The New Face of ID Management

Cormac Foster, Journalist, Analyst, Tech Manager | 1/25/2013 | 28 comments

Cormac Foster
This is supposed to be a big year for identity management. IDC thinks we might all be logging onto the corporate network with our Facebook logins. Wired Magazine has declared passwords dead. BYOD is forcing IT to integrate personal devices that are used outside of the office by multiple parties. And every hardware vendor seems to offer its own proprietary biometric scanner that no one ever uses.

Identity management is a mess, but it's an important mess. There's just too much sensitive data being aggregated online for criminals to ignore. So what does this mean to you in 2013?

Let's start with IDC. In late 2012, the company predicted "that many more enterprises, and the security software and services vendors that serve them, will use the identity management systems of Facebook, Google, Yahoo!, Microsoft, and other consumer social networks and cloud services as a new foundation for enterprise authentication." While this makes an interesting conversation starter, it's a non-issue for most enterprises. To be fair, the OAuth standard used by social networks has some pretty interesting features, but migrating to such a system doesn't solve the primary problem of keeping your data safe. This one is safe to ignore.

So what does keep your data safe? Passwords, the long-time bedrock of identity management. Wired Magazine's article brought up some important concerns about them. Faster computers, lazy users, and more efficient data sharing among criminals have made passwords almost trivial to circumvent. If bad guys with enough resources want in, nearly all consumer-accessible systems and the majority of corporate systems can be compromised. Forrester Research has some excellent ideas about mitigating risk without throwing the system away, but even they admit that, ultimately, passwords are insufficient. But are passwords going away? Not a chance. Users understand them, IT departments know how to manage them, and they're hardware-independent. Passwords are fine. They just need a boost.

And there's the real problem: single-factor authentication. Any system that relies on only one device is easy to dupe -- fake IDs have worked for decades. Adding a second authentication factor provides exponential security improvements, and forces criminals to expend a tremendous amount of effort. That's why bank cards require a PIN or a visual ID check at the point of sale. Two-factor authentication isn't perfect, as we learned from the Verizon employee who shipped his ID dongle to Chinese outsourcers. Still, it's a huge upgrade to traditional passwords, and if you're not using two-factor authentication (2FA), this is the year you should start.

What should your 2FA system look like? It's a bit murky, but think low-tech. Biometrics are out. Biometric scanners work reasonably well in retail locations (my gym has used a thumb print scan for more than a year now), but the economics of distributing hardware to a diverse workforce, syncing multiple device types, addressing privacy concerns, and supporting the whole system are a nightmare. For access to highly specific resources (e.g., a government lab or a specific piece of hardware), biometrics can make sense, but as an enterprise standard, don't expect to see it for years. There's also been a lot of talk about smart IDs. If you're based in Europe, this shows some promise, but the US is far from a solution. The federal government is working on a voluntary ID system, but it could be years before any products based on the standard hit the market, and a wave of privacy lawsuits is on its way.

Your security firm will have recommendations for what vets your situation best, but you're probably looking at distributing physical or virtual devices that generate unique, secondary passwords at user login. Activision Blizzard uses both physical and virtual (Android and iOS apps) 2FA for its Blizzard Authenticator program. Is there any reason a video game should have better security than your enterprise?

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
MDMConsult   The New Face of ID Management   2/4/2013 1:08:11 PM
Re: i sure hope so
I do believe the mass adoption of biometrics is critical today as we have adopted social media. With the security and identity theft at a high rate, installing the proper biometrics to such sites according to standards will be beneficial. The worst scenarios are having your data compromised. Relying on strong passwords is good however further security measures that are even stronger is best for today's sites.

 
KeithGrinsted   The New Face of ID Management   2/4/2013 9:43:12 AM
Re: i sure hope so
@tinym yes, it was not that long ago when you would email the school and perhaps get a response in 2 weeks time!  In the meantime you'd sorted whatever the issue was!

I am in a fortunate position to be Vice Chair of Governors at my daughters' school so I tend to have more email contact with teachers than some do.

However, there is always the thin line between what is right and what oversteps the mark when teachers are engaging directly with parents.

Social media contact for teachers is a real minefield.
tinym   The New Face of ID Management   2/4/2013 8:41:50 AM
Re: i sure hope so
Same challenges, different scenery. Thanks for the link! It is nice to email teachers these days. At least now I can tell them a check is in a backpack so they can be sure to get it.
KeithGrinsted   The New Face of ID Management   2/4/2013 1:40:53 AM
Re: i sure hope so
@tinym Hah!! It's good to know that parents around the world are facing the same challenges!!

I hate cheques (checks) because the money may be there when you write them, but possibly not by the time they cash it!!  As you say, in the meantime you don't know whether it has gone astray or not!

