport and I use that to log 325 00:18:03,500 --> 00:18:06,900 in those types of services, a service like that essentially 326 00:18:06,900 --> 00:18:09,600 already exists. Why would another agency? 327 00:18:09,600 --> 00:18:13,600 Even think about using something else from a medication 328 00:18:13,600 --> 00:18:16,300 standpoint and there probably are certain scenarios like 329 00:18:16,400 --> 00:18:18,400 identity proofing. You know, prevent financial 330 00:18:18,400 --> 00:18:20,500 fraud, maybe that's why IRS didn't look at it. 331 00:18:20,900 --> 00:18:23,200 Or maybe didn't meet their needs, but it seems to me like, 332 00:18:23,200 --> 00:18:27,900 if we, they're still this, as a as a Outsider looking in, like, 333 00:18:27,900 --> 00:18:32,000 I see what seemed to be suitable services, but then it seems like 334 00:18:32,200 --> 00:18:36,100 because of all the different use cases or requirements, or laws 335 00:18:36,100 --> 00:18:37,800 or regulations, whatever they be. 336 00:18:38,200 --> 00:18:42,400 We still haven't come up with a scalable or modular. 337 00:18:42,400 --> 00:18:45,900 Enough way where it's kind of like a no-brainer de facto 338 00:18:45,900 --> 00:18:48,200 standard for government services. 339 00:18:48,200 --> 00:18:51,900 Yes, I log in, with my login, Dot, Than the u.s. maybe it's 340 00:18:51,900 --> 00:18:53,400 something else in a different country. 341 00:18:53,400 --> 00:18:56,300 I think I can't remember the country in the Europe but 342 00:18:56,300 --> 00:18:58,400 they're like totally is a martini or something like that 343 00:18:58,400 --> 00:19:02,900 where they're like 100% digital and they've kind of figured out. 344 00:19:02,900 --> 00:19:04,900 It seems they've been that way for a while. 345 00:19:05,200 --> 00:19:09,100 Like why haven't we caught up to that from a central? 346 00:19:09,100 --> 00:19:12,100 I think that I think Estonia actually Tony only ones I was 347 00:19:13,100 --> 00:19:16,700 thinking of where they have a pki enabled infrastructure for 348 00:19:16,700 --> 00:19:19,600 their for their digital identity, it really interesting. 349 00:19:19,600 --> 00:19:23,900 So I think obviously any individual State probably has 350 00:19:23,900 --> 00:19:26,800 more complexity to it than Estonia does. 351 00:19:26,800 --> 00:19:30,800 But you know there's a number of kind of deployment related 352 00:19:30,800 --> 00:19:33,300 challenges that as you think about what's the model we even 353 00:19:33,300 --> 00:19:36,800 went to apply here and depending who you ask they take a very 354 00:19:36,800 --> 00:19:39,300 different approach. There's really only three views 355 00:19:39,300 --> 00:19:41,100 to this. At the end of the day, there's a 356 00:19:41,108 --> 00:19:44,400 centralized model, there's a Federated model and then there's 357 00:19:44,400 --> 00:19:46,200 just a completely decentralized model. 358 00:19:46,300 --> 00:19:48,400 It's a decentralized model is basically what you just talked 359 00:19:48,400 --> 00:19:50,100 about the Stony. Oh, and this is the direction 360 00:19:50,100 --> 00:19:53,700 that the States have gone like with Ohio and in the Innovative 361 00:19:53,700 --> 00:19:57,200 Ohio solution where the department of IIT, essentially 362 00:19:57,200 --> 00:20:01,400 builds a singular infrastructure for identity. 363 00:20:01,400 --> 00:20:05,100 So it has the identity store, it manages the authentication, and 364 00:20:05,100 --> 00:20:08,800 you essentially plug into that. It is, it is the IDP for State 365 00:20:08,800 --> 00:20:11,800 Services. Then you have a more Federated 366 00:20:11,800 --> 00:20:15,900 system where you can have multiple identity providers that 367 00:20:15,900 --> 00:20:18,700 you're utilizing. I think I read an article where 368 00:20:18,700 --> 00:20:22,000 it's Canada actually. Rates with certain banking 369 00:20:22,000 --> 00:20:26,200 systems, in order to drive identity and then you can have a 370 00:20:26,200 --> 00:20:30,600 totally decentralized but based on standard integration pattern 371 00:20:30,600 --> 00:20:33,800 view which is really interesting. 372 00:20:33,800 --> 00:20:37,300 I think from a data privacy perspective because no one 373 00:20:37,300 --> 00:20:40,700 controls the full View and that certainly in and of itself 374 00:20:40,700 --> 00:20:43,500 strives drives kind of a bit more of a container around the 375 00:20:43,500 --> 00:20:46,500 data they have, but the complexity of what that really 376 00:20:46,500 --> 00:20:50,400 means in the management of it. Also, generates a lot of 377 00:20:50,400 --> 00:20:54,300 question marks, To my mind. So until we can really come to a 378 00:20:54,300 --> 00:20:57,300 conclusion on that. I think that each state is 379 00:20:57,300 --> 00:21:00,000 really trying to make that determination on their own 380 00:21:00,100 --> 00:21:02,300 wasn't black chain, supposed to solve that for us, and we've 381 00:21:02,300 --> 00:21:04,800 been hearing blockchain and block identity. 382 00:21:04,800 --> 00:21:08,900 Things were going to be like the decentralized way to everybody, 383 00:21:08,900 --> 00:21:11,200 manages their own data and it's going to be a perfect world. 384 00:21:11,200 --> 00:21:14,500 And I feel like here we are, I think I first heard about this, 385 00:21:14,500 --> 00:21:18,000 probably at Gartner, like four or five years ago and I still 386 00:21:18,000 --> 00:21:19,900 haven't, it's it hasn't gotten anywhere. 387 00:21:20,000 --> 00:21:23,200 When identity present Active, even though on the face values, 388 00:21:23,200 --> 00:21:25,500 like oh, that seems like a pretty applicable use case, 389 00:21:25,900 --> 00:21:30,900 Civic Health Care education. I can see it making a lot of 390 00:21:30,900 --> 00:21:33,800 sense there. But we're I don't know anybody 391 00:21:33,800 --> 00:21:37,000 who's like really doing it really in the real world at any 392 00:21:37,000 --> 00:21:41,500 scale that matters? I'm not aware of anyone that's 393 00:21:41,500 --> 00:21:46,400 looking at that it, you know, the idea of a transparent 394 00:21:46,400 --> 00:21:49,800 citizen own identity. That is portable like you would 395 00:21:49,800 --> 00:21:54,300 see as part of your Apple, wallet is exciting. 396 00:21:54,700 --> 00:21:59,400 And I think very interesting position that states and or the 397 00:21:59,400 --> 00:22:03,500 federal government could play to really drive forward, not just 398 00:22:03,500 --> 00:22:06,300 state and local government, but the market of identity as a 399 00:22:06,300 --> 00:22:09,800 whole, but there really hasn't been Been that singular 400 00:22:09,800 --> 00:22:13,100 leaderships, whether that's Department of Homeland Security 401 00:22:13,100 --> 00:22:17,500 or directly within sisa that that has not really been a 402 00:22:17,500 --> 00:22:20,100 direct strategy for them at this point in time. 403 00:22:20,400 --> 00:22:22,500 There are some really interesting Investments that are 404 00:22:22,500 --> 00:22:26,100 coming out of the federal space. The infrastructure act that was 405 00:22:26,300 --> 00:22:27,900 signed under the Biden Administration. 