Archive

Posts Tagged ‘security’

11 Identity Trends

January 31st, 2011
1 comment

Salvatore D’Agostino at DigitalIDNews posted an article earlier in January, 11 identity trends to watch in 2011, in which he pointed out that despite the proposed National Strategy for Trusted Identities in Cyberspace and the Federal Identity, Credentialing and Access Management Guidance (Draft, PDF), ”national ID programs, social networking, mobile and e-commerce are all moving out on their own.” The author’s list (with my emphasis) includes:

1. Mobile identity always has been and will continue to be the biggest game in town. Each year nearly 5 billion smart card technology subscriber identity modules are sold. And as smart phones grow in sophistication and as a result occupy an increasing percentage of user screen time they will become the most important area in the identity marketplace.

2. None of the Facebook, Google, OpenID, triad will actually manage to issue trusted identities in 2011 and consumers will continue to fail to realize they are the product and not the customer for these and many other identity providers.

7. The User Managed Access work of the Kantara Initiative will gain support as it addresses the overarching requirement of the need for user control of personal information in the era of shared infrastructure.

9. Consumers will demand the adoption and benefits of commercial off-the-shelf application software to provide privacy and identity protection of data at rest and in motion via encryption and secure channels in their day to day communications with banks, health care organizations, and other organizations even in those states where it is not mandated.

11. Identity theft and fraud will continue to grow and be subsidized by consumers via premiums, user fees and interest rates without the mandate for strong interoperable identities. And while the National Strategy for Trusted Identities will talk the talk it remains to be seen if it can walk the walk.

Coaching moment: As passive customers of digital services, we are prone to greater influence and manipulation by the system, for the benefits of the system and not for ourselves. If we wish to empower ourselves–and the commercial marketplace generally–with better and more trustworthy practices, we will need to be active and even vocal supporters of the alternatives that lead us in that preferred direction. This isn’t as scary as it might seem. It just means making certain choices more mindfully, more aware of the cost of “free.”

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

future, records, tools , , , , , , , , , , , , , , , , , , , ,

Customer Info Data Management

January 31st, 2011
No comments

Across the pond in the UK, The Telegraph posted an article back in Aug. 2008, How Big Brother watches your every move, about the level of data collection by the Government, law enforcement agencies and private companies. From the article:

In one week, the average person living in Britain has 3,254 pieces of personal information stored about him or her, most of which is kept in databases for years and in some cases indefinitely.

We know it’s not just Big Brother but is really the 10,000 Little Brothers that are collecting the data. We also know they’re collecting way beyond what’s actually needed to complete any specific transaction. According to Matt Flynn, 89% of data leakage incidents in 2007 went unreported. While there’s a mismatch in years, I don’t think it alters the big picture: corporations treat personal datalike a big slushy resource with no regard for the individuals behind it. Moreover, I don’t think this practice or attitude has changed since this time. Facebook is a prime example of this corporate hubris.

There’s a short and informative post on Information Answers about the Trust Index Outputs that proposes a set of questions to help score trustworthiness on 12 topic areas. The specific questions that lead to the scores on each topic aren’t included, but I like the 12 areas:

  1. Overall Approach
  2. Data Collection
  3. Data Use
  4. Minimum Data Capture
  5. Data Accuracy
  6. Data Retention
  7. Subject Access
  8. Data Security
  9. Data Sharing
  10. Liability
  11. Data Breaches
  12. Adding Value

A set of metrics like this would go a long way toward recognizing and connecting with potential (and currently wasted) value in the information marketplace.

Coaching moment: As a person, I’d love to have some way of measuring the information sharing practices of companies I do business with. I’d love to know that someone was being held accountable for doing things in a measurable, trustworthy manner. As a company, I’d love to have the opportunity to show my value AND ensure cost-saving and efficient ways of keeping the data accurate and appropriate to my specific needs. Such a proposal as this Trust Index helps point to how we can make this happen. If you’re reading this as an individual, would you like to see such a thing? If you’re a company, what are your concerns?

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

future, history, records , , , , , , , , , , , , , ,

I Shared What?!?

November 27th, 2010
No comments

logo for I Shared What?!? websiteVoluntary personal information sharing comes naturally to most of us. When given an opportunity, a few tools, and a community in which we can share our most intimate details, many people don’t hesitate to document their every movement and mood. We readily identify our friends and our preferences, and even document our vices.

Facebook is the place right now where a great many people share the most detailed information about themselves. Are you on Facebook? If so, you might be interested in a new site called I Shared What?!? that will open a window for you into what Facebook sees–and lets others see.

Coaching moment: Did you know you were sharing this much information? Do you know who has access to it, for how long, and for what purposes? Does this make you uncomfortable? Why?

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

friends/family, history, records, tools , , , , , , , , , , , , , , , , , , ,

The Five A’s of Security

September 7th, 2009
No comments

Personal and online security is a desirable state and a complex idea. This guide offers a general overview of the main idea that, when used together, help us establish a level of security that makes us comfortable using our computer in an online world.

