By Dr. Guy Bunker @guybunker
We need to share information, we need to collaborate – but there is a challenge. The more you share, the more risk you create. It’s a cross between the game Chinese Whispers and ‘keeping a secret’… as soon as another person has the information, you lose control of it. It is then open to interpretation (Chinese Whispers) and falling into the wrong hands (“I didn’t think you would mind if I told them…”). The key element here is people.
From an organizational perspective the people you share information with need to be trusted, both inside and outside the organization. For those who don’t think about the internal aspect, remember that most information leaks come from inside. It’s not the Manning and Snowden’s, it’s the everyday innocent mistakes, the sending of email to the wrong person, as per the recent Bank of England incident or the loss of a USB key or even a forgotten printed report. But if you have to share information, and you have to share information outside the organization, then how can you ensure that you are sharing it with the right person or people?
Identity. Identity is the missing component from sharing information. Within social media you share information with ‘friends’ who you judge to be a friend because of their name or a picture that they post. (Neither of which are good means of identifying someone!) In business you may never have met the individual you are communicating with, so identity becomes really important.
Identity is not a new problem. At the Jericho Forum, we published “The Identity Commandments” which looked at theoretical needs to the issues which are to be overcome. When you think about identity, you realise that you are not in control – identity exists around the organizations who require it, and this is not shared. This is why you have multiple usernames and passwords. The real challenge is to come up with a ubiquitous standard that everyone can use and share, with the right assurance level required for collaboration. This has been tried before, but failed primarily due to a vested interest from one organization, negating the ‘trust factor’ of the solution. However, in order to overcome the challenges of vested interests and to ensure that there is an identity solution which will be workable under multiple different use cases, the Global Identity Foundation (GIF) was set up. GIF is a not-for-profit organization, founded by fellow Jericho board of Management colleague, Paul Simmonds, which builds on the work of The Jericho Forum and brings together both vendors and security experts to develop a single, open source, digital identity ecosystem.
Today, identity is not just about people, it is also about devices, applications and even organizations. Furthermore it needs to be trusted – globally; by the US, by the Chinese, by the biggest banks and by the smallest corner shops.
When a global identity ecosystem is in place it will become easier to collaborate more securely. It will be easier to share information with those you have never met and be assured that they are the right people to be sharing with – both within and outside the organization.
With the breaking news of the recent US data breach which impacts 4 million government workers the question is, would better identity help? The answer is yes, in several different ways. Probably the most important being that the information that has been compromised would not be useful to others – if the owner (the government worker) was in control of it. Illegitimate applications for bank accounts and any form of impersonation (or identity theft) would be made significantly harder. Furthermore, the owner would be fully aware of where / when someone was trying to abuse their identity – rather than learning about it when the letter arrives through the post.
Will GIF be successful, time will tell, however it is addressing a problem which dogs organizations today and as a not-for-profit, it should achieve more than previous attempts as they understand the real issues that need to be overcome without the vested interests of any one global organization.