406 00:22:27,900 --> 00:22:32,600 Last year has about think about 1 billion dollars Associated to 407 00:22:32,600 --> 00:22:35,500 it. And grant money related to State 408 00:22:35,500 --> 00:22:38,000 and local government Partnerships related to 409 00:22:38,000 --> 00:22:41,600 cybersecurity Purity, no guidance specifically on how 410 00:22:41,600 --> 00:22:45,800 they anticipate awarding that and what is going to be used 411 00:22:45,800 --> 00:22:47,800 for. But, I mean, it creates 412 00:22:47,800 --> 00:22:52,900 interesting questions that can you unify some of that money in 413 00:22:52,900 --> 00:22:55,600 a way that drives forward, not just for a singular state, but 414 00:22:55,600 --> 00:22:58,500 for a region or even the country, you know, I feel like 415 00:22:58,500 --> 00:23:02,500 when we have this privacy discussion, you can't have the 416 00:23:02,600 --> 00:23:06,900 discussion holistically without talking about, like, arcs, Odin 417 00:23:06,900 --> 00:23:09,700 and Wikileaks. And Kind of what impact that 418 00:23:09,700 --> 00:23:12,500 had. I'm wondering when it comes 419 00:23:12,500 --> 00:23:17,100 because I think most of the Privacy regulations that we 420 00:23:17,100 --> 00:23:21,700 talked about in our industry things like CCPA, you know, they 421 00:23:21,700 --> 00:23:24,000 don't really apply to government agencies. 422 00:23:24,000 --> 00:23:28,300 So I guess the formal question would be what draw what is 423 00:23:28,300 --> 00:23:33,800 driving or what framework do policy or I'm sorry yeah privacy 424 00:23:33,800 --> 00:23:38,300 practitioners use from a government side too. 425 00:23:38,500 --> 00:23:41,700 Determine hey, what day does should we collect and things 426 00:23:41,700 --> 00:23:44,200 like that? I'm kind of wondering if the 427 00:23:44,200 --> 00:23:49,500 whole Wikileaks peas kind of like looms over is that kind of 428 00:23:49,500 --> 00:23:55,700 influencing that in other words. Hey, if we collect it at some 429 00:23:55,700 --> 00:23:59,600 point, it may become publicly known that we collected errors 430 00:23:59,600 --> 00:24:02,200 that just something. I mean you know I noticed a tank 431 00:24:02,400 --> 00:24:05,900 state governments probably aren't collecting the kind of 432 00:24:05,900 --> 00:24:08,300 data that say the NSA is collecting. 433 00:24:08,400 --> 00:24:12,400 Getting caught, I'm wondering like if we hope right. 434 00:24:12,400 --> 00:24:17,900 But what's kind of driving privacy practitioners Within 435 00:24:18,200 --> 00:24:21,900 These government agencies to determine what data to collect? 436 00:24:22,300 --> 00:24:26,300 So I can't speak to data privacy as a whole, but in the context 437 00:24:26,300 --> 00:24:30,700 of identity and I'll talk about it in two ways, identity, 438 00:24:30,700 --> 00:24:33,500 proofing, and identity affirmation. 439 00:24:33,500 --> 00:24:36,400 It is something we talk about every single day. 440 00:24:37,300 --> 00:24:39,800 In the reason we talk about it, every single day is we want to 441 00:24:39,800 --> 00:24:45,900 avoid those data Marts, honey pots Wikileaks, whatever view 442 00:24:45,900 --> 00:24:49,900 you want to apply to it around the collection of data, that 443 00:24:49,900 --> 00:24:54,000 potentially creates an attack surface, that we're just not 444 00:24:54,000 --> 00:24:56,300 interested in taking the risk associated with. 445 00:24:56,700 --> 00:25:00,900 So when we talk about identity proofing, so when I initially 446 00:25:00,900 --> 00:25:06,000 come into a digital service and identifying you are who you say 447 00:25:06,000 --> 00:25:09,700 that you are, we have a lot of mechanisms available to us 448 00:25:09,700 --> 00:25:12,500 within the state government to facilitate that, but we want to 449 00:25:12,500 --> 00:25:16,300 right-size the risk of both collecting that information, as 450 00:25:16,300 --> 00:25:20,700 well as validating it with the service that you're attempting 451 00:25:20,700 --> 00:25:23,600 to access. So, for example, if you're 452 00:25:23,600 --> 00:25:29,700 coming in to pay your taxes, not get a refund, but to pay for 453 00:25:29,700 --> 00:25:33,100 yourself or for your business to degree, if you're willing to cut 454 00:25:33,100 --> 00:25:36,200 that check probably, Willing to accept that and we aren't going 455 00:25:36,200 --> 00:25:37,500 to go through additional proofing. 456 00:25:38,500 --> 00:25:41,900 If you are, for example, getting grant money or in the case of 457 00:25:41,900 --> 00:25:44,500 the federal government getting a tax refund with the issues that 458 00:25:44,500 --> 00:25:47,200 happen there, the bar would be significantly higher. 459 00:25:47,800 --> 00:25:51,700 And so part of it is limiting again when we are actually 460 00:25:51,700 --> 00:25:56,400 attempting to even access that information such that it is risk 461 00:25:56,400 --> 00:26:00,400 Justified the second element that is well how are we 462 00:26:00,400 --> 00:26:04,300 accessing the information? So driver's license is a really 463 00:26:04,400 --> 00:26:06,500 A popular mechanism and state government. 464 00:26:06,500 --> 00:26:08,900 Why? Because we have it and it's 465 00:26:08,900 --> 00:26:11,400 relatively easy for us to reach out and grab it. 466 00:26:11,400 --> 00:26:14,000 But as I mentioned earlier, there is a law. 467 00:26:14,000 --> 00:26:16,500 The driver's license privacy protection act that we do have 468 00:26:16,500 --> 00:26:19,400 to evaluate these calls against in. 469 00:26:19,400 --> 00:26:22,900 So, the approach that we've generally taken is API in the 470 00:26:22,900 --> 00:26:26,600 API isn't send me all the information about Jim McDonald. 471 00:26:26,900 --> 00:26:30,700 The API is Jim McDonald. Said these things about himself. 472 00:26:31,000 --> 00:26:35,800 Can you confirm yes or no and so that limits The information that 473 00:26:35,800 --> 00:26:39,700 were receiving and have to be responsible for the other 474 00:26:39,700 --> 00:26:43,300 element and getting to the biometric piece is the sort of 475 00:26:43,300 --> 00:26:46,500 the view and I'm sure that other spaces have this as well. 476 00:26:46,600 --> 00:26:49,000 The view we play in the public sector is assumed all 477 00:26:49,000 --> 00:26:51,900 knowledge-based proofing is compromised. 478 00:26:52,100 --> 00:26:56,300 So we would take any information, you provide plus a 479 00:26:56,300 --> 00:27:00,600 picture of your driver's license, plus a picture of you 480 00:27:00,800 --> 00:27:04,800 and do a comparison but we would never store that we Blow it all 481 00:27:04,800 --> 00:27:06,400 away. It's real time, it never gets 482 00:27:06,400 --> 00:27:09,300 collected. So the footprint is meant to be 483 00:27:09,300 --> 00:27:12,300 very small and very transactional as best as 484 00:27:12,308 --> 00:27:16,100 possible and then at that point all we do is store that you have 485 00:27:16,100 --> 00:27:20,400 in fact been proofed and to what level you've been proved the 486 00:27:20,400 --> 00:27:23,300 other element. We look at is the identity 487 00:27:23,300 --> 00:27:26,800 affirmation piece so find your in the system great. 488 00:27:27,000 --> 00:27:31,200 But now you're coming in and you're attempting to perform a 489 00:27:31,200 --> 00:27:33,700 certain transaction that is as of a higher level. 