[Log In] []

Exploring the science and magic of Identity and Access Management
Saturday, October 23, 2021

Identity is the Foundation

Author: Mark Dixon
Wednesday, September 19, 2012
5:43 pm

I enjoyed reading Ian Yip’s blog post this morning: “Identity is the Foundation.” The heart of the message:

We need to be stating the fact that Identity is foundational to the enterprise. i.e. Identity is the foundation. (emphasis addeed)

As far as identity is concerned, we need to think about it a little differently than we have in the past. Identity is less about the “who we are” and more about “what we are”. We care a lot more about what normal usage patterns look like, what someone is currently doing and what else they could potentially do. In other words, identity today is so much more than it used to mean in the past. It is really about reputation, relationships, context, activity, behaviour and being able to take fast, appropriate action in reaction to things that happen.

I think the concept that identity is a dynamic and immediate is solidly in step with modern business reality.

Comments Off on Identity is the Foundation . Permalink . Trackback URL
WordPress Tags: ,

Richfield High School, Class of 1971 – Do I Know You?

Author: Mark Dixon
Saturday, September 8, 2012
10:28 pm

Recently, I have received several invitations to join the “schoolFeed by Classmates” app on Facebook – from people I knew and went to school with in Richfield, Idaho, many years ago.  I am very, very selective these days about which apps I authorize, by I finally signed up.  When I joined the app, I hoped to connect with a few new people whom I haven’t seen for ages.  However, I was presented with a long list of folks who all graduated from Richfield High School – just not the tiny one I attended with only 13 people in my graduating class!

The trouble with this app is that it apparently fails to recognize that “Richfield High School” can apply to any number of high schools in the country, not just the tiny one I went to. I suppose those on the list are all nice people, but just not the ones I remembered.  But I did get a nice complement for a picture I posted from a person I had never met!  How bad is that?

This is a clear example of how attaching an attribute like “Richfield High School” to my online identity does little good unless that attribute is unique enough to satisfy the need for which it was intended.  In this case, it fell woefully short!

But the app is in “beta” release – which automatically forgives all blatant errors, even if they strike at the very heart of the app’s driving purpose, right?

Comments Off on Richfield High School, Class of 1971 – Do I Know You? . Permalink . Trackback URL

Resurrecting Discovering Identity on Blogs.Oracle.Com

Author: Mark Dixon
Thursday, March 15, 2012
10:41 am

In response to requests that I refresh my Discovering Identity blog that has been lying dormant on blogs.oracle.com since February 2010, I have commenced today to satisfy that request.

Discovering Identity

I created this blog on blogs.sun.com in May 2005 and updated it regularly until Oracle acquired Sun in February 2010, at which time I switched to self-publishing the blog here at discoveringidentity.com.  The full archive of my posts from May 2005 to February 2010 is available on this site and also on the oracle.blogs.com site.  From now on, I will publish items of interest to the Oracle community on both sites and address issues beyond that scope on this discoveringidentity.com site.

If anyone has items you would like me to address specifically on the blogs.oracle.com site, please let me know.

Comments Off on Resurrecting Discovering Identity on Blogs.Oracle.Com . Permalink . Trackback URL
WordPress Tags: , ,

User Attributes – Part of Identity?

Author: Mark Dixon
Saturday, October 8, 2011
7:59 am

I recently participated in an Identity and Access Management architecture session where I was asked a direct question, “Do you consider user attributes not stored in the main directory a part of user Identity?”  When I said yes, a few people seemed somewhat perplexed.  Please let me explain my point of view.

I think there is a propensity to think that “Identity attributes”  are strictly limited to those stored in a directory user object.  That focus is too narrow.  While it may be that the “Identity Management System” only knows about those attributes, the sum total of real Identity information can be much broader.  This broader view of Identity is essential if we hope to leverage Identity Management to enable innovative business models.

For example, if I am an online vendor hoping to leverage user Identities to provide a highly personalized user experience for my customers, I must not rely only on the user object in the authentication directory.  A more rich set of Identity data comprising history, preferences and real-time context must be considered. This information may reside in multiple repositories.

Just my thoughts.  What do you think?




IAM Best Practices – Prescriptions for Success?

Author: Mark Dixon
Saturday, October 8, 2011
5:49 am

What are the most frequent requests I hear from Identity and Access Management customers?  “How can I use this stuff most effectively?”  “What are the best practices?”

Features and functions, speeds and feeds are not front and center in the dialog.  The main topic of conversation tends to revolve around the best practices for using IAM to business advantage.  What have we collectively learned that will make success easier to achieve and more predictable?

In the maturing IAM industry, we have made great strides in learning how to install and configure IAM technology.  Many companies have learned how to derive business value from IAM.  Unfortunately, we haven’t done a good job of consistently documenting and sharing the experiences we have all gained in making it all really work. We have not consistently distilled experience gained into prescriptive recipes for success.  Customer success stories provide good anecdotal evidence, but fall short of being prescriptions for success.  We have precious few white papers that focus on how to make things work, rather than on extolling features and functions.

