Wednesday, May 21, 2008

Secure Identity Management

Identity Management

By Jill R. Aitoro  

What Is It?

One way to think about identity management is by imagining an
enormous blueprint of an office building. It shows the rooms into which
each person who works in the building can enter. The blueprint also
shows what kind of key each person would need to open the door to get
into that room, and what that person can do once they are there.

A computer network is like the building, and each room represents a
file, database or application on that network. The employees working in
the building are the users. The keys are the privileges that the system
administrator hands out to each person who works on the network,
providing access to a file, database or application. The keys also
determine what they can do while accessing a specific file or

Like building security, identity management is the most essential
form of information protection that agencies use. Yet, it also is among
the information security practices that are least used or properly

More Than Just a Password

Identity management is more than simply permitting a user to log on;
it controls what that user can do, similar to putting boundaries on
where a person can go once in a building. A systems administrator
assigns a credential of some sort, usually a number, to a worker. That
number allows the employee or contractor access to the network and
determines what resources can be accessed. It also can flag the
administrator (through a monitoring tool) if the user somehow gains
access to forbidden areas, or if the user is performing actions that
may indicate an attempt to gain entry to prohibited areas.

Requiring a username and password - whether to pass through a
firewall, to log on to a virtual private network or to open an
application - is identity management in its minimal form. At a more
sophisticated level, it incorporates biometrics (such as hand,
fingerprint or iris scans) to identify a user, to approve or deny
access (known as provisioning and deprovisioning) to resources, and to
deliver custom services (such as training materials and e-mails) based
on users' roles in an organization.

Identity management provides managers a custom view of the IT
environment for each user, determined mostly by job function and
security concerns.

Why Should I Care?

For the government, interest in identity management increased after
President Bush issued Homeland Security Presidential Directive 12 in
2004. It requires agencies to issue credentials to all federal
employees and contractors by October 2008. Cards will contain an
embedded microchip on which is stored personal information including
biometric data, such as fingerprints. Employees and contractors will
use the card to gain access to federal buildings and computer networks.
They provide a standard for identification and access, which agencies
can use to link into more comprehensive identity management.

Identity management also has increased in importance as networks
come under more attacks. In November, former CIA official Andrew
Palowitch said government and private systems had experienced 37,000
security breaches in 2007. "America is under widespread attack in
cyberspace," he said.

One of the most notorious examples of the potential harm that can
result without identity management occurred in February 2001 when the
FBI arrested one of its own veteran counterintelligence agents, Robert
Philip Hanssen. He gave more than 6,000 pages of documents containing
classified information to Russia and the former Soviet Union. He
downloaded most of it from the bureau's computers. Controlling access
to certain files makes it harder for insiders like Hanssen, or outside
hackers, to steal sensitive information.

Without proper security processes and technologies, users can wander
through networks virtually unimpeded. Employees, as well as hackers,
can slip into files and databases to peer into and steal sensitive
information. To protect this information, agencies will spend almost
$350 million on identity and access management technology in 2008,
according to INPUT, a Reston, Va.-based research firm.

Identity management also provides benefits beyond security,
improving business processes and information sharing. For example, a
centralized system that gives employees and contractors access to
networks also allows an organization's human resources sector to create
e-mail and Voice over Internet Protocol accounts in a matter of
minutes. In addition, a single sign-on capability that is linked to an
e-government application allows citizens to protect personal
information when accessing agency services online.

If managed well, IM better secures information that agencies share,
because it gives the information owners more assurance that it will not
be accessed by unauthorized users. Theoretically, the credentials
attached to an employee could extend across government, transforming
federal systems into an enormous information grid. But for now,
incompatible systems and a lack of standards make widespread
information sharing difficult. For example, agencies may define Top
Secret security clearances differently, so a systems administrator is
unable to specify in a user's profile an identifying code that all
federal networks can understand that shows what files the user may

The Latest on Identity Management

Despite the risks of unauthorized users electronically grabbing
private or sensitive information, many agencies have yet to install an
identity management tool. The reason: It's complicated. To begin
implementing IM on its networks, an agency's IT shop typically conducts
an inventory of systems to determine what information it stores, where
it is stored and how the right to access that information is assigned
for each application. Many are legacy systems or run on proprietary
programs built by the agency. That makes it difficult or impossible to
reprogram the systems or applications to interact with a commercial IM

In addition, an identity management program requires more work for
what is typically an already overworked IT office. Agencies have to
develop a central database to maintain identities, manage the access
rights for every user on the network and enforce a strict policy for
how that database will be managed.