490 00:27:33,700 --> 00:27:37,200 So your Trying to pull information from retirement 491 00:27:37,200 --> 00:27:42,800 benefits or cut a check out of your pension or 401K in that 492 00:27:42,800 --> 00:27:44,800 case. We would also look at more like 493 00:27:44,800 --> 00:27:48,100 an Adaptive or risk based view of that transaction and say, 494 00:27:48,100 --> 00:27:51,600 alright. So you typically login with one 495 00:27:51,600 --> 00:27:56,300 of these two devices and that device is geographically located 496 00:27:56,300 --> 00:27:59,200 here. And this is the type of login 497 00:27:59,200 --> 00:28:03,600 pattern that you follow in terms of the language of your browser. 498 00:28:04,300 --> 00:28:07,500 And we would flag that for a typical Behavior. 499 00:28:09,400 --> 00:28:12,200 And then that would require, again sort of additional 500 00:28:13,300 --> 00:28:15,500 confirmation before that transaction would take place. 501 00:28:16,200 --> 00:28:19,900 Yeah, the the latter scenario that you were discussing. 502 00:28:19,900 --> 00:28:23,700 I think the buzz term is verified credentials. 503 00:28:24,000 --> 00:28:26,500 I kind of went through that process with the ID. 504 00:28:26,500 --> 00:28:32,600 Dot me, process to get to IRS services just recently, right? 505 00:28:32,600 --> 00:28:35,700 As you're going through the process of obtaining, a 506 00:28:35,700 --> 00:28:40,900 mortgage, you have to kind of go and IRS transcripts and things 507 00:28:40,900 --> 00:28:43,400 like that. So, recently went through that 508 00:28:43,400 --> 00:28:47,700 process and to your point it made a big point of saying, 509 00:28:47,700 --> 00:28:51,200 look, if you do this automated process, we blow a of the data. 510 00:28:51,900 --> 00:28:55,800 Your your other option is wait and do a video chat with a human 511 00:28:55,800 --> 00:28:58,300 being but the wait time is an hour. 512 00:29:00,400 --> 00:29:04,100 But hey, you do have the option. Anyway, I wanted to switch 513 00:29:04,100 --> 00:29:07,300 topics a little bit. You know, we had three our 514 00:29:07,300 --> 00:29:10,100 preparation for this session. And you mentioned, an 515 00:29:10,100 --> 00:29:13,800 organization called, I think Ignacio. 516 00:29:14,200 --> 00:29:16,600 It was the way you can see, I'm not a CEO. 517 00:29:16,900 --> 00:29:25,500 And yeah, so that's a public sector CIO organization and what 518 00:29:25,500 --> 00:29:27,300 are you, what are they talking about? 519 00:29:27,400 --> 00:29:32,900 And relative to digital identity so nacio, the National 520 00:29:32,900 --> 00:29:38,200 Association of State cios in my mind, is the organization to 521 00:29:38,200 --> 00:29:43,700 really And what are the it priorities across the state 522 00:29:43,700 --> 00:29:46,200 sector. So typically this is a group 523 00:29:46,200 --> 00:29:49,900 that meets twice a year. These are decision makers within 524 00:29:49,900 --> 00:29:53,500 the individual states. Typically, they are leading the 525 00:29:53,500 --> 00:29:56,800 shared Departments of it for that state and they come 526 00:29:56,800 --> 00:29:59,900 together to really talk about. Where are you investing? 527 00:30:00,200 --> 00:30:03,700 Where do you plan to invest? What are you seeing as a 528 00:30:03,700 --> 00:30:06,000 successful way in which you've invested? 529 00:30:06,000 --> 00:30:09,400 So that could be vendors. That could be just Particular 530 00:30:09,400 --> 00:30:11,000 topics, and things of that nature. 531 00:30:11,200 --> 00:30:15,800 So, every year, they release a nacio top 10 priorities. 532 00:30:15,800 --> 00:30:18,800 It typically comes out in the late fall or early winter of the 533 00:30:18,800 --> 00:30:22,700 preceding year that says, okay. These are the 10 priorities that 534 00:30:22,700 --> 00:30:26,200 we anticipate, we will take into, in this case, 20 22. 535 00:30:26,600 --> 00:30:29,100 And then, these are the supporting technology projects 536 00:30:29,100 --> 00:30:31,400 that we believe are going to enable those. 537 00:30:31,800 --> 00:30:34,700 So if I look at 2022, is nacio top 10 priorities. 538 00:30:34,800 --> 00:30:38,800 Number one is cyber security. Number two is Digital Services. 539 00:30:39,300 --> 00:30:45,700 I think number six is Identity. The idea is that with not just 540 00:30:45,700 --> 00:30:47,900 covid, but I think with the understanding that the 541 00:30:47,900 --> 00:30:53,000 digitization of government services drives faster Revenue 542 00:30:53,000 --> 00:30:58,000 return better engagement with services and frankly just better 543 00:30:58,000 --> 00:31:00,400 experience from the user perspective, which ultimately 544 00:31:00,400 --> 00:31:04,300 leads them to come back again. There's been a significant 545 00:31:04,300 --> 00:31:07,100 investment in that kind of it modernization to enable that 546 00:31:07,100 --> 00:31:10,800 obviously, then PSI. Cyber security exposure and the 547 00:31:10,808 --> 00:31:14,700 need for a unified citizen identity, in this case, are 548 00:31:14,700 --> 00:31:18,800 going to be critical to that underpinning that if you look at 549 00:31:18,800 --> 00:31:21,800 the Technology Solutions, if they're really most focused on 550 00:31:22,300 --> 00:31:25,200 particularly from the citizen perspective, there pretty early 551 00:31:25,200 --> 00:31:28,500 in the life cycle. So they're just focused on how 552 00:31:28,500 --> 00:31:32,300 do I prove out the citizens that are logging in are? 553 00:31:32,300 --> 00:31:36,600 In fact who they say, they are such that I can move Beyond 554 00:31:36,600 --> 00:31:40,500 those General Services where I really Not having to prove with 555 00:31:40,500 --> 00:31:43,200 any real any real detail evaluation. 556 00:31:43,300 --> 00:31:47,800 So now exposing more sensitive services like retirement 557 00:31:47,800 --> 00:31:51,900 benefits and health information through these digital portals. 558 00:31:52,200 --> 00:31:55,600 That these are things like access Indiana history to go 559 00:31:55,600 --> 00:31:58,800 down this path and if you do, hi, oh, I know it started to go 560 00:31:58,800 --> 00:32:02,200 down this path, but many states are really just starting to 561 00:32:02,500 --> 00:32:07,100 frankly, dip, a toe in to how Digital Services supported by a 562 00:32:07,100 --> 00:32:10,000 digital citizen identity can believe, Start to be rolled out 563 00:32:10,000 --> 00:32:13,800 to their constituencies. So we focused a lot you know 564 00:32:13,800 --> 00:32:16,500 talking about the United States, right? 565 00:32:16,500 --> 00:32:20,400 And I mean a lot of our listeners are based at least a 566 00:32:20,400 --> 00:32:23,200 third of our listeners are based outside of the United States. 567 00:32:23,500 --> 00:32:28,700 How much collaboration would is going on, you know, beyond the 568 00:32:28,700 --> 00:32:31,100 borders of the United States because a lot of the what you're 569 00:32:31,100 --> 00:32:36,600 talking about seems like these are best practices not only for 570 00:32:37,200 --> 00:32:38,800 United States, right? But for government. 571 00:32:39,000 --> 00:32:42,600 It's all over the world. The short answer from a state 572 00:32:42,600 --> 00:32:47,800 and local government perspective is none that I'm aware of even 573 00:32:48,400 --> 00:32:50,900 with in state and local government outside of groups 574 00:32:50,900 --> 00:32:54,400 like nacio the information. Sharing tends to be a bit more 575 00:32:54,700 --> 00:32:59,000 Regional and Partnerships. So if you think about Washington 576 00:32:59,000 --> 00:33:02,900 and Oregon or Maryland and Virginia, where the Carolinas 577 00:33:02,900 --> 00:33:05,500 lick, these are groups that share clothes, Geographic 578 00:33:05,500 --> 00:33:08,000 territory. They have a lot of overlap in 579 00:33:08,400 --> 00:33:11,000 business. Isis and citizens, and things of 580 00:33:11,000 --> 00:33:12,500 that nature. So they tend to work pretty 581 00:33:12,500 --> 00:33:15,900 closely together in terms of international Partnerships. 