Spooked! The Top 13 Identity Management Fears
A scary number for a scary subject? Covisint CSO David Miller looks at what stops IDM projects (with a little seasonal help from the cast of the Wizard of Oz).
By David Miller, Covisint
October 30, 2008 — CSO — Let’s face it: identity has become the defacto challenge in security these days.
We all have about a gazillion username-password combinations — many of which require something unique to each individual site. It’s all just downright scary. Too much to handle. Especially for overworked IT departments, CSOs, and their staffs — more importantly, for your customers.
Since it is Halloween week, I figured fear itself rules the day. And, as security pros, it’s fear that we must face. To do this, we must first understand where we are today — to benchmark those fears — before we can even begin to handle and manage the problems that real, everyday, on-the-job fear creates.
To help you understand the scary labyrinth of terror associated with identity and identity management (IdM) — and, in unapologetic deference to Judy Garland, Ray Bolger and Burt Lahr — I submit to you that we all need a little more courage, a bigger brain, and even a place we can call home.
Here are the Top 13 Identity Management Fears.
Dorothy, will you ever forgive?
1. Because, because, because, because I WILL get audited. » When, not « if, » I get audited, I’ll have no single process to manage all of my users, nor the visibility regarding where they originate. And, audits are just too messy and burdensome for me to do well, particularly with the complexity of my userbase.
2. I’m melting with too much exposure, too little control. I’m exposed on multiple levels: legally, financially, organizationally, etc. I need to share my data outside of the firewall, yet, with HIPAA, I’m liable for situations which — with my data « out there » — that are beyond my control. It’s the IT and identity management version of « taxation without representation. »
3. We’re not (just) in Kansas, anymore. Here’s the simple scary fact: If my company is global, I can just take all of my U.S.-based challenges and multiply that by the number of countries I now serve. Global identity problems require a completely different privacy mindset than those involving only the U.S. For example, in healthcare, HIPAA compliance changes; in financial services, SEC regulations, the European Union Data Protection Act and other regulations are in force when data is shared across national boundaries.
4. I do, I do, I do believe in international nuances. Yet, they scare me. You see, I have a global market and am not equipped to deal with geographic and cultural sensitivity issues for identity and user management. There are multiple languages, customs, help desk issues, etc., all of which I’m simply unaccustomed to handle.
lire la suite : http://www.csoonline.com/article/458168/Spooked_The_Top_Identity_Management_Fears