Is Identity Management really about Identity?
I was just speaking with Ian Glazer, one of the old Access 360 guys (now IBM) and we were discussing his recent acceptance of a job at TNT (who I have blogged about previously) and we were pontificating about whether or not the identity management initiatives that companies are starting are really about identity management at all.
To me identity management is all about being able to reasonably prove that the person acessing data is who they say they are and has access granted to them by role, device, application, and/or policy.
Data access management is the reactive or proactive management of a role or identity's rights to access data wherever it lives.
Today, data is like currency. The reason I say it is like currency is not because I grew up the Valley in California, but because data in general comes in many denominations, sizes, shapes, languages, and carries with it different valuations based on any number of factors. What companies, I believe, are struggling with is the problem of - there is all this currency floating around, with no central banking infrastructure to help manage or govern its value and exchange.
Think about it. It's the equivalent of everyone being a bank, with many denominations of currency, with no Federal Reserve, no FDIC, no World Bank, nothing. I can say I have $100, and to one person or organization it's worth $5 and to another person or organization it's worth $1000 with the value of the currency determined by the withdrawer, not the depositor.
Those with more data have more currency and worth, however they also have more risk, because their currency can be stolen with relative ease.
So companies who now have an exponential number of currencies under their roofs (real or virtual) are now trying to establish the underlying 'banking' infrastructure that is needed to determine currency's worth, protect it, and maintain its value in any exchange with any other bank or its currency.
So I ask the question again, are the identity management initiatives underway about identity after all?
To me identity management is all about being able to reasonably prove that the person acessing data is who they say they are and has access granted to them by role, device, application, and/or policy.
Data access management is the reactive or proactive management of a role or identity's rights to access data wherever it lives.
Today, data is like currency. The reason I say it is like currency is not because I grew up the Valley in California, but because data in general comes in many denominations, sizes, shapes, languages, and carries with it different valuations based on any number of factors. What companies, I believe, are struggling with is the problem of - there is all this currency floating around, with no central banking infrastructure to help manage or govern its value and exchange.
Think about it. It's the equivalent of everyone being a bank, with many denominations of currency, with no Federal Reserve, no FDIC, no World Bank, nothing. I can say I have $100, and to one person or organization it's worth $5 and to another person or organization it's worth $1000 with the value of the currency determined by the withdrawer, not the depositor.
Those with more data have more currency and worth, however they also have more risk, because their currency can be stolen with relative ease.
So companies who now have an exponential number of currencies under their roofs (real or virtual) are now trying to establish the underlying 'banking' infrastructure that is needed to determine currency's worth, protect it, and maintain its value in any exchange with any other bank or its currency.
So I ask the question again, are the identity management initiatives underway about identity after all?
posted by Mark Mac Auley at 8/24/2005
Get My Identitystuff Newsletter
5 Comments:
I believe the the depositor and the withdrawer both set the value of the data. As a depositor, I set a value of the data to me. As a withdrawer, you may think my data is worth less than I do. But if you withdraw below my set value, you are, in a sense, "stealing" the data. My medical records are worth a lot to me. You grabbing a copy of them for free is clearly not acceptable.
This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
This comment has been removed by a blog administrator.
Post a Comment
<< Home