582 00:33:15,900 --> 00:33:19,000 Like I said, none, I would say that if you look at it from the 583 00:33:19,000 --> 00:33:22,300 federal level and thinking about things, like the National 584 00:33:22,300 --> 00:33:25,200 Institute of Standards and Technology, you know, those are 585 00:33:25,200 --> 00:33:28,800 organizations that are often setting standards that state 586 00:33:28,800 --> 00:33:32,000 governments or are utilizing their our office. 587 00:33:32,100 --> 00:33:34,900 Also, obviously looking at things like standard 588 00:33:34,900 --> 00:33:38,800 authentication patterns and way to DC and sam'l which have an 589 00:33:39,000 --> 00:33:43,100 Flavor to them as well, but I guess the short answer I would 590 00:33:43,100 --> 00:33:46,700 say is indirectly when you think about industry standards, 591 00:33:47,000 --> 00:33:49,600 certainly state and local uses them, like anyone else would. 592 00:33:49,900 --> 00:33:55,500 But as far as you does, Ohio directly talk with members of 593 00:33:55,500 --> 00:33:59,700 the EU to Define what they're doing from a identity strategy 594 00:33:59,700 --> 00:34:03,100 perspective, absolutely not. But wouldn't be a conversation 595 00:34:03,100 --> 00:34:06,100 about state and local government without talking politics before 596 00:34:06,100 --> 00:34:08,699 I get to that. I'm curious for nacio. 597 00:34:08,900 --> 00:34:11,800 So, you know, they're certainly politics play a role large role 598 00:34:11,800 --> 00:34:14,600 in a lot of different things. But as far as participation at 599 00:34:14,600 --> 00:34:20,000 that sort of like, CIO level, do you see any is it, you know, Red 600 00:34:20,000 --> 00:34:20,600 vs. Blue. 601 00:34:20,600 --> 00:34:22,100 And some of those things do everyone. 602 00:34:22,100 --> 00:34:24,400 Pretty much just get along and they're kind of like operating 603 00:34:24,400 --> 00:34:26,199 outside of the political Spectrum. 604 00:34:26,900 --> 00:34:30,900 What's the sort of like I guess feel of the room so to speak? 605 00:34:31,300 --> 00:34:36,199 Yeah, it's a great question and I would personally say that 606 00:34:36,199 --> 00:34:38,300 those sessions are not political. 607 00:34:39,000 --> 00:34:44,100 But state cios are appointed by the governor's office. 608 00:34:44,400 --> 00:34:49,600 So there are potentials where they will be cios who leaned 609 00:34:49,600 --> 00:34:54,500 more political one way or the other based on their affiliation 610 00:34:54,500 --> 00:34:55,900 with the particular governor's office. 611 00:34:55,900 --> 00:34:59,000 I would say typically if you look across the board the vast 612 00:34:59,000 --> 00:35:03,800 majority of those individuals would say that they are it first 613 00:35:03,900 --> 00:35:08,600 and it in cyber is a bipartisan issue that really doesn't play. 614 00:35:08,800 --> 00:35:13,700 And either side of the aisle. So there are always concerns 615 00:35:14,000 --> 00:35:16,700 your particularly in Battleground states where if a 616 00:35:16,700 --> 00:35:20,000 party affiliation changes over the these individuals may also 617 00:35:20,000 --> 00:35:23,200 change over. But for the most part these are 618 00:35:23,200 --> 00:35:27,100 very specialized roles people with a lot of experience in that 619 00:35:27,100 --> 00:35:29,600 space working with the state agencies. 620 00:35:29,600 --> 00:35:33,700 And so because of that they tend to be seen as longer term 621 00:35:33,700 --> 00:35:36,800 positions. Do you find any Trends where, 622 00:35:37,400 --> 00:35:39,800 you know, I'm thinking like, you know, Blue States tend to be 623 00:35:39,800 --> 00:35:42,500 more digital force, or red States might be more something 624 00:35:42,500 --> 00:35:44,600 else first or, is it pretty Universal. 625 00:35:44,600 --> 00:35:48,100 Everyone kind of gets it, that it's just more about getting, 626 00:35:48,100 --> 00:35:51,300 you know, secure access to the state's resources, and making 627 00:35:51,300 --> 00:35:54,100 sure the services are usable. Do you see any like Trends as 628 00:35:54,100 --> 00:35:57,900 far as Democrat versus Republican or Independence? 629 00:35:59,400 --> 00:36:01,600 You can also pass to if you want to preserve. 630 00:36:02,300 --> 00:36:06,200 The trains would be more digital service oriented than I would 631 00:36:06,200 --> 00:36:09,700 say cyber oriented which is to say that a Blue state would 632 00:36:09,700 --> 00:36:13,500 typically provide were government services than a red 633 00:36:13,500 --> 00:36:15,900 State. A blue state would typically 634 00:36:15,900 --> 00:36:20,500 have a larger budget in comparison to Red states of a 635 00:36:20,500 --> 00:36:24,500 similar size. And so, because of that certain 636 00:36:24,500 --> 00:36:28,500 blue states have perhaps identified the need for digital 637 00:36:28,500 --> 00:36:31,800 identity for their citizens earlier, just because more 638 00:36:31,800 --> 00:36:35,500 things are being offered from a digital perspective that being 639 00:36:35,500 --> 00:36:40,000 said, I worked on innovate Ohio, which is Is the citizen portal 640 00:36:40,000 --> 00:36:44,100 for Ohio, for 43 years. That was under Governor, Mike, 641 00:36:44,100 --> 00:36:45,900 dewine, and tenant Governor husted. 642 00:36:45,900 --> 00:36:48,200 That's, that's a red state. So I don't think it's 643 00:36:48,200 --> 00:36:52,700 necessarily a red or blue issue. I think anymore people see. 644 00:36:52,700 --> 00:36:57,200 Cyber is as a bipartisan issue that really deals with National 645 00:36:57,200 --> 00:36:59,100 Security. You talk about a little about 646 00:36:59,100 --> 00:37:01,900 kind of like the funding cycles and changing over of the 647 00:37:01,900 --> 00:37:05,400 administration's and how that might impact some of the 648 00:37:05,400 --> 00:37:08,600 appointments at the it level and maybe Downstream. 649 00:37:08,800 --> 00:37:12,000 Sort of strategies, I guess, what can you tell us about that 650 00:37:12,000 --> 00:37:14,000 sort of political cycle. How does that? 651 00:37:14,000 --> 00:37:17,800 How does that impact things? Like funding and strategies? 652 00:37:17,800 --> 00:37:20,400 And things like that, because I'd imagine every two to four 653 00:37:20,400 --> 00:37:23,800 years, there's probably some major shake-up and that's to me 654 00:37:23,800 --> 00:37:25,700 as I think about it. Like, from a, how we're going to 655 00:37:25,700 --> 00:37:29,300 actually get things done. That seems like a pretty big 656 00:37:29,300 --> 00:37:32,100 concern that would have in a road map, somewhere as a risk. 657 00:37:34,700 --> 00:37:39,300 It isn't it isn't it? Isn't that really probably more? 658 00:37:39,300 --> 00:37:43,300 So the four-year Governor cycle than the two-year legislative 659 00:37:43,300 --> 00:37:47,000 cycle is more impactful and I'd say it's impactful from a 660 00:37:47,000 --> 00:37:49,600 people, and from a funding perspective, the people piece we 661 00:37:49,600 --> 00:37:52,900 touched on, which is that many of the agency, directors and 662 00:37:52,900 --> 00:37:55,200 secretaries are directly appointed by the governor. 