Is all this really about Identity Management or Trust?
I got to thinking again about whether or not Identity Management isn’t mis-named. What I have come to believe having worked on implementations, secured networks, looked at NAC, FFIEC, SOX, HIPAA, and other compliance initiatives, what it comes down to is how do we know who to trust?
We have all of these semi-pc ways of trying to justify the intrusion into our personal lives and exploiting privacy loopholes, yet we still have to keep coming up with all of these applications/solutions/etc. to prove that we are trustworthy to our constituency – wives, kids, family, neighbors, employers, towns, counties, states, country, and ultimately ourselves. Since this is geared towards the business folks who are tasked with establishing trust I will stick to that for this entry.
Businesses, and by that I mean employers, are tasked with collecting and maintaining a lot of information about employees including prospective, current, and past. They are also in the position where this information ultimately HAS to establish trust at some acceptable level for us to be hired. In the IT world I will equate this to getting an account.
Once we are employed, and verified as a trusted employee, we are then monitored, validated, revalidated, challenged, and tested hundreds of times a day about who we are and are we trustworthy. Firewalls, logins, content blockers, badges, token fobs, biometrics, etc. are all part of this never ending process of maintaining trust. I would add for good reason in some cases (MCI, Enron, Tyco), but I think a lot of it is lawsuit-avoidance for the littler stuff.
So then isn’t the root of Identity Management really the ongoing validation of trust? Taking it a step further, isn’t it also about insuring we trust ourselves not to surf for porn, send blueprints for the new Jet fighter to China or ‘Uranium Enrichment for Dummies’ to Iran? Is Identity Management about externally imposing a sense of conscience to keep our own in check?
Adults do stupid things, like sell secrets to foreign governments, try to pick up teenagers in chat rooms, and a whole lot of other less interesting stupid stuff every day. Are we subconsciously trying to see where the shallow end of the gene pool is? Are we trying to control trust which would appear is a very fluid thing?
I’ll have to blog some more on this and see what comes of my rants…
We have all of these semi-pc ways of trying to justify the intrusion into our personal lives and exploiting privacy loopholes, yet we still have to keep coming up with all of these applications/solutions/etc. to prove that we are trustworthy to our constituency – wives, kids, family, neighbors, employers, towns, counties, states, country, and ultimately ourselves. Since this is geared towards the business folks who are tasked with establishing trust I will stick to that for this entry.
Businesses, and by that I mean employers, are tasked with collecting and maintaining a lot of information about employees including prospective, current, and past. They are also in the position where this information ultimately HAS to establish trust at some acceptable level for us to be hired. In the IT world I will equate this to getting an account.
Once we are employed, and verified as a trusted employee, we are then monitored, validated, revalidated, challenged, and tested hundreds of times a day about who we are and are we trustworthy. Firewalls, logins, content blockers, badges, token fobs, biometrics, etc. are all part of this never ending process of maintaining trust. I would add for good reason in some cases (MCI, Enron, Tyco), but I think a lot of it is lawsuit-avoidance for the littler stuff.
So then isn’t the root of Identity Management really the ongoing validation of trust? Taking it a step further, isn’t it also about insuring we trust ourselves not to surf for porn, send blueprints for the new Jet fighter to China or ‘Uranium Enrichment for Dummies’ to Iran? Is Identity Management about externally imposing a sense of conscience to keep our own in check?
Adults do stupid things, like sell secrets to foreign governments, try to pick up teenagers in chat rooms, and a whole lot of other less interesting stupid stuff every day. Are we subconsciously trying to see where the shallow end of the gene pool is? Are we trying to control trust which would appear is a very fluid thing?
I’ll have to blog some more on this and see what comes of my rants…
1 Comments:
Mark:
I enjoyed your blog about trust. I blogged about it here.
Thanks,
Mark
Post a Comment
<< Home