The Dark Ages of Identity Management

by Jason Cowling

You may know of William the Conqueror as the warrior who besieged England on September 10th, 1066, but chances are you haven’t thought of him as a pioneer of Identity Management?  William set sail from Normandy that year, and with about 12,000 forces, landed at the shores of Pevensey and quickly marched to meet and subdue the English King Edward at the Battle of Hastings.  William, an educated statesman, was crowned King on Christmas day and quickly set in motion the organizing of his newly won kingdom, a process which twenty years later manifested in the creation of The Domesday Book, a 413 page two-volume account of the peoples and assets of the kingdom.

England, bordered on all sides by water, was an easy target to mirauders from every direction. The open shorelines of the country would hundreds of years after William’s time serve to create a vast military and commercial empire, but until that time the country was an easy target for plundering.  England also faced internal challenges such as poor roadways, lack of communication-lines between villages, no standing army and only a loose allegiance beyond the borders of the feudal estate.  These factors made the governing of the kingdom socially and logistically impossible. For nearly a millenia these and other internal issues mired England in the period known as the Dark Ages.  Indeed, William conquered a nation with a population of around 1.5 million with but 12,000 forces – the same would happen to him unless he could devise solutions to these enduring issues.

William’s understanding of his situation along with outright greed prompted him to take account of the combined assets and peoples of the country.  Even though the project stemmed from greedy motivations, its realized and somewhat unexpected ancillary benefits engendered an unprecedented ordering of the kingdom. This single tome sent a wave of social reform across the shores of the island.  Financially, the kingdom could now be managed centrally, not forced to rely on corrupt local justices to collect taxes, called Danegeld.  Military benefits also followed, for the first time the King knew how many troops he had, from where and in what time they could be summoned, and the arms they possessed.  The Domesday Book effected an overall change toward a centrally governed nation.

It’s not difficult to see that the financial and societal benefits William realized through the commission of the Domesday Book greatly enhanced his ability to govern the kingdom.  Nor is it difficult to parallel William’s project to our current-day attempts to stabilize our society, companies, assets, individuals, and data within a loosely governed framework of identity management strategies.  The proliferation of identities – individual and logical, demands yet undiscovered or existing but under-utilized methodology to manage and benefit from this identity expansion.  Considering the increase of digital identities coming with the adoption of IPV6 (about 3,402,823,669,293,846,346,337,467,431,768,211,456 potential IP addresses) is staggering but crucial as we’ve almost consumed the 4,294,967,296 unique addresses of IPV4.  William’s database, written on lambskin in Latin, only amounted to about 14,000 surveyed identities and took almost two years to complete. He perished prior to its completion. 

Beyond the quantity of identities we manage are several other complicating factors we face in our strategies. There are numerous regulations, laws from every country of the world, and product choices – all of which are designed to organize and account for identities coherently, but are all different enough to cause a myriad of differences and complexities between the identities they seek to protect. So the security director is left with difficult and almost necessarily compromising decisions to make about the security posture to adopt within his or her organization. Our technical ability to manage identity outstrips William’s, but our ability to make singular and sweeping decisions as he did is limited by the factors mentioned above.  We cannot yet conquer, so we mitigate through best practices.

So while our identity management needs far exceed William’s in number and complexity, they are still substantively equal. Primarily, we manage identities in order to maintain trust amongst individuals and companies, governments, and the numerous transactions of information between these and other entities. And like William, attacks on our shores threaten our national security, personal identity, and corporate stability – only our shores are now largely digital. The accounting for and effective managing of identity and assets enables responsible and trusted operations – business continuity, is the practice William compelled to order his kingdom. 

Perhaps we are as yet in the Dark Ages of information technology- still waiting to be conquered by a visionary individual, group, or technology which will unleash the next great advances our collected identities possess. 

Jason Cowling has designed and implemented security systems for access management, surveillance, and fire safety. He previously has held positions with Beacon Technologies, ADT Security Services and Protection One Security, and is currently a graduate student at the University of Akron pursuing a Ph.D. in English.  His primary research areas include literary theory and the cultural effects of physical and logical security.

Copyright © 2007 IDG Communications, Inc.

8 pitfalls that undermine security program success