Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The best identity management advice right now

Roger A. Grimes | June 13, 2017
We've never been closer to getting pervasive, global identities. And with 2FA/MFA, you get all of the benefit with less of the risk.


Identity is the only security boundary that has ever mattered in computer security defense. Physical boundaries, firewall boundaries, security domains, forests, realms and virtual networks… none of those matter if a single logon credential that can access multiple domains is compromised.

Today’s identity solutions are able to access sometimes hundreds of thousands of different security domains using a single credential, but surprisingly can do so while decreasing overall risk. How is this possible?


Identity in the early days

In the early days of computers and networking, most people used a single logon name and password to access everything. This proved to be a very bad strategy, as the compromise of one computer could lead to a compromise of every other computer sharing the same logon credentials. Everyone was told to create a different password for every different system they accessed.


Identity mid-term

With most people now accessing dozens to hundreds of different password-protected resources, using different passwords for each resource required either writing them all down (a big no-no), using a password manager (which stored all the passwords and maybe also auto-logged people in as they visited all the different sites), or some sort of single sign-on (SSO) solution.

SSO solutions became fairly popular in the enterprise and password managers became fairly prevalent in the home user space. But both types of solutions have never worked across all security domains and platforms with a decent amount of consistency. A few broadly applying SSO solutions were created, tried and abandoned, such as Microsoft’s original Passport and the decentralized OpenID standard. None of the mid-term SSO solutions really took off despite all their promises of global use and acceptance.


Identity today

It took social media killer apps, like Facebook and Twitter, to run roughshod over the rest of the identity also-rans for new winners to emerge. Their huge user populations assured that whatever solution and protocols they used were going to end up being global and pervasive. New global identity standards and solutions popped up overnight — or so it seemed to identity observers. The new solutions were not always globally trusted and agreed upon. It hurt the feelings of many smart, dedicated people who had been working on other, potentially better solutions, for far longer. It didn’t matter. Assimilate or fall behind.

After the initial pain of being pushed around by a few 800 lb. gorillas subsided, the forced new standards ended up being a good thing. The end result is that we have fewer, but more popularly accepted SSO authentication standards to choose among. And they can be used across both enterprise and consumer platforms.


1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.