Tuesday, August 09, 2005

DNA of Identity Part II

With all of the software implementations happening for compliance, the laws seem to have been written dictating that companies need to provide an access log of who is touching or accessing data on a particular system at a particular time and holding companies accountable for what happens with that information.

Who is to say that the person accessing the information is the person you believe is accessing it?

In this day and age it's too easy to do an ip address spoof, or run a program to crack a username & password, or find some other way to impersonate someone online.

In my opinion the next logical step in this whole Sarbanes Oxley compliance push in corporate America is to get closer to proving that who got access to sensitive data is who got access to sensitive data. One of the best and worst things about the internet and computer networks in general is the *perceived* relative anonymity by which we navigate the wired world.

The issue for companies is that they need to know that the people they employ have the best interests of the company in mind and won't do anything that will land management in jail. Even in the real world, as a recent example, Sonja Anticevic a Croatian woman was thought to be the victim of identity theft after rumors of insider trading in the Adidas-Reebok deal came to light. The investigation is still unfolding, but from what I've read she may have had her identity stolen and used in fraudulent activity. She is an older woman who allegedly did not have the $130K investment required to parlay into a $2M option trade.

The point is not that older Croatian women are bad, but how do they know it was her and not someone else posing as her who used her name and accounts to park the cash? This to me is the real value in any of this 'identity management' stuff, and I hope that legislation can be drafted to craft a policy whereby companies are allowed to identify their employees and their harmful actions, as absolutely and with as much respect to privacy as possible.

Over and Out


Post a Comment

<< Home