User authentication has always been a tricky spot for companies. Passwords are all well and good, but they can be stolen or lost. As such, the Department of Defense and Google (News - Alert) are working together to launch a new Authentication Gateway Services (AGS) to help reliably authenticate users on commercial cloud services.

While the new AGS is currently just in a proof of concept stage, the intent is for it to allow secure translation between the department’s public key infrastructure common access card authentication and the cloud services that Google provides them. It uses Google Apps for Government to test how well users can use their common access cards for authentication, potentially opening new possibilities for authenticating users without the need for passwords.

Currently, 50 employees of the Defense Information Systems Agency (News - Alert) (DISA) are using Google Apps for Government to process non-sensitive data, while the field security office is evaluating it to determine if the service can support more users and more sensitive data. It’s focusing on a single enterprise e-mail system, using one directory service for the entire Department of Defense, allowing for easy collaboration between environments hosted by the Department and commercial environments.

There are also plans to integrate the DISA’s enterprise directory services with cloud-based e-mail. Should that work, it would allow a single global address list for complete email interoperability, using an identity synchronization service to keep users securely logged in and synchronized.

"DISA previously developed enterprise directory services and identity synchronization services to allow for secure (non-password based) authentication to the Microsoft (News - Alert) Exchange-based Defense Enterprise Email (DEE) service," said DISA’s CTO, David M. Mihelcic. "The authentication gateway extends these services using the Security Assertion Markup Language to allow for rapid integration with cloud-based services."

This is not, according to the department, any indication that they will be using Google Apps for Government beyond the pilot. Depending on how the pilot program works, though, it could be more commonly used for the sake of security. Password protection is great, but not without its risks or chances to be hacked, stolen or otherwise lost. So if this new pilot program leads to better security for sensitive data, perhaps we’ll be seeing more of Google Apps for Government, and maybe even new security methods for us all.