Let’s see … a convicted felon “who had helped her lover swindle more than $200 million from insurance firms” was hired by TIAA-CREF, “a prestigious financial institution that handles some of the nation’s largest academic retirement funds” by using a phony Identity. Before she was discovered, she “had unfettered access to customer data for a couple of months” and downloaded unencrypted customer Identity data, including social security numbers and birth dates. Her laptop hard drive and USB devices have never been recovered. The number of user records she stole is under dispute, but could be in the millions.

Just think … “She could, in all likelihood, serve her time in prison and sell the customer data when she gets out.”

But her supervisor, who discovered and reported her background and illegal actions, was fired for allowing her to have access to the Identity data. His appeal under the Sarbanes-Oxley Whistleblower act was denied on a technicality. It hardly seems fair.

This story illustrates the vulnerability of sensitive Identity data even when expensive security systems are in place. In this case, a devious thief nosed her way into a componay and deliberately stole Identity data right out from under the noses of her supervisors. In the high-profile Veterans Administration data theft case, an employee simply violated security policy and allowed Identity data to be stolen from his home. Oops!

Identity Data has become a hot commodity – very profitable for bad guys who steal it, and terribly inconvenient for those who are victimized.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Identity Theft

After stating that “Generation M will not use technology the way we are used to doing. For one thing, they have real mobility. Mobility is key. Multitasking is key. Multimedia is key. The three Ms of Generation M,” JP Rangaswami proposes, “People in Generation M will have n identities at the same time. N jobs at the same time. N residences at the same time.

I guess JP knew about our house. We have more computers, cell phones and iPods than televisions. We are all addicted to email. My 12 year old daughter is perfectly at home with PowerPoint and Google. Family newsletters and photo albums are digital.

But among all this hype, there are still some troubling realities. How many billions of people have never made a telephone call? Or watched television? Or typed on a computer? How many never have enough to eat, let alone be bothered by Multimedia?

WorldHunger.org reports that “malnutrition plays a role in at least half of the 10.9 million child deaths each year–five million deaths.”

What became of the the identities of each of these children? Should the fourth M of Generation M be “Malnutrition”? A sobering thought.

Particularly when I realize that I just spent 30 bucks on dinner that was so large we brought doggy bags home.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
World Hunger,
Generation M

An interesting article by Ed Taylor in today’s East Valley Tribune highlighted a Mesa, Arizona, company that was selected by Lockheed Martin to supply USB key devices to “allow its customers, partners and vendors to gain access to the corporation’s guest network.”

Sweet Spot Solutions claims “Sweet Spot® S3™ Key is the world’s first driverless and clientless integrated Two-Factor Authentication and VPN client solution. S3 boasts a simple user interface and backend rights management that puts companies in complete control when extending network security policies to end users.”

It was nice to hear that a small company, located about four miles from my house, is making a positive contribution to the world of Identity Management.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Sweet Spot Solutions,
Lockheed Martin,
Strong Authentication

Dave Kearns stated yesterday in his Network World newsletter that “Oracle was quite proud” to be in the Gartner Magic Quadrant for user provisioning services. Well, they should be – they are in good company with Sun Microsystems! Dave failed to mention that Sun is ahead of Oracle on both the Completeness of Vision and Ability to Execute axes. (Note:Dave’s articles are sent out by email. They appear on the Network World website a few days after initially relased.)

Dave also observed, “Of course, everyone wants to be in the ‘Leaders’ quadrant and no vendor I know ever sent out a press release declaring that it made it into the Challengers, Visionaries or Niche Players quadrant!”

Well, it appears that both Courion and M-Tech were proud enough about their position in the Challengers quadrant that they did issue press releases.

Don’t you love it when a simple box with names inside generates so much interest?

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
Oracle,
Courion,
M-Tech,
Gartner

“Significant problems we face today cannot be solved at the same level of thinking we were at when we created them.” – Albert Einstein

We are meeting with one of Sun’s large Identity Management partners today, discussing some innovative ways to deploy Sun’s Identity Management products. A recent email from one of the key participants in today’s workshop included this Albert Einstein quotation.

