Identity Experiences & Ideas: August 2013

Wednesday, August 28, 2013

The Little Things

Yesterday I had an opportunity to catch up, over lunch, with a good friend and colleague. One of those lunches that is truly to catch up but also to see how business is going and to see where the next opportunity is.

During the course of our conversation he was commenting on the lack of funding that agencies had dedicated to his area and commented that even though he sees lots of heads nodding in understanding of the problems he addresses that they still do not seem to see it. To them it is a little detail that seems like it can wait.

The comment about 'little detail made me think about all the little things that are missed and cause problems today. I do not mean just in the cyber security arena but in day-to-day life: the driver who does not look left and right when entering an intersection and causes an accident; the driver who is not attentive when backing out of a parking spot and destroys their passenger side mirror on a post (saw that one yesterday after lunch); the parent who does not secure their firearm properly only to have their 8 year-old shot their grandmother; and there are many more.

Of course some of the impacts are trivial but others are clearly catastrophic in their effect. Cyber-security is not that different. Inattentive implementers may leave an opening that allows someone to get into the network where they should not be. Improper design or implementation can lead to that false sense of security and make your environment a haven for cyber-criminals or terrorists. Of course it is not just about the design and implementation, it is also about the planning, policy, people, audit, testing and operations. These things are all important.

For my friend it is all about monitoring and managing identity. An expired credential, a credential that should not be on a system or, a credential that does not meet policy. All these seem small and easily managed on that one system - but who has one credential on one system? There are hundreds of systems, with thousands of credentials within most environments, whether on your premises or in a cloud implementation. Managing that environment now requires some thought, planning and resources. Is it really a small thing now?

Be aware of the small things .... they can lead to the big problem if ignored or trivialized.

Who I am ....

An interesting thing on a blog about identity .... who is the author?

Well .... I guess it is a case where you want to divulge enough to have people stay interested but not too much as to create an identity issue.

I started in the data communications arena in the earlier part of the '80s. My first foray into security was helping solve an accounting issue in a switch at the German Bundespost. For the next few years after that I applied all those years of math, graph theory and computer science logic to designing data networks for banks and governments around the world.

In the early-mid '90s I was giving the opportunity to get involved with public key technology and have spent the last 20 plus years helping organizations and governments on the technical, application and policy side of "federated" identity. Over the last few years I have continued work on identity but now beyond PKI.

There is so much potential here ... we just need to be logical ... and not just technically logical but also logical in implementation and operational ideas and logical in considering what it is that people want and need.

Check the link in Datapoints below for "More About Me"

Wednesday, August 28, 2013

The Little Things

Follow Me ... RSS