Industry View
Spooked! The Top 13 Identity Management Fears
A scary number for a scary subject? Covisint CSO David Miller looks at what stops IDM projects (with a little seasonal help from the cast of the Wizard of Oz).
By David Miller, Covisint
5. No courage for large groups. I want to grant access to large groups of users -- such as AOL, Yahoo, Comcast -- yet I fear successfully leveraging the existing identity providers.
6. All those identities: just put â¬Üem up, put â¬Üem up. My internal users have so many passwords that they try to use the same easy-to-remember one for every identity. Or, worse yet, they've written them all down on colored sticky notes on their monitor. That can't be safe. And, customers are increasingly telling me that they are just saturated with IDs -- they just won't keep adding new username/password combinations.
7. Follow the government's mandates. When the federal government mandates it, the federal government gets it. This, of course, applies when Uncle Sam requires me to implement multi-factor authentication. Yet, I don't have the time, budget or expertise on staff.
8. We're off to meet the customers' demands. My customers are demanding that I federate into their existing systems. I don't have the expertise to do that.
9. Acquisitions and divestitures and federation -- oh my! My company keeps buying (or divesting) other companies and I'm overwhelmed trying to integrate (or dismiss) their identities securely into my systems.
10. I think I'll miss the old days most of all. I'm afraid to expose my information on the public Internet. Back in the day, this was the network guy's problem when access is managed via a single, secure VPN connection to my directory. Now it's my headache.
11. Co-opetition twister? My community is implementing a coopetition model that requires me to share data and users with my competitors. I'm not sure how to do this safely and securely.
12. Pay no attention to those 50 or so acronyms behind the firewall. SSAML, SPML,EXACML, WS-FED, WS-TRUST, WS-POLICY. What the hell are all of those? I can't even pronounce these things, let alone successfully manage them all.
13. I need a (bigger) brain. Previously, I was required to manage only passwords. Now, it's tokens, certifications, risk-based items, BINGO, card space and others. And, don't even get me started about HSPD12! Help!
Yet, Dorothy, somewhere over your identity fears, there really is hope.
In a future article, I will provide my thoughts regarding overcoming these fears. I'll discuss where identity is headed and the methods you can put in place today and in the near future to help yourself and your company deal with the not-so-scary future of identities.
Now click your heels together three times. ##
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Keeping Your Members Safe from Online Scams and Predators
- Understanding Versatile Authentication and Its Benefits
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- WagerWorks Takes Fraudsters Out of the Game Using iovation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