663 00:37:55,500 --> 00:37:58,800 So, in the event, that, that Governor is not re-elected or 664 00:37:58,800 --> 00:38:03,100 term-limited or even more. So, if the party changes over it 665 00:38:03,100 --> 00:38:06,300 is possible. But that individual will no 666 00:38:06,300 --> 00:38:10,400 longer be there when the administration transitions, it's 667 00:38:10,400 --> 00:38:14,000 not guaranteed, but it is probably more likely than not. 668 00:38:14,000 --> 00:38:18,300 That is the case and so from an execution standpoint that can 669 00:38:18,300 --> 00:38:21,900 potentially slow things down whereas people transition and 670 00:38:21,900 --> 00:38:24,500 want to understand what the projects are in the Investments 671 00:38:24,500 --> 00:38:27,300 that they're making is that projects may not go live in 672 00:38:27,300 --> 00:38:31,300 those windows or may drag on six, seven months after 673 00:38:31,300 --> 00:38:34,300 anticipated, Windows to bring new leadership. 674 00:38:34,500 --> 00:38:39,800 Up to speed funding is perhaps less impactful and there's 675 00:38:39,800 --> 00:38:42,300 really two ways in which the centralized it. 676 00:38:42,300 --> 00:38:46,000 Departments are funded. One is direct Appropriations and 677 00:38:46,000 --> 00:38:49,600 the second is chargebacks, direct Appropriations would 678 00:38:49,600 --> 00:38:52,200 typically be driven by let's say? 679 00:38:53,500 --> 00:38:56,900 Marilyn doesn't example is doing it as an IT modernization. 680 00:38:56,900 --> 00:39:02,300 Cyber monetization fund where they basically pushed Bonds in 681 00:39:02,300 --> 00:39:05,900 order to put multiple Millions. Dollars together to drive, 682 00:39:05,900 --> 00:39:11,100 various IT projects that funding once approved is earmarked with 683 00:39:11,100 --> 00:39:13,000 the help. Basically, significant effort is 684 00:39:13,000 --> 00:39:17,100 not going to change. Charge backs are chargebacks 685 00:39:17,100 --> 00:39:20,000 from Individual agencies. So we're essentially where 686 00:39:20,000 --> 00:39:23,300 you're operating, a must, as an out out sourced, it service 687 00:39:23,300 --> 00:39:28,200 provider for those agencies and then they pay into Central it 688 00:39:28,600 --> 00:39:32,300 for that time. Those, those can be much more 689 00:39:32,300 --> 00:39:34,700 impactful because those are really kind of annual Oh, based 690 00:39:34,700 --> 00:39:37,300 decisions, and if there's leaders change over, they may 691 00:39:37,300 --> 00:39:39,000 not be inclined, to spend their money. 692 00:39:39,000 --> 00:39:41,300 In that way, you talk about this thing called the three. 693 00:39:41,300 --> 00:39:44,500 P's when we were talking before the show, what does that mean? 694 00:39:45,500 --> 00:39:49,300 So, that's, that's a, that's a Robert ISM that I came up with 695 00:39:49,300 --> 00:39:53,300 to really describe the funding cycle and delivery cycle for 696 00:39:53,300 --> 00:39:57,400 these projects at the state. And so the three p's are piping 697 00:39:57,500 --> 00:40:01,500 pilot and pattern. The first two are typically 698 00:40:01,600 --> 00:40:04,100 activities that we would be driving out of the centralized 699 00:40:04,100 --> 00:40:06,000 it. These would be projects with 700 00:40:06,000 --> 00:40:09,200 direct Appropriations with definitive timelines, and really 701 00:40:09,200 --> 00:40:12,900 being driven by various leaders, but then those Departments of i 702 00:40:12,900 --> 00:40:16,100 t. So, the idea is what whether 703 00:40:16,100 --> 00:40:20,300 it's access manage better, IGA or Pam that we would stand up 704 00:40:20,300 --> 00:40:25,200 the infrastructure, the base configuration, the core testing 705 00:40:25,200 --> 00:40:27,800 of use cases. That would be used for the 706 00:40:27,800 --> 00:40:30,600 Enterprise. So lights on documentation, 707 00:40:30,600 --> 00:40:34,200 done, core functionality available, we would then 708 00:40:34,400 --> 00:40:38,300 Coordinate with agencies for the launch of an individual pilot to 709 00:40:38,300 --> 00:40:40,400 essentially validate our understanding. 710 00:40:40,400 --> 00:40:44,100 So it's like, everything sounds great and Academia and then once 711 00:40:44,100 --> 00:40:46,900 you apply it in the real world, you obviously have a number of 712 00:40:46,900 --> 00:40:48,900 lessons learned that come through that process. 713 00:40:49,500 --> 00:40:52,600 That at the end of it, we would incorporate those Lessons 714 00:40:52,600 --> 00:40:55,800 Learned and that essentially finalized we call a pattern. 715 00:40:56,300 --> 00:40:59,200 And so the pattern then is agencies choose to onboard from 716 00:40:59,200 --> 00:41:03,300 that point going forward. The agencies would pay for that 717 00:41:03,300 --> 00:41:05,900 the agencies Would be responsible for bringing 718 00:41:05,900 --> 00:41:09,800 individuals to the to the table and they would utilize generally 719 00:41:09,800 --> 00:41:13,600 documentation generated during that that that piping and pilot 720 00:41:13,600 --> 00:41:17,600 phase to drive the majority of that implementation activity. 721 00:41:18,100 --> 00:41:22,000 So it's a way to take kind of a centralized solution and a 722 00:41:22,008 --> 00:41:26,000 centralized delivery model and then start to decentralize it 723 00:41:26,000 --> 00:41:28,700 across the Enterprise in the state or local perspective, 724 00:41:28,900 --> 00:41:33,600 Robert I'm wondering are our state and local governments like 725 00:41:34,000 --> 00:41:37,400 most Corporate organizations that I've worked with coming up 726 00:41:37,400 --> 00:41:40,600 with kind of a cloud first strategy. 727 00:41:40,600 --> 00:41:44,000 So they trying to move to cloud services men, that got me 728 00:41:44,000 --> 00:41:46,900 thinking about. Do they have any fedramp 729 00:41:46,900 --> 00:41:51,600 requirements that they're either governed by or that they are 730 00:41:51,600 --> 00:41:54,800 choosing if available? So there's been a lot of 731 00:41:54,800 --> 00:41:58,100 conversation over the course of the last two years for a state 732 00:41:58,100 --> 00:42:02,200 ramp set of requirements, very similar in nature to what you'd 733 00:42:02,200 --> 00:42:05,900 see from a federal perspective that Still very much taking 734 00:42:05,900 --> 00:42:09,200 shape going back to NASA. Yo, if you look at their top 10 735 00:42:09,200 --> 00:42:12,900 priorities and the technology that supports it, number one is 736 00:42:12,900 --> 00:42:17,100 cloud services. So cloud is, I would say from an 737 00:42:17,300 --> 00:42:21,800 Enterprise strategy perspective, relatively immature across the 738 00:42:21,800 --> 00:42:26,000 state landscape, there are still a valid evaluating how to 739 00:42:26,000 --> 00:42:29,600 strategically apply this for benefits across the state. 740 00:42:29,600 --> 00:42:31,300 What type of data are we going to put in there? 741 00:42:31,600 --> 00:42:34,300 How does this apply for infrastructure versus software? 