The industry’s identity crisis must be solved

By on
The industry’s identity crisis must be solved

There was definitely a penitent feel to the RSA Conference in San Francisco. Speakers such as Bill Gates, John Thompson of Symantec and Art Coviello of Computer Associates all tacitly admitted that the industry has failed to deliver what users need.

This was certainly not news to users. Over the past year, there has been a groundswell of resentment against vendors and their inability to deliver secure, bug-free software.

Microsoft got round the problem by launching its newly acquired anti-spyware as a beta and, as Bill Gates explained, is encouraging users to download it, use it and report back on offending websites.

Microsoft is now receiving around half a million reports a day from this unpaid army of researchers, helping it build what must be one of the best-resourced databases of spyware sites anywhere in the world.

But much more challenging is the whole issue of ID management, which also figured prominently at RSA. Companies were touting everything from new enterprise solutions to two-factor widgets for controlling who gets on the system.

This struck me as ironic. Online systems have been with us for how long – a decade? Two decades? Even more in some cases, yet it seems odd that only now that we are worrying about identity management. What have we all been doing for the past 20 years?

In most cases, the answer is that we've been muddling along, implementing systems piecemeal and building local directories for small communities. The solutions seemed to provide an adequate service, so no one fixed them. In reality, they were already failing a long time ago, with companies struggling to register new users effectively or switch users off when they left.

But the boom in internet usage and e-commerce, the drive toward paperless trading, and the prospect of web services have all exposed the weakness of existing arrangements.

Few organisations have even begun to tackle this problem. In the past month, I have spoken to several large companies that are only now running pilots for enterprise-wide ID management. Even basic features such as self-service password resets (a sure-fire application) remain a twinkle in the eye of most security chiefs.

The MoD recently revealed it will spend £4 billion with a consortium led by Texas-based EDS, in order to provide just such a system for communication between the armed forces and civil servants. While most other companies will be able to spend far less upgrading their own systems, it underlines how large a challenge this is for the profession. ID management underpins everything we do, but it has been stuck at the back of the queue.

Until we get this identity crisis sorted out, all our other efforts are likely to be severely undermined.

Ron Condon is editor-in-chief of SC Magazine

Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?