A Maturity Model for De-Weaponizing Identity Systems – Part 1

It’s no secret that we, as identity professionals, are the custodians of some of the most crucial information in our enterprises. We hold information about employees and customers in our identity systems in order to deliver them services that range from productivity to entertainment to personal health and wellbeing.

And as professionals, none of us want to build systems that can harm other people. Certainly, none of us want to build systems that can be used to harm ourselves. At the core of our professional code of ethics is the spirit of “do no harm.”

Now it is true that if our identity systems are of value to us and to our employers, then they are of value to attackers.

Who are these attackers?

There are two kinds of attackers: bulk and single data subject attackers; let’s look at both.

Bulk Attackers, as the name implies, want bulk data… they want all the data. Why they want all the data can vary widely. They might be interested in a single vendor’s customers. Or they might be interested in everyone in a region who shares a medical condition or ethnic heritage, or employer. They might be setting up for a later spear phishing attack. They might be putting the pieces together for an ethnic minority oppression campaign or a voter suppression campaign.

On the other hand, Single Data Subject Attackers are only interested in a single data subject. They are focused just one individual. Why? They might want to take control of a celebrity’s mobile phone for the lulz or leak personal photos to the web. They might be interested in dox’ing an adversary. They might want to make an ex-spouse’s life a living hell.

But there is a third type of attacker

Bulk and Single Data Subject are not the only kinds of attackers. There is a 3rd kind. And who is this attacker? Well, if you are President Obama, this attacker is President Trump. If you are me, then this attacker looks like my colleague Alexa. Alexa is new to product management and has a bit of experience in identity management. She is damn smart and I know with a little more seasoning she will make one hell of a product manager; she will be able to replace me. You see, this third kind of attacker is the person who has your job next. I call these attackers Successor Attackers.

Successor Attackers?

You trust yourself not to do something horrible with the identity systems you look after. Hopefully, you trust your team to do the same. But what about the person that comes after you? This person can do everything you can do with your identity systems. Now that may be just fine if you have trained this person, spent time with them, and know their character. But what if you don’t? And even if you do know she who succeeds you, you don’t necessarily know all of her situation.

Successor Attackers are compromised users. But unlike a user who has had their account stolen by an attacker, Success Attackers are not technically compromised users. However they are financial, ethically, or morally compromised. They are willing to cause harm, directly or indirectly, in the identity system you look after… after you are gone. They may be forced to do the same. Success Attackers just want to do their jobs. But they may be promised a promotion to something questionable with you identity system. They may be force to do so in order to stay employed. They may be promised a bonus either above or below the table to misuse your identity system.

Point being that these attackers can do everything you can do with your identity systems but they originate from a different ethical and moral starting point than you.

Imagine you built an amazing identity system that your employer uses to deliver great service to your customers. Now imagine your company is bought out and you are let go. The acquiring company sees your identity system, not as a delivery vehicle for service to customer, but a means to deeply profile those customers in order to see those profiles to a third party. How would you feel about that?

Or imagine that you have built a system to help route people seeking asylum from failing states to social services they can use to get back on their feet in your country and become productive citizens. This system helps transform the most vulnerable into the most productive. But a new administration comes along and decides to use the very same system to identify people to turn away at the borders or to deport. And since this is a new administration, you may no longer be there to have a say. How does that make you feel knowing a system you help build to do enormous good has been weaponized to cause harm?

Weaponization of Identity Systems

Any of these kinds of attackers can weaponize your identity system. They can use what you have built, what you look after, what you care about to cause harm. Identity professionals we must do more to prevent weaponization of our identity systems. It is our professional obligation to do so. We must do so because our stakeholders expect it. We must de-weaponize our identity systems. And in the next part of this post I will discuss how we can do just that.

2 Replies to “A Maturity Model for De-Weaponizing Identity Systems – Part 1”

Leave a Reply