February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Many Companies Are Chasing the Wrong Security Risks: Podcast with Security Innovation | Main | Visa Sets Own PCI Standard »

October 29, 2007
Identity Management in Big Business

First, I'd like to say how glad I am that Mike Rothman has joined the security intelligentsia at ebizQ. It all started with a couple of very informative podcasts I did with Mike (here and here), and now, instead of me directing questions for Mike to answer, we're getting the answers directly from the source. Read Rothman's excellent intro article for ebizQ right here.

Now on to our regularly scheduled blog: Identity management is one of the thornier issues companies have to deal with today -- it is rife with problems of cost, compatabilitiy, complexity, and privacy -- but because of compliance, the issue is one the must be addressed. And where bigger companies often have great advantages when it comes to many security issues, in the case of identity management, it is very easy for bigger companies to get lost in a maze of identity complexity.

I found this quote on the Digital Identity Forum: "We've had the new cards for over a year, and not a single user ID or password has been eliminated. You now must have the card so you can unlock the computer so you can even GET to the programs that need user ID's and passwords. And you must use another PIN with the card. In other words, it's just another layer."

So instead of a more streamlined and simplified system, it's just one more hoop to jump through and one more identity to go missing. And adding one more layer just adds more cost. Instead, properly implemented identity management demands change throughout a company (and the bigger the company, the harder it is to change). And as the Dave Birch concludes in the blog:

"I'd probably push a little further and say that a proper digital identity infrastructure would mean that the security or otherwise of the network would become irrelevant (since all of the security would be pushed off the edge of the network) so that the distinction between internet, extranet and intranet would simply become a matter of which virtual identity is communicating with which over virtual identity."

That might be true with the perfect identity management system and perfectly trained users, but then you still have the problem of insider attacks.

Also, another reminder to sign-up for the ebizQ Security Newsletter, where you get all the security news, (including Mike Rothman, one of the top ten IT bloggers (which would pretty much make him the top security blogger)) directly into your in-box. You can do that right here.

Posted by pschooff in |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/2807

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map