A is for Awareness

Awareness

The first subject in talking about security is awareness. We need to be aware, for example, that we are not always safe in the world (online and offline). When we are online, most people are aware that there are certain dangers such as viruses, phishing, and spam that threaten our safety (personal, financial, or data). Once we know that problems exist, we are more likely to learn about and take steps to avoid danger and keep ourselves safe and secure.

A is for Authentication

Authentication

Authentication is the process of verifying that you are the real you. Your friend may authenticate you to other friends by saying something like “this is my friend Chris” (or whatever your name is). You may prove that you’re who you are to a business entity by answering questions that only you would know the answer to. You are usually being authentic when you speak honestly, from your perspective, to someone you love.

A is for Authorization

Authorization

When you are authorized, you have access to a computer system. Verifying users of your computer, or your work’s computer, or any storage systems or online accounts, can help you track the activity in files and resources. An unauthorized user can be prevented from gaining access to your information. Authorization is the process of assigning permission to use certain files and resources.

A is for Access Control

Access Control

Setting permissions on files, directories, accounts, or computers can establish limits to these resources. You may wish to be the only person that read and update your personal finances, for example. This is referred to as individual read-write access (only the owner of the file can read or update). At work, your group may have access to read and maybe edit a collaborative document. Most of the web pages offer global read-only access. Individual, group, or global access can be set to allow reading, editing, and/or other permissions.

A is for Auditing

Auditing

As individual computer users, we don’t often think about the clues that we can use to track where we’ve been and what we’ve been doing. However, whenever we visit a web site, the site’s server automatically keeps a record of things like our domain name or IP #, the time and date of our request, the page or file requested, a code indicating success or error, the number of bytes transferred, and more. As the visitor, we don’t have such tracking tools (and in many cases, don’t need them). However, as our habits and travels on the Internet are increasingly scrutinized by the sites we visit, we have a stronger case for understanding what is being compiled about us.

Coaching moment: In reality, these five A’s are somewhat intertwined. For example, it doesn’t make sense to have Authentication without Authorization. Access control doesn’t happen without Authentication and Authorization, and none of these make sense without Awareness.

What does this have to do with digital identity? These are the pieces that make up our digital records, including who we are and what we’re allowed to do. Sometimes we have control over these decisions, and sometimes control is in the hands of others. It depends on the context of where we are and what we need.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

history, records, tools , , , , , , , , , , , , ,

Future Imperfect

May 15th, 2009
No comments

This post is going all geeky on you. There’s a mission and a method to my madness, and I mean madness in the most forward thinking way. After all, if we don’t have a vision or a dream, what makes up the color in our future?

First up is Fred Wilson’s presentation from a talk that he gave at Google. Note that even though these are just the slides, Wilson gives you a clear idea that there’s something disruptive going on.

Second up is a report from JD Lasica and the Aspen Institute entitled Identity in the Age of Cloud Computing (PDF, purchase). Lasica points out that the disruption is all about identity, personal empowerment, and benefits to society and commerce all around. From his report:

Excerpt: Why the Cloud Matters

According to Newsweek: “At the end of August [2008], as Hurricane Gustav threatened the coast of Texas, the Obama campaign called the Red Cross to say it would be routing donations to it via the Red Cross home page. Get your servers ready—our guys can be pretty nuts, Team Obama said. Sure, sure, whatever, the Red Cross responded. We’ve been through 9/11, Katrina, we can handle it. The surge of Obama dollars crashed the Red Cross website in less than 15 minutes.”

The New York-based tech start-up Animoto, which lets users create professional-quality, MTV-style videos using their own images and licensed music, was averaging 5,000 users a day until it suddenly received a burst of new users who discovered it through Facebook. Its traffic surged to 750,000 visitors over three days. The number of servers Animoto was running on jumped from 50 to 3,500 during that span of time. “It was just numbers we never imagined we would ever see,” chief technology officer Stevie Clifton told a Seattle newspaper. “It was fun and scary and pretty cool.” Thanks to AmazonWeb Services, Animoto’s servers did not crash, because Animoto does not have any servers. It outsources its computing power to Amazon.comand pays only for what it uses. The ten-employee company is now expanding. Amazon CEO Jeff Bezos touts Animoto as the poster company for cloud computing.

The tales of the Red Cross and Animoto neatly sum up the contrast between the former economy and the emerging cloud economy. If the Internet economy is an apt descriptor of the changes taking place around us today, then the term cloud economy could justly be ascribed to the still larger global disruptions ahead. Google CEO Eric Schmidt has called this “the cloud computing age.”

Coaching moment: Sometimes people I talk with say that they feel like a lone wolf howling at the moon. Most of the time these people are visionaries or idealists that don’t have a common public voice. The crowd hasn’t discovered the conversation yet. Identity is one of those conversations. It’s a relatively small group talking about a subject that everyone will be impacted by, and that the future will be shaped by (one way or another).

If you’re one of the lone wolves, take heart. Keep up the good work. The more we tell the story, the better we get. The better the story becomes, the more people will want to hear it. The time is good to explore, discover, think, discuss, and practice telling the story. Not everyone is ready to hear it yet, which is ok. All things in time.

[del.icio.us] [Facebook] [LinkedIn] [Ma.gnolia] [Technorati] [Twitter] [Email] More »

future, history, records, tools , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Switch to our mobile site