If you come from a software engineering background, the tradeoff between requirements, quality and delivery dates is one you’ll be intimately familiar with. In corporate or transaction law, there is a natural tension between facilitating deals promptly and with least friction whilst satisfying critical legal and policy obligations. Investment professionals balance risk against return with every trade they make or advise.
I’m increasingly struck by one of the balancing acts we need to perform in the digital identity profession: ‘knowing’ who someone is, whilst affording them an appropriate level of privacy and security.
“Appropriate” and “knowing” are perhaps dangerous words to use: they are open to wide interpretation, and will change with context. Different transactions have different needs; different societies or interest groups have different sensitivities and tolerances.
There is, however, an increasing and noticeable trend in the direction of the use and sharing of ‘verified’ attributes which warrants careful consideration. There are absolutely cases where such sharing has value – permissioned sharing in the provision of financial services, for example, holds much promise in terms of driving down the costs of regulatory compliance, providing better security and improving customer service and access. There are also examples where the quid-pro-quo is perhaps less clear – age verification? Registering an account to read an online publication (not comment – just read)…?
There are other areas where balance is important. In this month’s issue, you’ll find the second part of Ken Robertson’s series on Privileged Access Management (if you missed Part I, you’ll find it in the January 2018 issue). PAM is a critical part of an identity (and system) security strategy; as Ken points out, the success of a PAM program depends in part on understanding which systems to protect first; how to protect legacy systems; and which technologies will best fit the needs of the organisation as a whole. In other words: balancing the identity security priorities against the other daily needs of the business.
Finding balance is one thing, keeping it is another! These are hard questions – finding answers (and convincing others that you are right) takes time, effort, and energy. It’s all too easy to sit back at that point – but circumstances change, technologies evolve, challenges mutate. Sometimes, that means the answers will change too. That doesn’t mean the original answer was wrong; just that it’s wrong now. It’s OK to course-correct, if that’s what the situation requires.
Of course, you might also find you need to balance a change of direction against a strongly held principle… but in the interests of balancing my desire to get into the topic of ‘principled identity management’ and the word limit for the editorial, perhaps I’ll leave that to another time.
Chair, Editorial Committee
Board Member, IDPro
IDPro is a professional organization for practitioners of Identity and Access Management
Register now for the @idsalliance and #IDPro joint webinar, “Helping Organizations Succeed in an Identity-Centric Security World” – Feb. 23 at 9:00am PT/12:00pm ET http://bit.ly/3HwTYmq
The sixth annual IDPro® Skills, Programs & Diversity Survey is open! It aims to measure the diversity, goals, interests, skills and trends among identity professionals and the enterprises that employ them. Take the survey: https://www.surveymonkey.com/r/IDPro_2023_Skills_Survey
To help solve the #IAM skills gap, #IDPro has created the #CIDPRO which can expand candidates' #digitalidentity knowledge and fill experience gaps. Learn more by reading our CIDPRO webinar recap blog: https://bit.ly/3Idk5jj
The Internet Identity Workshop (#IIW) XXXV took place from November 15-17 and provided an excellent opportunity for #digitalidentity experts to convene and discuss #IAM topics. Learn more about this recent event by reading our recap blog: https://bit.ly/3WtmGdd
The #IDPro webinar covering Issue 10 of the Body of Knowledge (#BoK), featuring an overview of the three new articles and six refreshed articles, is starting now. Join the webinar: http://bit.ly/3HbxY0c