A few months ago, I had the honor and pleasure to sit down with one of the most awesome people in Privacy, Michelle Dennedy, Chief Privacy Officer at Cisco, and record one of her Privacy Sigma Riders podcasts. We were in Austin. We were pumped to finally get together. We were heavily caffeinated. And we didn’t actually record anything… save for the last 25 secs of what was a 45 minute conversation. Fail… fail… fail!
So semi-undaunted, we tried again in November. This time we had professionals helping out… and we needed it. Good news is we actually got it recorded! Michelle and I wander about topics of ethics, empathy, how privacy and identity are related, and IDPro, the professional organization for identity management.
Without further ado, check out our conversation on Privacy Sigma Riders!
(Thanks to Kim Cameron for prompting me to write this down. Special thanks to Chuck Mortimore for his insight and probing questions and who helped me improve this.)
In the identity industry, there’s been a lot hype these days around self-sovereign identity. The latest permutation in the quest for user-centric identity, self-sovereign revisits the laudable goal of enabling people to be in better control of how information about them passes to enterprises and organizations (but now with added blockchain.) To be clear, increased individual control is an important goal and one that incredibly sharp people have been working on for 15+ years, going back to InfoCard and Higgins.
Before I discuss why self-sovereign has a real chance at widespread adoption, it’s important to understand why identity technologies and approaches get adopted in the first place. At least, three things are required:
- People who will use the identity system
- Organizations willing to consume identities from the system
- Significant and relatively equivalent value for both groups
You need a lot of people to use an identity system for mainstream adoption. You get those people by providing enough value to them either in hard currency (e.g. you give them a cut of what their personal data is worth, extend discounts in lieu of currency, or free services) or in efficiencies (e.g. never fill out an account registration form ever again) or in security (e.g. your account will be harder to hack) or in privacy (e.g. your data will never be resold or your data is anonymized.)
Continue reading Why self-sovereign identity will get adopted (and it’s not the reason you probably want)
In Part 1 of this series, I discussed the types of attackers who can weaponize your identity systems, use them to cause harm. In Part 2, I introduced the design goals of the Maturity Model as well as the disciplines needed to implement the Maturity Model. In this post, I’ll discuss each of the 5 levels of the Maturity Model and controls you should put in place to achieve those levels.
Level 1 – Managed
This level is table stakes. It optimizes your organization’s existing security controls for identity systems. I believe it helps make compliance with things like GDPR easier but it is in no way a “cure all” for regulatory burdens. To achieve Level 1, you’ll need a combination of access control, data protection, and audit:
- Access Control
- 2FA for admins
- No developer access to production data
- No program-lead access to production
- Data Protection
- No insecure data transfers
- No insecure data staging
- Data encrypted in transit
- Audit all admin system configuration changes
- Audit user access to systems
Some of things to note… 2FA for admins is just good practice in every setting, especially if you do not have a privileged account management procedure in place. We often hear about “no developer access to production” but in an era of DevOps, you want your developers in production… but that doesn’t mean they need to access to production data, just the production systems themselves. Similarly, while developers get a lot of attention, one constituency that doesn’t are program leads. People like me should not have access to production. If you oversee an IAM program, you should not have any sort of administrative access to your production systems. Sure, you are an end-user of those systems, like everyone else, but you should not have any other privileges.
Probably not a lot of surprises in the Data Protection section, but we still see people getting tripped up by staging data insecurely.
Audit too comes with little surprise. Know what admins are doing to your systems and know who it using your systems. Continue reading A Maturity Model for De-Weaponizing Identity Systems – Part 3
In the first part of this series, I discussed different kinds of attackers and why they attack our identity systems. I also discussed how they can weaponize our identity systems, turning what is meant to deliver services and do good into something that can be used to cause harm. In this part I’ll talk about the goals of the model, the disciplines needed to do this work, and the levels of maturity.
Goals of the Maturity Model
When coming up with this maturity model, I had 4 goals in mind:
- Defend against all attackers
- Balance protection and productivity
- Achieve greater transparency
- Promote data provenance
Defend against all attackers
Since all 3 kinds of attackers can weaponize identity systems, we have to defend against every time of attacker: Bulk, Single Data Subject, and Successor. However in order to do this requires that we have specialized defenses against each type. Said differently, a generic defense is in effective. In fact, one can think of this maturity model as a specialization of existing security controls for identity systems, but more on that later. Continue reading A Maturity Model for De-Weaponizing Identity Systems – Part 2