Here's the system we use... https://www.parentpay.com/
tinym   The New Face of ID Management   2/3/2013 4:46:56 PM
Re: i sure hope so
@Keith Agreed. I feel the same about the responsibility put on these kids at a young age. Our schools seem to take a very long time to deposit checks so it's takes a while before we learn a check has been lost. This is a scary thought for me. The system sounds like a dream. The most we can do is manage lunch account monies. Everything else is cash or checks...

It's funny you mention scrambling for cash at the last minute just as the bus pulls up. I did just that Friday morning!
KeithGrinsted   The New Face of ID Management   2/3/2013 4:27:29 PM
Re: i sure hope so
@tinym school trip payments are not small sums of money these days and it is unfair for the kids to have that responsibility at a young age.  Also, it is an unnecessary temptation to anyone that may easily be lead astray.

The online payment system is so good too.

When you make a payment for a specific trip it is allocated against that trip and the system generates a code that you can then write on the slip you send back saying your child can go.  The teacher then knows payment has been made and it makes everyone's job easier.  No more scrabbling around for cash just as they are about to leave for the school bus!!
KeithGrinsted   The New Face of ID Management   2/3/2013 4:22:35 PM
Re: i sure hope so
@Sara yes, in theory, they are a lazy person's dream security measure.  Put in practice they are clearly not used to any great level.

Technology is devised too often for a solution the developers / designers think end users want, whereas in reality it should be a joint effort.  Push and pull development.

But perhaps as David says there is a need for this level of security deeper into the organisation.
KeithGrinsted   The New Face of ID Management   2/3/2013 4:18:56 PM
Re: i sure hope so
@David Oh dear!  I now have a completely different vision of you with the brass knuckles and the MJ tribute glove!! Is that why your profile photo looks a little like a mugshot!?!

I certainly want to retain my own thumbs and they are portrayed poorly in gangster films.

But I think for many people not using the scanner on their laptop (my wife's has one) is simply because they can't be bothered and assume their password is secure enough.
tinym   The New Face of ID Management   1/29/2013 2:40:49 PM
Re: i sure hope so
@Keith that's good news. I'm glad it's not a system created only for school lunch payments. I like the idea of keeping cash and checks out of my kids' hands for school trips and whatnot. One of our kids (or maybe the teacher) recently lost a check meant for a school trip payment. I would have rather paid online!
David Wagner   The New Face of ID Management   1/28/2013 11:50:43 AM
Re: i sure hope so
@Sara- My experience with them is that they are touchy. If you press too hard and squash your thumb too much or don't squash it enough, they don't work. They easily get dirty and lost their abilit to scan properly.

i also have to take off my brass knuckles to use them. And sometimes even my Michael Jackson tribute glove if I forget to use the thumb i don't wear the glove on.

Seriously though. I do not like them, Sam I AM.
Page 1 / 3   >   >>


The blogs and comments posted on EnterpriseEfficiency.com do not reflect the views of TechWeb, EnterpriseEfficiency.com, or its sponsors. EnterpriseEfficiency.com, TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Cormac Foster
Cormac Foster   1/22/2013   40 comments
Malware is going to be ugly in 2013. BitDefender is already calling this "The Year of Mobile Malware," which should send shivers down the spines of anyone playing with BYOD.
Cormac Foster   1/16/2013   19 comments
CIOs and other IT leaders are increasingly being asked to work with colleagues across the organization to develop ways to mine structured and unstructured data in order to draw actionable ...
Cormac Foster   1/8/2013   5 comments
The last time we touched on software defined networking (SDN), or virtual networking, the industry was just lining up behind the OpenFlow standard that now defines it. By the end of 2012, ...
Cormac Foster   6/22/2011   5 comments
What do ISO 9001, HIPAA, PCI, Sarbanes Oxley, and a weekly drop-ship of 25 teddy bears to Des Moines every Tuesday have in common? They're all promises to do a certain thing a certain way ...
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
4/29/2014 - Join Dell and Intel for an interactive discussion about implementing, refining and improving your virtual environment. Specifically we’ll discuss pain points virtualization can solve and those that it can create and how to prevent them.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
moderators@enterpriseefficiency.com
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
SPONSORED BY DELL
CASE STUDIES
EBOOKS
PUBLIC SECTOR RESOURCES
VIDEOS
WHITE PAPERS
WINDOWS SERVER 2012 RESOURCES
A Video Case Study – Translational Genomics Research Institute
e2 Video


On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments


Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   12 comments


The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   5 comments


TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments


The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments


Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments


IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments


TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments


TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   8 comments


The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments


The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   19 comments


Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   6 comments


New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   11 comments


The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments


We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments


Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments


Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments


Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments


On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments


Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments


A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments


VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments


Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments


Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments


Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments


The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.