Those obstacles may help explain why the Government Accountability
Office has found that agencies still are unable to properly secure
systems with IM tools. In an April 2007 report, GAO concluded that the
FBI continued to have major security weaknesses in its critical
computer networks, including failing to properly identify and
authenticate users or consistently configure network devices and
services to prevent unauthorized access. In September 2007, GAO found
that the Veterans Affairs Department, which reported two high-profile
security breaches in 2006, had not fully completed 20 of 22 IT security
recommendations that its inspector general made a year prior. VA failed
to adequately restrict access to data, networks and facilities or to
ensure that only authorized changes and updates to computer programs
were made, according to the report.

The Information Systems Security Line of Business, the
e-authentication presidential initiative and the 2002 Federal
Information Security Management Act provide hints about how to control
access once users are logged in, but agencies must determine the best
approach to meet their own requirements.

How Do I Get Started?

Perhaps most important in any successful IM strategy is to
consolidate access controls. Traditionally, controls exist at the level
of a software application. But security experts say that
application-based controls create a fragmented environment that is a
nightmare to manage and can open numerous doors for unauthorized users.
Trying to control access for each application is particularly
problematic for legacy systems, which tend to have many vulnerabilities
and flaws because the agency has not been able to test it on a large
scale as private software companies can do.

A centralized approach to IM allows agencies to automate and
accelerate the process. Typically, credentials can be maintained in a
computer's directory service, such as Microsoft Windows Active
Directory. That provides a single place to create or modify accounts,
and to approve or revoke access to business applications.

Beyond the technology, agencies need policies for ensuring that user
accounts are handled properly. Consistent monitoring of how resources
are accessed by employees and contractors might be the only way to
detect improper behavior. And many agencies do not have a process in
place to remove access when someone leaves an agency or team.

Agencies also need to ensure that employees and contractors are
properly trained on security procedures. The Centers for Medicare and
Medicaid Services, which is a part of the Health and Human Services
Department, requires all users to participate in computer-based
training when they are first issued a user ID and then again every year
when their IDs are certified.

The center also has an Information Security Program policy that
governs operation and safeguarding of systems; a Business Partners
System Security Manual, which addresses security for those in the
private sector; and it issues program memos that provide day-to-day
operating instructions, policies and procedures.

Sponsored by UNISYS

We know that modernizing your IT isn't just a necessary evil.
Accomplish your mission faster, better, and more securely with
technology, systems integration, consulting, and outsourcing from
Unisys. How much more could you squeeze out of you budget?

Find out with our IT Modernization Payback Calculator that helps you
see how much you could save it you could free the power of your IT.
Or, take a look at our best practice guides and set your IT free!

Click here to learn more now

Blogged with the Flock Browser

Sunday, May 11, 2008

The Superclass

We all bow to the Superclass
Globalization has fostered an international group of about 6,000 individuals who call the shots. Should they?

We didn't elect them. We can't throw them out. And they're getting more powerful every day.

Call them the superclass.

At the moment, Americans are fixated on the political campaign. In the meantime, many are missing a reality of the global era that may matter much more than their presidential choice: On an ever-growing list of issues, the big decisions are being made or profoundly influenced by a little-understood international network of business, financial, government, cultural and military leaders who are beyond the reach of American voters.

In addition to top officials, these people include corporate executives, leading investors, top bankers, media moguls, heads of state, generals, religious leaders, heads of terrorist and criminal organizations and a handful of important cultural and scientific figures. Each of these roughly 6,000 individuals is set apart by their power and ability to regularly influence millions of lives across international borders. The group is not monolithic, but none is more globalized or has more influence over the direction in which the global era is heading.

Doubt it? Just look at the current financial crisis. As government regulators have sought to head off further market losses, they've found that perhaps the most effective tool at their disposal is what the president of the New York Federal Reserve Bank described to me as their "convening power" — their ability to get the big boys of Wall Street and world financial capitals into a room or on a conference call to collaborate on solving a problem. This has, in fact, become a central part of crisis management, both because national governments have limited regulatory authority over global markets and because financial flows have become so large that the real power lies with the biggest players — such as the top 50 financial institutions that control almost $50 trillion in assets, by one measure nearly a third of all assets worldwide.