742 00:42:34,400 --> 00:42:38,500 Where, what kind of changes are we going to make to our overall 743 00:42:38,500 --> 00:42:42,400 cyber security services and audit mechanisms that we use? 744 00:42:42,400 --> 00:42:44,900 A lot of that? Frankly hasn't been defined, 745 00:42:45,300 --> 00:42:48,700 this is a space and and and I pick on vendor sometimes because 746 00:42:48,700 --> 00:42:50,800 think vendors drive a lot of the conversation. 747 00:42:51,000 --> 00:42:55,300 But I think vendors that are pushing cloud services right now 748 00:42:56,000 --> 00:42:59,500 will help to maybe drive some maturity around that discussion 749 00:42:59,500 --> 00:43:02,200 at the state level to the cloud to the cloud. 750 00:43:02,200 --> 00:43:06,000 Here we go. Want to start to wrap up the 751 00:43:06,000 --> 00:43:07,900 conversation because you don't you know, generous with your 752 00:43:07,900 --> 00:43:12,000 time this Sparks though. Something I want to bring up 753 00:43:12,000 --> 00:43:16,100 that listener out there. Andrew also been on the show and 754 00:43:16,100 --> 00:43:19,800 you the chance of phone sent me a LinkedIn message. 755 00:43:20,300 --> 00:43:22,500 And I think this is a great option to bring up this question 756 00:43:22,500 --> 00:43:27,000 as in its around the balance of security versus a user 757 00:43:27,000 --> 00:43:29,200 experience, because I feel like this is exactly. 758 00:43:29,800 --> 00:43:33,000 The conversation is probably taking place as part of that and 759 00:43:33,000 --> 00:43:35,400 I think of it. He gave me an example of, you 760 00:43:35,400 --> 00:43:40,500 know, moving away from SMS in favor of more secure MFA 761 00:43:40,500 --> 00:43:44,300 methods, and I'll paraphrase things like app app, based, push 762 00:43:44,300 --> 00:43:47,500 authentication or maybe even, you know, if you're, if you're 763 00:43:47,500 --> 00:43:49,800 really cool going down, like a password list, router something 764 00:43:49,800 --> 00:43:52,200 like that. What are your thoughts on? 765 00:43:52,500 --> 00:43:55,900 You know, how does an organization and let's keep it. 766 00:43:55,908 --> 00:43:58,900 The state and local kind of flair for this one, you know, 767 00:43:58,900 --> 00:44:01,800 help kind of dry that stuff, stuff that that sort of maturity 768 00:44:01,800 --> 00:44:06,800 or that maturation away from What we consider a legacy MFA or 769 00:44:06,800 --> 00:44:10,600 others type, some Legacy Technologies like on Prem maybe 770 00:44:10,600 --> 00:44:12,500 moving to a cloud based approach. 771 00:44:13,100 --> 00:44:15,600 How does that Balancing Act take place? 772 00:44:15,600 --> 00:44:17,600 Maybe this is maybe this conversation that takes place in 773 00:44:17,600 --> 00:44:20,200 a CO and I'm sure in conference rooms all across different 774 00:44:20,200 --> 00:44:21,500 governments. But what are your thoughts on 775 00:44:21,500 --> 00:44:24,000 that? A question that has been brought 776 00:44:24,000 --> 00:44:28,200 up more times than I can count in my career and a big element 777 00:44:28,200 --> 00:44:32,500 of your why I've talked a lot about not just identity, but 778 00:44:32,500 --> 00:44:35,900 Digital Services is, we found That that joining to be 779 00:44:35,900 --> 00:44:39,700 extremely successful every time you layer on security, no matter 780 00:44:39,800 --> 00:44:44,700 how great the ux is always creates friction with the user 781 00:44:44,700 --> 00:44:47,700 base. So by looking for opportunities, 782 00:44:47,700 --> 00:44:51,100 where we weren't just rolling up security, but but tagging that 783 00:44:51,100 --> 00:44:56,500 to perhaps web application modernization and releasing 784 00:44:56,500 --> 00:44:59,200 that. And sort of one joint package 785 00:44:59,600 --> 00:45:01,700 created a bit of a balance, right? 786 00:45:01,700 --> 00:45:03,800 So I'm getting better services and experience. 787 00:45:03,800 --> 00:45:06,600 And while Is a security layer. That's may be new to me. 788 00:45:07,000 --> 00:45:09,400 I'm okay with accepting that because I'm getting a better 789 00:45:09,400 --> 00:45:11,800 overall experience. So it's sort of big picture 790 00:45:12,200 --> 00:45:14,500 drilling down into something like MFA. 791 00:45:15,300 --> 00:45:19,000 What we often would talk about is, okay, fine, SMS isn't as 792 00:45:19,000 --> 00:45:22,200 secure as an application push. But what are they trying to 793 00:45:22,200 --> 00:45:26,700 access, right? How critical is it that we push 794 00:45:26,700 --> 00:45:30,000 that experience. And if we didn't have a really 795 00:45:30,000 --> 00:45:34,500 good risk, story around that, then we would typically show Shy 796 00:45:34,500 --> 00:45:38,200 away from that change. So I think as with most things 797 00:45:38,200 --> 00:45:41,000 from a cyber perspective, understanding the risk context 798 00:45:41,000 --> 00:45:44,300 that's there is important to drive those decisions. 799 00:45:44,400 --> 00:45:47,400 Not just looking at it from a cyber lens. 800 00:45:47,700 --> 00:45:49,600 I think the other thing I think about too is that it doesn't 801 00:45:49,600 --> 00:45:52,300 have to be a one-size-fits-all. There's probably multiple right 802 00:45:52,300 --> 00:45:53,900 answers. Just depends on the use case, 803 00:45:53,900 --> 00:45:59,000 context, risk, whatever it is. You're trying to address Gym in 804 00:45:59,000 --> 00:46:01,600 30 seconds. Tell me how you balance security 805 00:46:01,800 --> 00:46:04,200 with the user experience. Yeah. 806 00:46:04,600 --> 00:46:07,600 Rapper touch on it. Sees about it's all about level 807 00:46:07,600 --> 00:46:09,900 of insurance. If you need a high level of 808 00:46:09,900 --> 00:46:13,300 assurance, then you have to have appropriate controls that 809 00:46:13,500 --> 00:46:17,800 achieve that level of assurance via high level of assurance as 810 00:46:17,800 --> 00:46:20,200 well as you need to reach a broad audience. 811 00:46:20,500 --> 00:46:25,400 That's the toughest scenario. But I mean can you name One 812 00:46:25,400 --> 00:46:28,700 banking service where you're able to login with your Facebook 813 00:46:28,700 --> 00:46:32,800 ID or your Google ID it just doesn't happen, right? 814 00:46:34,300 --> 00:46:38,100 I was doing something the other day where it was again, going 815 00:46:38,100 --> 00:46:40,800 through the process of getting a mortgage. 816 00:46:40,900 --> 00:46:43,400 You're constantly DocuSign doing things. 817 00:46:43,800 --> 00:46:46,900 This is not DocuSign, but it was some other application to signed 818 00:46:46,900 --> 00:46:48,800 document. They said, do you want to sign 819 00:46:48,800 --> 00:46:50,700 up for multi-factor authentication? 820 00:46:50,900 --> 00:46:52,700 Which has become ubiquitous enough? 821 00:46:52,700 --> 00:46:57,300 Now that like I am, probably a lot of people say, yes, I do 822 00:46:57,300 --> 00:47:00,800 want that level of protection, but that when I got to it, they 823 00:47:00,800 --> 00:47:03,500 would not offer SMS or emails and option. 824 00:47:03,500 --> 00:47:06,700 You had to download. Not them akator app and at that 825 00:47:06,700 --> 00:47:09,500 point I said that sounds very inconvenient, right? 826 00:47:09,500 --> 00:47:12,300 I have Google Authenticator but don't want to go through this 827 00:47:12,300 --> 00:47:17,800 whole process to link through for DocuSign except for just 828 00:47:17,800 --> 00:47:19,700 become like the clean next term, right? 829 00:47:19,700 --> 00:47:21,800 To sign a document electronically. 