Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, December 20, 2004

What’s Ahead For Identity Management in 2005

Research says that new challenges such as the rising threats of fraud and identity theft are causing a fundamental shift in the identity management market.  In 2005, as in 2004, compliance will be the primary driver for enterprise investment in identity management.

But new challenges are emerging: the rise in fraud and identity theft, the increasing consumer demand for privacy protections, and the drive by companies to partner with other businesses to interconnect their online services.  The pressures behind these new market forces are welling, and attention to will start to fundamentally shift the direction of the identity management market in 2005.

Compliance initiatives occupy center stage in IT and security projects.  From Sarbanes-Oxley and the USA PATRIOT Act to HIPAA and Visa Account Information Security Standards, a common aspect of these regulations’ security and privacy components is the establishment of proper authentication practices and the appropriate assignment of privileges.

Developing, enforcing, and auditing authentication and access control policies is a core element of compliance projects.  While businesses are still able to absorb the direct losses, consumers are altering their behavior, curbing their online purchasing and use of online banking services.

Whoever is accessing your systems, be it employees on your LAN or Wi-Fi network, partners on your extranet, or customers on your commerce sites, simple passwords no longer suffice as a reliable means of authentication.  Businesses continue to build out and interconnect Internet-based services.

Provisioning directly addresses key compliance concerns around documentation, enforcement, and auditing of security controls.  The primary value of provisioning has shifted from the ROI around self-service password reset and IT efficiency improvements to the policy enforcement and auditability around role-based access controls and centralized process management.  Provisioning has eclipsed Web single sign-on in terms of both visibility and import.

HIPAA and Sarbanes-Oxley are driving organizations to adopt strong authentication technologies like smart cards and biometrics, or simply to strengthen their password policies.

E-SSO solutions have matured greatly and are deservedly getting a new look after a long period of neglect.  This spans technologies as broad as Web services security, Trusted Computing, RFID deployments, and smart homes.  This will manifest first in the realm of authentication and account protection, then in the realm of authorization and data protection

Identity federation moves out of the test lab.

Identity management will evolve towards a well-recognized layer of the computing stack, and vendors will develop broad portfolios of integrated components.  Not only is it being rediscovered by end user organizations, but also big vendors will step up and acquire independent solutions after a long period of loose partnership activity.

Posted on 12/20