Most major companies are both bigger and more global today, which effectively makes them able to pick and choose among various governments' regulatory regimes or investment incentive programs. They play officials in country X against those in country Y, gaining leverage that makes the old rules of trade obsolete. The world's biggest corporations, such as Exxon or Wal-Mart, have annual sales (and thus financial resources) that rival the gross domestic product of all but the 20 or so wealthiest nations. The top 250 companies in the world have sales equal to about a third of global GDP (these are very different measures, but they give a rough sense of relative size).

Major media organizations such as Rupert Murdoch's News Corp., which is effectively controlled by a single individual, touch far more people each day than any national government can. Just a few weeks ago, Italian media billionaire Silvio Berlusconi once again used his extraordinary resources to win election as prime minister, which will give him a seat at G-8 summits and other global conclaves. Even global terrorist organizations such as al-Qaida or Hezbollah have both the ability, through their international networks, and the will to project force more effectively on an international level than all but a handful of governments.

The people who run these big international organizations can have much more power over key aspects of your daily life and over global trends than most officials in Washington are likely to have, except in the most extreme circumstances. They can affect investments and job creation, shape culture and influence lawmakers. The Federal Reserve Bank has played a critical role in the financial crisis, but it couldn't have intervened successfully without a financial leader like Jamie Dimon, chief executive of J.P. Morgan Chase, which stepped in to purchase the failing investment bank Bear Stearns.

The rise of the global superclass signals the latest evolution in the age-old tale of the few who corner the market on power. There have always been elites. But this contemporary group is very different from those that preceded it. Study these 6,000 or so individuals, and you'll find that unlike past aristocrats who inherited their wealth, many — Bill Gates, for instance, or Warren Buffett — have built their fortunes over their lifetimes. Many more come from the worlds of business, finance and media than in the past.

In a world with only two kinds of international institutions — weak and dysfunctional — the members of this superclass are filling a power vacuum when it comes to influencing decisions about transnational issues such as financial-market regulation or climate change. (Many countries voted for the Kyoto accords on global warming, but it took just Exxon and a handful of other oil companies to successfully lobby the White House to opt out and undercut the entire initiative.) In so doing, they raise real questions about the future of global governance. Will the global era be more democratic or less so? Will inequality continue to grow, as it has for the past three decades of this group's rise, or recede? Will the few dominate because the government mechanisms that traditionally represent the views of the many are so underdeveloped on a global scale?

Once again, the meltdown in global financial markets brings this aspect of the story into focus. For years, financial elites have argued that markets should self-regulate even as instruments grew more complex and risks more opaque. Then, when a crisis came, they used their influence to get top government officials to come in and help cauterize their self-inflicted wounds, warning of a "systemic failure." But critics are already correctly charging that new regulations to rein in global markets are largely protecting the interests of the richest.

One distinguishing characteristic of the superclass is the concentration of extreme wealth in the hands of so few. Inequality has always existed in the world, but the international trend toward leave-it-to-the-market policies of the past 25 years has resulted both in great growth worldwide and in growing inequality. Today, the world's more than 1,100 billionaires have a net worth that's roughly double that of the bottom 2.5 billion people on the planet. The richest 10 percent of adults worldwide own 85 percent of global wealth, while the poorest half only barely 1 percent. The world's almost 10 million millionaires have seen their wealth double to nearly $37 trillion over the past 10 years.

Growth is taking place, but it is disproportionately benefiting the few. And there's a sense that the issue of class conflict, confined not too long ago to the ash heap by our (premature) celebration of the "end of history" after communism's fall, remains with us.

A backlash is inevitable. Are these elites especially talented? Hard-working? Lucky? Some are all of these things. But conspiracy theories don't hold water in a group whose members are so diverse and self-interested. Still, when their self-interests align to cause them to act together, they can be hard to resist. They often get their way — and thus often get much more than the rest of us. And that leads to angry reaction. "When a CEO is making more in 10 minutes than an ordinary worker's making in an entire year ... something is wrong, something has to change," Sen. Barack Obama declares on the stump. Sen. Hillary Rodham Clinton chimes in that "it is wrong that somebody who makes $50 million a year on Wall Street pays a lower tax rate than somebody who makes $50,000 a year."