830 00:47:22,400 --> 00:47:27,300 Ultimately, I went up saying way after I started seeing what the 831 00:47:27,300 --> 00:47:30,200 documents were I was like okay I will register my Google 832 00:47:30,200 --> 00:47:33,900 Authenticator but I bet you most people would say forget about 833 00:47:33,900 --> 00:47:35,000 it. Which is too high. 834 00:47:35,300 --> 00:47:39,500 It's just felt like to too high of a bar before I knew what I 835 00:47:39,508 --> 00:47:42,000 was going to get after. I saw was in there, I was 836 00:47:42,000 --> 00:47:45,300 willing to go over that bar, but it was still probably a bar, 837 00:47:45,300 --> 00:47:49,200 especially if you give people the option to opt out. 838 00:47:49,500 --> 00:47:53,100 It may become too high up in a bar, but that level of assurance 839 00:47:53,100 --> 00:47:55,000 we were talking about your employees. 840 00:47:55,000 --> 00:47:59,500 You're talking about your privileged access to high level 841 00:47:59,500 --> 00:48:02,700 of assurance and now you can set up those digital hurdles where 842 00:48:03,000 --> 00:48:06,100 you need to use. Solve token or maybe even a hard 843 00:48:06,100 --> 00:48:10,800 token. I got a Chromecast with Google 844 00:48:10,800 --> 00:48:14,300 TV, yesterday to add to my collection and I went through 845 00:48:14,300 --> 00:48:17,900 the process last night of setting up all my video services 846 00:48:17,900 --> 00:48:21,700 on it, Netflix Hulu HBO Apple blah blah blah blah. 847 00:48:21,800 --> 00:48:24,900 All the things that we said would be cheaper independently 848 00:48:25,000 --> 00:48:26,900 from a cable subscription. I'm now paying more but that's a 849 00:48:26,900 --> 00:48:32,600 separate conversation and I must have experienced five or six 850 00:48:32,600 --> 00:48:37,900 different ways to Senna, Kate and connect those services to my 851 00:48:37,900 --> 00:48:42,600 media device and it ranged from having to use a remote control. 852 00:48:42,900 --> 00:48:45,100 You know that doesn't have letters and keyboards on it and 853 00:48:45,100 --> 00:48:49,000 navigating and typing in an email address and you know, a 854 00:48:49,000 --> 00:48:51,700 very long and complicated password for each of these 855 00:48:51,700 --> 00:48:56,300 services to going to the web and doing like an oauth flow where 856 00:48:56,300 --> 00:49:00,600 it's, you know, simpler and easier to Apple, which I logged 857 00:49:00,600 --> 00:49:04,600 in and then it used actually my on device credentials and Facial 858 00:49:04,600 --> 00:49:07,900 recognition and I never had to type anything which was awesome. 859 00:49:08,300 --> 00:49:10,800 I think that's that, that balance of the usability and 860 00:49:10,808 --> 00:49:13,200 security kind of comes back to this as like, okay, we're 861 00:49:13,200 --> 00:49:15,000 talking about, you know, media streaming. 862 00:49:15,000 --> 00:49:17,000 What are we really concerned about? 863 00:49:17,300 --> 00:49:20,200 And how do we make that, you know, easier for people to 864 00:49:20,200 --> 00:49:22,700 actually consume the services? I get Netflix is down there 865 00:49:22,700 --> 00:49:26,600 looking for ways to, you know, to increase subscribers or drive 866 00:49:26,600 --> 00:49:28,900 Revenue. But in the end the day, you know 867 00:49:28,900 --> 00:49:32,100 what's make it easy for folks? All right, let's start to wrap 868 00:49:32,100 --> 00:49:34,200 things up, Robert we like to end on a lighter. 869 00:49:34,200 --> 00:49:37,000 Or note. And I know that you are a 870 00:49:37,000 --> 00:49:41,600 connoisseur of various beverages, you've got a very 871 00:49:41,600 --> 00:49:45,600 impressive kind of home bar set up, so I'm going to go with an 872 00:49:45,600 --> 00:49:48,400 alcohol theme Here. For our lighter note, what is 873 00:49:48,400 --> 00:49:52,600 your favorite alcohol spirits and then, what is your least 874 00:49:52,600 --> 00:49:54,300 favorite? Yeah, I think we're saying that. 875 00:49:54,300 --> 00:49:58,500 There's a, there's a definite spin-off podcast here, strong 876 00:49:58,500 --> 00:50:02,400 opinions on strong Spirits because I have very strong 877 00:50:02,400 --> 00:50:04,500 opinions on this. So, from up, from a Everett 878 00:50:04,500 --> 00:50:07,300 perspective of you kind of changes over the course of the 879 00:50:07,300 --> 00:50:09,700 year, I would say, you know, given that it's a beautiful 880 00:50:09,700 --> 00:50:13,200 weather here in Charlotte, North Carolina, I would say, tequila 881 00:50:13,200 --> 00:50:15,500 right now, is in my number one spot. 882 00:50:15,500 --> 00:50:18,300 I think, you know, a lot of times people have their, their 883 00:50:18,300 --> 00:50:23,200 Cuervo Scar from at some point in their life, but a huge fan of 884 00:50:23,700 --> 00:50:25,600 really great Tequila's out there. 885 00:50:25,600 --> 00:50:28,700 And I think it's been really fun over the last couple of years, 886 00:50:28,700 --> 00:50:32,000 that Tequila's kind of caught on in the market on the other end 887 00:50:32,000 --> 00:50:34,000 of the spectrum. I know this is a really 888 00:50:34,000 --> 00:50:37,600 unpleasant Popular opinion. Vodka only because I just don't 889 00:50:37,600 --> 00:50:40,100 feel like vodka brings anything to the party. 890 00:50:40,500 --> 00:50:45,700 I like I like to make cocktails pocket to me is just a blank 891 00:50:45,700 --> 00:50:49,900 slate. That's my vodka stories for a 892 00:50:49,908 --> 00:50:52,600 different reason that's because I had way too many one night. 893 00:50:52,600 --> 00:50:54,900 Very long time ago, I have not gone back to the well and I'm 894 00:50:54,900 --> 00:50:57,800 not gonna do that anymore. Yeah, and I promise that cyber 895 00:50:57,800 --> 00:51:00,300 projects. Don't don't drive me to drink. 896 00:51:00,800 --> 00:51:02,800 That's, that's definitely not the case at all. 897 00:51:03,000 --> 00:51:04,100 That is plenty of other things I do. 898 00:51:04,600 --> 00:51:06,600 Yeah exactly. Jim. 899 00:51:06,600 --> 00:51:08,200 What about you? What's your favorite and least 900 00:51:08,200 --> 00:51:10,600 favorite Spirit? Well I feel like I need to trust 901 00:51:10,600 --> 00:51:14,600 the the Vodka piece because I think it being a blank slate and 902 00:51:14,600 --> 00:51:18,400 the more blank the Slate is. In other words the more time the 903 00:51:18,408 --> 00:51:23,200 more refinement it has that fewer impurities exists and when 904 00:51:23,200 --> 00:51:26,000 you drink it you don't have the problems the next day of feeling 905 00:51:26,000 --> 00:51:28,500 hungover. So I appreciate that about a 906 00:51:28,500 --> 00:51:35,400 good vodka I think probably the Alcohol that I enjoy the most 907 00:51:35,400 --> 00:51:39,500 but I have to make sure I don't drink too much of is bourbon and 908 00:51:39,500 --> 00:51:43,500 then I'm going to pick one that maybe nobody saw it of for least 909 00:51:43,500 --> 00:51:48,400 favorite which is an aperitivo called ouzo if you had to 910 00:51:48,408 --> 00:51:49,700 choose? There's no my thunder. 911 00:51:49,800 --> 00:51:52,300 No did I maybe see her too? Yeah, exactly. 912 00:51:52,700 --> 00:51:56,500 I'm not a fan of ouzo. My wife had a drink last night 913 00:51:56,500 --> 00:51:58,800 at dinner, and I think was an old-fashioned or something and 914 00:51:59,400 --> 00:52:01,800 for whatever was they had some sort of ouzo spirit in there. 