Article
Security & identity management
This article has been taken from The Gen Newsletter - Summer 2007.
Click here to download the PDF
From personal identity protection to preventing corporate-level fraud, security management is now a universal issue. And although problems may be multiplying, solutions are equally diverse – ensuring that effective protection (for a realistic cost) is now a significant challenge.
When considering a security management strategy, four main issues come into play.
Legislatory drivers
Following the scandals of Enron and WorldCom, legislation for audit compliance has increased (Sarbanes-Oxley in the US, for example, or PCI, the industry security standard for payment cards). All aim to protect against fraud (particularly accounting fraud) and promote good governance. However, the result is a costly administrative burden placed on organisations as they strive to prove compliance; in addition, the effectiveness of compliance processes is widely challenged. In practice, compliance focuses primarily on documentary work-flow and approvals – specific actions may be sensible in isolation, but in aggregate, change has proved painful in its impact on work culture, processes and systems.
Increased openness versus increased security
The desire for open access across information systems comes from a commercial need to simplify the interface between business and IT, and the trend for business processes to span multiple, globally spread organisations, including new acquisitions. Mature integration technologies, such as service oriented architectures and thin client applications, also encourage openness. But in reality, access is open only to proven users and to specified levels of information, and the processes required to establish such credentials can be more complex than the systems they are designed to protect. There are also clear parallels with the internet, now rightly considered a hostile environment where no connection should be made without a properly configured firewall – internal systems and processes will soon be considered just as dangerous.
Protecting and securing identity
Access control is predicated on an ability to correctly identify and authenticate the individual – who may want to use a computer system, or cross the doorstep to read a utility meter. Increasing electronic access to finance also gives a significant value to identify subversion, made more tempting by the fact that a single sign-on can compromise all systems to which an individual has access. However, whereas ‘stolen identity’ is a real and worrying threat, human behaviour remains amazingly insecure. Currently, security is often dependent on a physical item such as a swipe card, but card and holder are not securely bound. Increasing reliance on digital identities may therefore lead to the development of systems dependent on secrets that an attacker is incapable of replicating.
Products and services for security, trust and identity
Identity management is not just about enhancing security, but about simplifying and personalising the user experience whilst delivering protected privacy and control. Getting the balance right between these often conflicting interests is now a significant challenge. There is also a growing awareness that effective identity management is not necessarily cost limiting. It can improve return on investment, increase product holding, customer retention and ultimately, margins. Enabling trusted security control is empowering, catalysing the creation of new services and revenue streams. Many of the technologies required to achieve this level of freedom already exist, but need expertise and innovative thinking to effectively combat new challenges. Interestingly, ingenious security mechanisms are already emerging – for example latent security properties hidden within traditional technologies such as bar codes or devices used in drug delivery. Of course, new technologies hold the key to even more effective identity protection. Governments and industry are investing heavily in security and identity management. These are major threats facing society with potential to erode the safety and privacy of the individual as well as products they use. To combat this threat, existing and new technologies must be combined with innovative, inspired thinking to create trusted products and services that provide water tight security and which cannot be breached.
Sagentia and security
With many years’ experience in this evolving field, we continue to develop both our own groundbreaking security technologies, and highly innovative solutionsfor our clients. Recent projects include:
BioNcrypt Based on ‘public and private key’ concepts, a means of confirming ID without storing any biometric information
‘Cardholder not present’ Technology to authenticate payment card with account holder, developed with Telsecure
Secure workflow Security middleware that enables low cost incorporation of identity management and auditory compliance within business processes
Secure random number generator High security engine to determine the random outcome of high value games – developed with a leading international gaming provider
Novel ID system Secure, automated drug identification to ensure drug authenticity and correct drug concentration. Sagentia’s ID technology was part of a product life extension project for AstraZeneca which allowed the company to enter new markets
Thin film label Patented retail security label established the state-of-the-art for industry and created a new business for Meto.
For further information contact security.identity@sagentia.com