Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, February 20, 2006

Private identities become a corporate focus

The CEO of Sun Microsystems,—infamous for his pronouncement, “You have zero privacy anyway—Get over it.”—took a conciliatory tone on the stage here, allowing that privacy might be something for which consumers should fight.  He warned companies that, unless they protect consumer privacy, they could lose out on significant online growth.  “It’s going to get scarier if we don’t come up with technology and rules to protect appropriately privacy and secure the data, and the most important asset we have is obviously the data on people—our customers and employees and partners,” McNealy told attendees last week.  McNealy joined the heads of other technology companies at the RSA Conference who called for better protection of privacy and more specific ways of thinking about what data needs to be known to identify partners and customers.

In 2006, the problem seems hardly any better, with one newspaper company accidentally wrapping people’s Sunday editions with a list of 202,000 subscribers’ social security numbers and Seattle-based Providence Home Services acknowledging that backup tapes containing 365,000 patient records in the states of Washington and Oregon had been stolen from an employee’s car.  Over the last decade, while the Internet has boomed and busted, online identity has remained a binary proposition to most businesses: Users either fully identify themselves to a Web site or hide behind an anonymous handle.  Because commerce sites believe anonymity means less security, online businesses have increasingly asked customers to more fully identify themselves, a choice highlighted by many companies difficulty in keeping the data safe.

“Often times the topic of the level of authentication to create these models (of commerce) deteriorates into a presumption that there is an extreme choice to be made between true proof of personal identity and anonymity,” said Art Coviello, CEO of RSA Security.  Coviello argued that companies should adopt technology that allows consumers to present trusted credentials for specific attributes, such as the visitor to the Web site is over 18 years old.

During the keynote kicking off the conference, Microsoft’s chief software architect Bill Gates told attendees that the company’s next operating system will support just such a system.  “You will have different cards: Cards that just give your location, cards that more secure that give your credit card (information), cards that you would protect very carefully and you would have a PIN for every use of it where you might authorize access your medical information.”

Businesses can gain by having less information stored on their servers.  Moreover, putting fewer barriers in the way of the customer will mean more business, said Rob Shenk, vice president of online financial giant E*TRADE Bank during a panel on consumer authentication for the financial industry.

Posted on 02/20