915 00:52:01,800 --> 00:52:05,600 And it was just, Yeah, exactly. The face are seen. 916 00:52:05,600 --> 00:52:07,900 As you can see, I put his definitely like not the right 917 00:52:07,900 --> 00:52:09,700 thing. Yeah, I was. 918 00:52:09,700 --> 00:52:13,000 I'm impressed that well, impress, shocked and I guess not 919 00:52:13,000 --> 00:52:16,700 Shock the same time that we don't like the same Spirit. 920 00:52:16,800 --> 00:52:19,300 My is Malibu Rum. That's pretty much my go-to. 921 00:52:19,300 --> 00:52:23,000 I don't really drink that much to begin with, but I will enjoy 922 00:52:23,000 --> 00:52:26,000 a nice. Sweet coconut rum of some sort 923 00:52:27,000 --> 00:52:29,700 other than a, pretty basic man. I'm like I'm not much of a 924 00:52:29,700 --> 00:52:33,000 drinker, I'll drink port, but not talking, we're not talking. 925 00:52:33,100 --> 00:52:36,800 Fine Wines at this point where you're in the land of breweries 926 00:52:36,800 --> 00:52:39,500 where you are now. So, does she need a venture out? 927 00:52:39,500 --> 00:52:42,000 That way? I am, we've got whistle hop, 928 00:52:42,000 --> 00:52:44,000 like, literally like a hop for me. 929 00:52:44,000 --> 00:52:47,000 So, tons of breweries here in Western North Carolina, and the 930 00:52:47,008 --> 00:52:49,000 Asheville area is a good food and drink in town. 931 00:52:49,000 --> 00:52:53,300 So yeah, we are. We are certainly enjoying making 932 00:52:53,300 --> 00:52:56,600 the rounds and discovering all that the area has to offer my 933 00:52:56,607 --> 00:52:58,800 wife and I. All right, let's go ahead and 934 00:52:58,800 --> 00:53:00,800 wrap it up for this week. We're getting a little bit long 935 00:53:00,800 --> 00:53:02,900 in the tooth here, from a show perspective. 936 00:53:03,000 --> 00:53:05,900 Any final thoughts, Robert, what should people be taking away 937 00:53:05,900 --> 00:53:09,800 from this conversation? As it relates to Identity and 938 00:53:09,800 --> 00:53:13,000 the state and local or the fact that ouzo is garbage? 939 00:53:13,000 --> 00:53:14,000 You know, what do you want to go with? 940 00:53:15,000 --> 00:53:19,900 First of all, do not get any tequila that has added Agave to 941 00:53:19,900 --> 00:53:22,200 it. You want to go 100% natural? 942 00:53:22,200 --> 00:53:24,200 That is the most important takeaway. 943 00:53:24,400 --> 00:53:28,900 So for those custom Migos fans out there shots fired, but that 944 00:53:28,900 --> 00:53:32,900 is definitely not the best. Tequila brand on the market from 945 00:53:33,100 --> 00:53:35,800 Probably what people actually came here to talk about which is 946 00:53:35,800 --> 00:53:37,800 identity. I think the big thing that I 947 00:53:37,808 --> 00:53:41,400 like to tell folks is that way as it relates to your state and 948 00:53:41,400 --> 00:53:43,900 local governments is that there is significant time and 949 00:53:43,900 --> 00:53:46,300 investment is being put into understanding. 950 00:53:46,300 --> 00:53:49,600 What are those services that really make sense to digitize? 951 00:53:49,900 --> 00:53:54,100 No one likes to go to the DMV no one likes to go and wait in long 952 00:53:54,100 --> 00:53:58,500 lines. And with that I see that states 953 00:53:58,500 --> 00:54:02,300 are making a more significant significant investment than many 954 00:54:02,300 --> 00:54:04,700 even private. Solutions are in establishing 955 00:54:05,200 --> 00:54:09,000 citizen identity and I think there is a hope in a vision that 956 00:54:09,000 --> 00:54:13,100 over the course of the next five to 10 years, that state identity 957 00:54:13,100 --> 00:54:16,800 really can become a really unique source of Federated 958 00:54:16,800 --> 00:54:20,200 identity across public and private sector. 959 00:54:20,200 --> 00:54:23,200 So be really interesting to see how that plays out here. 960 00:54:23,200 --> 00:54:25,100 Here, I just have to get a new drivers license in North 961 00:54:25,100 --> 00:54:28,300 Carolina here soon and it's like a three-month. 962 00:54:28,300 --> 00:54:30,700 Wait to get like an appointment as a DMV to get it done. 963 00:54:30,700 --> 00:54:34,300 So hopefully things like that. Get As we move things, forward 964 00:54:34,300 --> 00:54:38,200 from a identity maturity at the state and local level Jim. 965 00:54:38,200 --> 00:54:40,100 How about yourself final thoughts for this week? 966 00:54:40,100 --> 00:54:42,100 Yeah. Final thoughts are thank you to 967 00:54:42,100 --> 00:54:44,600 Andrew to for sending us the question. 968 00:54:44,600 --> 00:54:47,100 Thank you to Chris for sending us the Tweet. 969 00:54:47,100 --> 00:54:51,300 Last time I encourage all of our listeners, you know, take part 970 00:54:51,300 --> 00:54:55,200 in the show by submitting some things like that and if anyone's 971 00:54:55,200 --> 00:54:57,500 going to be out at the Gartner, I am Summit. 972 00:54:58,000 --> 00:55:02,500 We'd love to meet this. Pump is Chef likes to say, but 973 00:55:02,600 --> 00:55:04,800 yeah. Yeah, and if this is your first 974 00:55:04,800 --> 00:55:08,500 time listening, please reach out to us connect to us on LinkedIn 975 00:55:08,600 --> 00:55:10,600 And subscribe. It helps us out a lot. 976 00:55:10,700 --> 00:55:13,900 We've seen a tremendous growth with the show over the last few 977 00:55:13,900 --> 00:55:15,700 years. Considering this is all Word of 978 00:55:15,700 --> 00:55:16,900 Mouth. We don't do any advertising or 979 00:55:16,900 --> 00:55:19,300 anything. So we certainly appreciate every 980 00:55:19,600 --> 00:55:22,200 thumbs up. Like, subscribe, share, 981 00:55:22,200 --> 00:55:24,100 whatever. The, you know the thing is that 982 00:55:24,100 --> 00:55:26,400 that helps get the word out as I was appreciated and definitely 983 00:55:26,400 --> 00:55:28,200 going to be a gardener hit us up. 984 00:55:28,200 --> 00:55:31,300 We'd love to just bump, do whatever it takes, two to make 985 00:55:31,300 --> 00:55:33,900 sure that we meet up with folks. All Without we're going to go 986 00:55:33,900 --> 00:55:36,000 ahead and leave it for this week. 987 00:55:36,500 --> 00:55:39,400 We are on the web. I'd any of the center.com, we're 988 00:55:39,408 --> 00:55:41,600 on Twitter. At idac podcasts. 989 00:55:42,500 --> 00:55:44,400 You can connect with us on LinkedIn robbery, cool. 990 00:55:44,400 --> 00:55:46,700 If we put your LinkedIn profile was part of our show notes. 991 00:55:46,700 --> 00:55:49,200 If people want to reach out and have kind of questions or 992 00:55:49,200 --> 00:55:52,700 thoughts concerns or the the Agave police want to come in 993 00:55:53,400 --> 00:55:55,900 arrest. You absolutely any. 994 00:55:55,900 --> 00:55:58,100 And all the above. Very good. 995 00:55:58,100 --> 00:55:59,300 Alright. So we'll include that in the 996 00:55:59,300 --> 00:56:00,800 show. Notes with that. 997 00:56:00,800 --> 00:56:01,900 We'll go ahead and leave it for this week. 998 00:56:01,900 --> 00:56:03,900 Thanks everyone for listening. Ting and we'll talk with 999 00:56:03,900 --> 00:56:09,800 everyone in the next one. Thanks for listening to the 1000 00:56:09,800 --> 00:56:12,600 identity at the center podcast. If you like what you heard, 1001 00:56:12,600 --> 00:56:15,900 don't forget to subscribe and visit us on the web and identity 1002 00:56:15,900 --> 00:56:17,200 at the center.com.