Holistic is not just for Yoga anymore: Identity & Security

There has been a lot of interest in security and identity management in light of regulatory pressures and in response to incidents of theft and loss. I recently wrote the following article for Security Magazine- an excerpt follows.

A Holistic Approach to Physical and IT Security
When a famous bank loses thousands of credit card numbers or a hospital loses medical records, the customers and patients do not ask whether the theft happened over the wire or because of a break-in. There is loss of trust and damage to the value of the brand regardless of the method of breach. But many businesses continue to treat physical and IT security as unrelated silos. This approach is no longer acceptable against the changing realities, and many companies are beginning to realize the value of an integrated approach to security.

Identity Management Maturity Model

The Sarbanes-Oxley Compliance Journal published my piece on a maturity mdoel for identity management. You can read the full article here.

Achieving Compliance Through Identity Maturity
2006-10-27 12:00:00.0 CDT

Where do you want to be and how do you get there?

By Anshu Sharma

Security and identity management have become an important issue on the radar of CFO’s and CIO’s as wave after wave of regulations in the areas of financial controls, privacy protection, and identity theft prevention are adopted in various countries. US companies will spend upwards of $15 billion on technology products and professional services this year alone in order to adhere to new compliance regulations, according to AMR Research, Boston.

The initial response by organizations to these regulations has been to adopt a piecemeal approach but a duct-tape approach to fixing every possible identity and security loophole results in high expenditure without a sense of how close the business is getting to its end goal. The end goal is to be a secure, well-managed organization with optimized processes for employee on-boarding and off-boarding, and efficient controls that prevent fraud and detect problems in a timely manner. The path to this goal traverses through various levels of maturity.

...read full article

Oracle OpenWorld by kumasawa (Creative Commons license)

Nishan Kaushik who is an identity management guru and architect for the Oracle Identity Management products has written some excellent pieces on provisioning and role management at Talking Identity Blog.