Albert probably didn’t give much thought to Identity Management, but his challenge to elevate our level of thought to meet new problems certainly applies to our industry. Identity systems must accommodate business models which we weren’t even considering a few years ago. Issues such as leveraged Identity services, contextual Identities, Identity auditing, global federation, and Identity-enabled business process integration certainly weren’t in the forefront of Identity Management thought until recently. Now these very real issues and real-world business models demand that we expand our collective minds to deliver solutions that work in new ways to solve new things.

It is an exciting world to be in.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Albert Einstein

Thanks to Mr. or Mrs. Anonymous for pointing out William Heath’s “Ideal Government” blog.

Technorati Tags: Identity,
Digital Identity,
Identity Management

I just re-read the blog I just posted. It strikes me that the two gentlemen I quoted make a strong case for the value of User-Centric Identity (UCI) – as opposed to Government Centric Identity (GCI).

Mr. Loretto sounds pretty darn condescending – like I don’t have the common intelligence to juggle a few Identities on my own. Maybe from his lofty perch in the high eschelons of power within Telstra, he has forgotten that the common man is able to do some pretty remarkable things – like keeping track of a few credit cards or a few Identities. When people of power have such a disparaging view of the common man, it becomes easy for them to exploit, abuse and defraud.

To quote a favorite bit of scripture, “We have learned by sad experience that it is the nature and disposition of almost all men, as soon as they get a little authority, as they suppose, they will immediately begin to exercise unrighteous dominion.” (D&C 121:39 — Doctrine and Covenants of the Church of Jesus Christ of Latter-day Saints.)

Mr. Heath, on the other hand, points out a huge opportunity for abuse or fraud – concentrating many Identities into one is just begging for some fraudulent operator to steal identities and do bad stuff.

My concern about national ID cards is centered on the fact that abuse can and will occur within government or other institutions. The bigger the trust we put in governement (like accepting a national ID card), the bigger opportunity for abuse. It’s too bad, but it’s a fact of life.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
National ID Card

In his May 16th article in the Sydney Morning Herald, entitled “Smartcard not so clever: fraudster,” Nick Miller pointed out some of the pros and cons for a National ID Card.

First the pro: Jonathan Loretto, general manager of extended enterprise solutions at Telstra, stated, “Technology is confusing for a lot of people so we need a single point of access for them, a single point of understanding that helps them make their lives simpler.

“Before long we might end up with five, six or seven identity cards, which is great for people who sell handbags or wallets. But I don’t want to stand there flicking through my cards trying to work out which one lets me into the lobby of my office and into the lift.”

“We need to simplify things and think of the end user.”

Then, the con: William Heath, chairman of consultancy Kablenet countered, “A single identifier (card) is bad and dangerous for government,” he said. “It is an extremely courageous step to put all your identification, all the different departments, on to one identifier.”

“As long as you use an identifier unique to your department you manage that risk. If somebody’s playing fast and loose you can nail them. But if you’re all using the same identifier and some external party is managing it you don’t have any control at all.”

It’s good to know that our friends on the other side of the world are as concerned as I am about this subject.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
National ID Card

Luke Razzell pointed out a humorous true story about a very visible mistaken Identity. Makes you wonder about BBC‘s authentication mechanisms. Simple as black and white.

Technorati Tags: Identity,
Digital Identity,
Identity Management,
BBC

Sun announced today it is “teaming up with SAP to deliver an integrated software solution that will help businesses maintain automated ‘continuous compliance’ with both external government regulations such as Sarbanes-Oxley and internal corporate security policies.”

The new solution “combines the Sun Java System Identity Management Suite with SAP’s Virsa Access Enforcer …”

“By automating provisioning and compliance controls across all IT resources including custom and Web applications, host mainframes, databases, directories and business applications, Sun and SAP’s products work together to give customers continuous compliance in real-time. …

“Sun’s Java System Identity Management Suite allows companies to create a user’s virtual identity, tying the user to appropriate accounts across the enterprise. Reports are generated automatically and sent to approved reviewers, providing a clear record for auditing purposes. In addition, any violations of policy are detected, flagged and remediated.”

Good stuff!

Technorati Tags: Identity,
Digital Identity,
Identity Management,
Sun Microsystems,
SAP,
Virsa,
Compliance