Studies completed in July 2003 by both Gartner Research and Harris Interactive indicate that in the previous 12 months, approximately seven million people were victims of identity theft in the US alone. This number has increased significantly since then - on a global scale.
Again in the US, studies reveal that fraudulent charges associated with identity theft now average more than $90 000 (R560 000) per name used and nearly 85% of all victims find out about their identity theft case in a negative way.
Most significantly, the emotional impact of identity theft has been found to parallel that of victims of violent crime.
Guarding identities
For organisations charged with the task of guarding the electronically captured data linked to the identities of staff, customers, partners and other people with whom they are associated, the most effective prevention against theft is a sound, well-conceived management programme.
Identity management solutions are gaining in popularity, particularly in the financial services sector, as a large majority of people who have had their identities stolen are the victims of credit card fraud.
That said, users` identities are at the core of any business. For example, many organisations in the social services and medical fields assign digital identifiers to individuals in order to represent their rights and privileges in many areas of society. Their identities allow them to gain access to many material benefits.
Stolen
There are three main ways in which digital identities - defined as representations of human identities, used in distributed network interactions with other machines or people - are stolen:
1. Financial identity theft involves the imposter`s use of personal identifying information, primarily an identity number, to establish new credit lines in the name of the victim.
2. Criminal identity theft occurs when one person`s identifying information is given in place of another`s to law enforcement.
3. Identity cloning is a category in which the imposter uses the victim`s information to establish a new life. This crime may also involve financial and criminal identity theft as well.
Identity theft is a high profit, low risk, low penalty crime as law enforcement officers are often pre-occupied by other, more violent crimes and assign low priorities to this level of fraud.
Yet inadequate security policies and processes place the corporate brand and reputation at substantial risk. The costs are high.
Challenges
Many organisations face challenges when it comes to managing the access to information and applications hold identity data and which are distributed on both internal and external computing systems.
This is compounded by an explosion in the number of users of these systems from many different sources - both inside and outside the organisation.
The management of multiple versions of user identities across many applications makes the task even more daunting.
Therefore the effective management of users` identity, credentials, and access rights must be implemented as a mandatory security consideration, a business imperative and a non-negotiable user expectation.
Where to start?
The key components of identity management are management tools such as provisioning, delegated administration and self-service administration. They are backed by basic authentication mechanisms and access management systems that apply policy to an authenticated identity.
To learn about these components, organisations need to follow a four-step process:
1. Education - Understand the meaning and dimensions of identity in computing, specifically in your environment. Will it be one product, multiple products or a product suite that will meet your requirements? Are there single sign-on authentication, enterprise directory and user provisioning requirements? Do you have legacy systems that need to be addressed and incorporated? How will this be audited?
2. Request for information - Issue an RFI for each of the identified areas to better understand each one and to see where the overlaps are, if any. Often vendors have different ideas on what constitutes identity management and what the components of a good identity management solution are.
3. Proof of concept - After extensive paper studies and vendor interviews, which typically will include demonstrations of the proposed solutions, you will have a shortlist of vendors with solutions that could fit your environment. It is crucial to involve the business users to ensure that their issues are addressed as well and they will probably use some of the tools for user provisioning and other tasks. The POC will show whether the solutions chosen are suitable.
4. Roll-out - Once the tools are selected, embark on an initial deployment. The business part of the roll-out can run concurrently with the technology roll-out and will typically include a pilot to give the users time to get involved, and adjust to new processes and tools.
Whether a company is looking to create a single sign-on across many disparate systems, manage the help-desk impact of password management, implement stronger authentication techniques, minimise the management load of provisioning users or assure that their audit capability is sufficient to meet compliance requirements, identity management offers techniques to reduce system and process complexity while increasing product speed in operation and deployment.
Share
Editorial contacts