It would be an interesting exercise to interview a wide range of companies that have implemented IAM, derive from that body of collective knowledge what really works and what doesn’t, and present that information in a set of best practices that can help others succeed.  Book idea? We’ll see.


Comments Off on IAM Best Practices – Prescriptions for Success? . Permalink . Trackback URL
WordPress Tags: ,

Veriphyr Study: Protected Health Information (PHI) Privacy Breaches

Identity, Information Security
Author: Mark Dixon
Friday, September 2, 2011
5:51 pm

This afternoon, I received word that Veriphyr, a provider of SaaS Identity and Access Intelligence services, announced the results of new survey on Protected Health Information (PHI) privacy breaches. According to the report,

More than 70 percent of the organizations in the study have suffered one or more breaches of PHI within the last 12 months. …

Insiders were responsible for the majority of breaches, with 35 percent snooping into medical records of fellow employees and 27 percent accessing records of friends and relatives.

Some interesting statistics:

Top breaches in the past 12 months by type:

  • Snooping into medical records of fellow employees (35%)
  • Snooping into records of friends and relatives (27%)
  • Loss /theft of physical records (25%)
  • Loss/theft of equipment holding PHI (20%)

When a breach occurred, it was detected in:

  • One to three days (30%)
  • One week (12%)
  • Two to four weeks (17%)

Once a breach was detected, it was resolved in:

  • One to three days (16%)
  • One week (18%)
  • Two to Four weeks (25%)

79% of respondents were “somewhat concerned” or “very concerned” that their existing controls do not enable timely detection of breaches of PHI

52% stated they did not have adequate tools for monitoring inappropriate access to PHI

The report’s conclusion was not surprising:

Respondents who indicated strong satisfaction with their monitoring tools also tended to report fewer breaches of PHI and faster resolution times. The reverse is also true: respondents who indicated dissatisfaction with their monitoring tools tended to report more breaches and longer resolution times.
The morals of this story?
  • Cautiously trust, but verify the internal folks.  They are the biggest breach threat.
  • Do you want to tackle and solve your privacy breach problems? Good tools really do help.


Comments Off on Veriphyr Study: Protected Health Information (PHI) Privacy Breaches . Permalink . Trackback URL

Oracle Webcast: Escape the Quagmire with the Oracle Identity Platform

Author: Mark Dixon
Friday, September 2, 2011
4:29 pm

In an Oracle webcast on September 20th, Scott Bonnell, Sr. Director of Product Management, Oracle, and Naresh Persaud, Director of Product Marketing, Oracle, will explore how the Oracle identity platform can mobilize stalled deployments, allowing customers to accelerate identity projects.

This complimentary Webcast will show how the Oracle identity platform can:

  1. Mobilize and complete your identity management project
  2. Coexist with or replace your existing identity management point solution
  3. Reduce security risk and improve regulatory compliance
You can register for the webcast here.
Comments Off on Oracle Webcast: Escape the Quagmire with the Oracle Identity Platform . Permalink . Trackback URL
WordPress Tags: ,

Join me at the Oracle Security Solutions Forum

Author: Mark Dixon
Wednesday, August 31, 2011
4:20 am

On September 22nd, I will give two presentations at the Oracle Security Solutions Forum held at the W Hotel in Scottsdale, Arizona:

  • Identity Management 11g: A Giant Leap in Identity Management
  • Addressing Access Governance with Oracle Identity Analytics 11g
Headlining the event will be Tom Kyte, Senior Technical Architect in Oracle’s Server Technology Division, addressing the topic of “Complete Database Security.”

If you plan to be in Arizona on the 22nd, please drop by and join us!

Comments Off on Join me at the Oracle Security Solutions Forum . Permalink . Trackback URL
WordPress Tags: ,

“Audit Eye” – Are You Facing a Tough Audit?

Author: Mark Dixon
Friday, August 26, 2011
10:52 am

Do you lapse into the “Audit Eye” trance when facing a tough audit?


Oracle Identity Analytics can help … really!

Comments Off on “Audit Eye” – Are You Facing a Tough Audit? . Permalink . Trackback URL

IAM – Fundamental Enabler for New Business Models

Author: Mark Dixon
Tuesday, August 23, 2011
10:17 pm

During the past three weeks, I have interacted with three major customers, in industries as diverse as transportation, apparel and entertainment, that had one thing clearly in common – each saw Identity and Access Management as a fundamental, critical enabler for new business models each company is pursuing.  It is all about knowing who your customers are individually, and interacting with them in a highly personalized, tailored way, in the context of their choosing.

Today I sat through a presentation that depicted IAM in the traditional context, as something that would improve compliance, increase operational efficiency and enhance security.  While these drivers are still valid, I couldn’t help but contrast those two views.

On one hand, IAM is considered to be very defensive in nature, necessary but burdensome.  On the other hand is an innovative vision that IAM is first and foremost a proactive, offensive weapon and business enabler, secondarily a protective shield.

Can you tell where I’d rather play?

Comments Off on IAM – Fundamental Enabler for New Business Models . Permalink . Trackback URL
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.