The next U.S. president will still be the most powerful person in the world because of his or her control of the nation's unparalleled military might and influence over our economic and political resources. But that influence is on the wane, for a number of reasons: the relative decline in the power of national governments; the relative rise in the power of others in the world's fastest-growing places; U.S. trade and fiscal deficits; and a third, geopolitical deficit arising from both damaged national prestige and what might be characterized either as Iraq fatigue or as having learned from the mistakes of the past several years.

None of this makes the decision that U.S. voters will make in November less important. Government still offers the average citizen the best means of counterbalancing the superclass or redressing growing inequality. And governments will have to play a key role in shaping the new regulatory frameworks and governance mechanisms that will be essential to a more balanced distribution of power in the global era.

But what it does mean is that "change" isn't just a slogan in this year's campaign. It's a reality that will redefine the landscape of power worldwide for U.S. presidents of the future.

Houston Chronicle Article

Tagging Goes Semantic With Zigtag

Sunday, May 04, 2008

Added New Widget

So here I am a twittering and blogging and...doing all kinds of net things. Following the Cyberwars induced by DARPACIADoDDoJ, et al, and feeling pretty good about myself. Good enough to blog this knowing that no one will ever see it (Law of probabilities).

Was just thinking of Ted Nelson and how he must feel round about now. Maybe he is in Sausalito on a boat creating trance-dimensional hyperforms of entheogenically hypertextual associations of something even more profoundly earth shattering than Xanadu...maybe?

But...he left the net when it became commercial and Xanadu never really took off - though you can search-street it all you want and who knows what you'll come up with?

Well, I've been mildly twittering a lot of late. Adding people to follow, gaining a few followers, and just generally enjoying the application I used to hate. I don't hate much of anything anymore if anything at all. Hate is such a useless causal emotion. Creates all kinds nasty widgits in ones' life and is in general a great big drag hate.

But twitter has a hidden core that most don't think about. It's technocity. I've gained a lot of new tech sites from twitter and am beginning to meet a lot of new technograds who make my twitter experience, well, worth while. Like ponzarelli, for instance @ponzarelli, whose got some very good content over at her blog. Or @nobosh who got me into nobosh a place I love a lot. Oh, too many to name and too many sites to garner to put em up all here right now like in this wee article but...I'm impressed.

May already and the day is bright and sunny but it'd be nice to hop on a plane and go to London for a spot of whatever with @jemimakiss who is a journalist of calibur and a sweet person. Yeah Ted Nelson. Too stuck up to use what you helped create?

Still, I wish you were here to share some of that marvelous brain of yours with us...outside the Xanadu format.

Neuroblogalistically speaking I know that one - is kind of crass - and not very shiny at all. But...out of the darkness comes the light, not the other way around, and the darkness shields the light from all that gooey dark stuff! Again we wax prolific using words with hidden meanings that make no sense.

Be it so! An old Zen saying goes like this: Just so! I guess it comes from the Japanese proclivity of using the expression 'So Ka!' when they've understood another one of your brilliant mouthings.

Ah, my days with the Soka Gakkai were pretty cool days and sometimes I wish I could hop on a Jet and fly away to japan, go to Mount Fuji, visit the Sho Hondo, do Tozan Tai, and drink some Saki whilst watching Sumo on some itty bitty T.V. made by Sony Corp., in some dark alley, in Sasebo, at a Kunyako stand - eating Kunyako and just...smelling the smells there.

Maybe, who knows, the web will take me back to that land and culture that I love so much.

Now do I really have to check this thing for typos? Have you seen Justin Raimondos' latest on the neo-cons' saber rattling at Iran? I doubt you'll find the piece at TechTalkz or at me.dium is at FFF as well as Lew Rockwells street it up if you've a mind to.

More and more lately I less and less that world of blitheringly insane and apocalyptic nihilism and nihilists. We make our own realities.

I never agreed to all the humans bashing humans that goes on in this world. So I'll do my bit to be more source, more I am, more in the now which always is for remember what Buckaroo Banzai said? "Wherever you go there you are." So true, so true, and the essence of all Chan/Zen discourse. Bringing you into focus in the now. So...whatever you focus on is what you are focussed on and that shaping brings that focus into objective form. Wombats unite!

And so that's it for the moment. Twitter me @vaxen_var and say hello to the moon for yourself. Pointing a finger at the moon...I saw? The moon... Seeing the reflexion of the moon in the dark pond there in Golden Gate Park, S.F., one night...I reflected back upon myself and came to G'day mates...