Contrarisk Security Podcast #0030: Identity and privacy

» Listen or download now on the podcasts page »

Daniel Raskin, ForgeRock

Daniel Raskin, ForgeRock

With the Internet now playing such as intrinsic part of our lives, identity management (IM) has entered a new world. As Daniel Raskin, VP of marketing at ForgeRock, explains in this interview, what was once a simple matter of allowing employees to authenticate themselves on a local network has moved out into a much wider, connected world. And many of those people who need to identify themselves securely are customers, making identity management a key element in how businesses drive top-line revenue.

This demands a new type of identity system. First and foremost, it needs to scale. It also needs to connect to anything – not just users but devices and systems. Given the emergence of the Internet of Things, the ‘user’ might be a car or a fridge.
And IM needs to deliver capability in the timeframe of the business. To assist this, you need a unified identity platform with common APIs.

To enable this kind of change, we need to evolve the methods by which we identify ourselves. Context is important, and high-value systems will typically demand multi-factor methods. The traditional, highly static, rules-based approaches are no longer up to the job. We need to be looking at all the attributes around a transaction – eg, device fingerprinting and the use of metadata. By using more information, we can make the decisions more dynamic and intelligent.

Developments in IM are being driven by business requirements, with organisations using identity as a competitive differentiator, including faster time to market. And it’s providing firms with a better view of the customer or end user – true Identity Relationship Management (IRM).

 

Colin Tankard, Digital Pathways

Colin Tankard, Digital Pathways

Many tools are doubled-edge. Both penetration testers and malicious hackers use software such as Nmap, Nessus and Metasploit. And there’s a similar dilemma in the world of privacy, with technologies such as Tor being exploited for both good and bad.

“We have to get some sort of balance,” explains Colin Tankard, MD of Digital Pathways in this interview. Simply banning technologies doesn’t seem to work – “as soon as you close one thing down something else pops up”.

We’ve also seen the emergence of ‘dark nets’, with groups of people creating their own private networks.

Law enforcement agencies are turning to more covert operations – sometimes flirting with the limits of what be generally acceptable behaviour. It remains to be seen how far so-called ‘liberal’ democracies will go in terms of attempting to control the Internet.

Tankard believes all we can do right now is look at each problem as it appears. In broader terms of what’s right and wrong, everything depends on where you sit – not just politically but also commercially. For example, media companies may have a different opinion from the rest of us as to what steps it’s reasonable to take to combat piracy.

While certain elements of the media focus on the sensationalist aspects of things like the Tor network, it’s important to remember that all these technologies are also used for good – and that’s, perhaps, why they will always be with us.

While intelligence and law enforcement agencies complain that too many people are hiding behind encryption technologies, it seems only natural that organisations and individuals will do what they can to protect themselves on the Internet.

» Listen or download now on the podcasts page »

Leave a Reply

Your email address will not be published. Required fields are marked *