Like many, during lockdown I’ve been catching up on a number of Webinars. It’s given me the opportunity to do some catch up in the Identity Management field.
During the EEMA annual conference, a distinguished speaker observed “We are in danger of re-inventing the wheel, without learning from the past”, which caused me to reflect on the identity lessons from my identity management past. (Apologies to the speaker, I forgot exactly who made the comment).
My first reflection is:
- Identity Management technology is easy
- Scalable Identity Management technology is hard
- Securely deploying Identity Management technology is hard
Which is where the conundrum lies – the “next generation” see the current solutions as hard to deploy, and think there must be an easier way, and sure enough come up with an idea for “easier technology” – get momentum, then stall because scaling and deploying it is hard!
My second reflection is there are three domains of identity:
- Citizen identity
- Consumer identity
- Business identity
These are fundamentally different things, with different requirements and challenges. Don’t let your “solution” confuse them – you will fail. Yes, there are common technologies that will play a part, but the scalability and deployment challenges are fundamentally different.
My third reflection, I’ve probably been in the game too long to offer new solutions, it is time for the next generation – but please do study history, the challenges are not new.
As we approach the Christmas holiday period, I thought I’d share a cautionary tale on setting up your Out-of-Office auto-response. For quite a while now I have been building a relationship with a prospective customer. While I have had discussions with a person there – let’s call him Bob – Bob has worked hard to keep his privacy. Continue reading “Out of Office Dilemma”
So, Tesco was hacked. Although there is no official word yet on how this happened, the chatter among people far smarter than me are suggesting the issue is related to passwords and the Tesco Club card.
Followers of CyberMatters will recognise that I often blog about password issues. Is there anything new to say on the subject I hear you ask? Yes… Continue reading “Payment Services Directive”
I’m getting fed up with marketing that says “Passwords must die” only to present yet another solution that won’t replace them.
The challenge to solve is ubiquity – this is why passwords have stood the test of time, even with their obvious and proven shortcomings.
Continue reading “We cannot let passwords die (yet)”
As we rapidly advance to the new world of the Internet of Things, security is slowly but surely starting to be talked about. Managing keys is an important part of this discussion.
Continue reading “Considerations when Managing IoT Device Keys”
A few weeks back, I worked with the SH&BA to publish guidance on the Security of your Smart Home.
Shortly before we went to print I sold my car, and suddenly realised there was a big gap in the document.
Continue reading “How do you dispose of your Smart Home?”
According to the latest UK Cyber Breaches statistics, three-quarters of large organisations suffered a staff-related breach and nearly one-third of small organisations had a similar occurrence within the last year. Continue reading “The Insider Threat”
As 2016 approaches, I thought it would be nice to look back on 2015 and share with you the Top 10 most viewed blog posts here on Cyber Matters. Let the countdown begin … Continue reading “Cyber Matters Top 10 posts from 2015”
Phishing is one of the most common forms of cyber-attack at the current time. Effectively attackers try and fool you to providing sensitive data such as user names and password into fake web sites. Continue reading “Phishing Nets”
At the Smart Homes and Building Association (SH&BA) “Smart Home Breakthrough Summit” last week, a new Cyber Security Manifesto was unveiled by CONTEXT, a leading European IT market analysis company, and the SH&BA Security Panel. Continue reading “The Smart Home Cyber Security Manifesto”