This is the year of identity, said Jon Shamah, chair of EEMA, as he addressed the audience today. Which is a line you might expect from the host of ISSE 2016, a long running identity and authentication conference.
ISSE, which has been around for 17 years and discussing the problems of identity for just as long, has achieved a new relevance in public consciousness. Not a day goes by without some kind of identity or identity fraud story in a national newspaper. This, said Shamah, is an age when you can go out and actually find someone on the street who knows even a little bit about this subject.
Still, though siloed thinking besets so many within the industry, preventing them from seeing the common thread that identity runs through the security landscape. “It's not the threat you know about that's going to bite you in the leg,” it's the thing “just over the horizon”.
Those silos need to be broken down, that “is what ISSE is all about” concluded Shamah, before handing the mic to Kim Cameron, Microsoft's identity architect and author of the seven laws of identity.
Cameron began saying if you were undressing of the state of identity on the internet, “you would be, I should say, concerned”. The internet's idea of identity was founded on the need to build relationships, built by people operating outside of any formal governance structure and “who didn't understand the threats”. Basically, it's “a mess that we've inherited”.
“On a different day I might be depressed about that”, said Cameron. The regrettable state of identity on the internet is perhaps offset by the fact that increasingly, CEOs are beginning to understand the cost of poor security and regulation is slowly making its way into what was once an “unsupervised playground”.
On the other hand, threats have become much more sophisticated: “rather than just a bunch of college kids it's a bunch of college kids with PhDs who've graduated and are supported by not just criminal groups but states”.
Camerons solution? Increase security by introducing cloud services that would be professionally run and cheap, something that “not a lot of people can afford to do”. To democratise the process, “what is required is a worldwide system of signal gathering and analysis.”
The enterprise domain boundary is withering away. Where once enterprises may have had to deal with a relatively secure and simple app to domain federation model, they now have to deal with an app to world federation model. An evolution is required, said Cameron,“Enterprises need a way to have their applications navigate a whole series of different information sources” from partners, customers and employees in order to move forward.