2009 Identity Management Mid-Year Report: A brief look back and ahead

Back in January, I shared some of my observations on 2009 Priorities for identity management in the new economic reality people are faced with - productivity, security and manageable IT projects. This year’s economics have forced people to do more with less, manage tighter budgets and maintain enterprise security while dealing with re-orgs and layoffs. While 2008 was the worst year to date for data breaches, 2009 hasn’t been much better if you look at this chronology of data breaches, including the recently disclosed incident at Goldman Sachs. The Identity Theft Resource Center keeps tabs as well, and has a nice snapshot of high-profile data breaches. Many of these are the result of unauthorized access, some combined with placing malicious code on servers or laptops to siphon off data. It’s amazing the methods that are being used to access systems, steal data, sometimes extort money and always damage reputations. Potential impact of the Goldman Sachs’s unauthorized upload of proprietary software is still under investigation, but information on how easy it was to pull off makes for scary reading. Given the potential impact of data breaches, there has been significant progress made to tighten access to systems, so let’s review some of the relevant things that are happening in identity management. Following are three areas, I believe, we need to watch for in the latter half of 2009.

Biometrics Hit Stride, Will Gain Even More Steam

Frost & Sullivan projects the European biometrics market to triple from 2008 to 2012, as biometrics are used more now to secure access and prevent breaches. With fingerprint biometric readers and other scanners embedded in everyday devices, the ability to tie unique identity to access via strong authentication means has a profound effect on overall data security.

EHRs Become Focal Point of Healthy Debates

Electronic Health Records (EHRs) are also making headway, thanks in large part to the Recovery and Reinvestment Act of 2009. A large portion of the discussion is based on healthcare access management, patient data security and user authentication. Security assurance is a key hurdle to widespread EHR adoption, but using strong authentication capabilities that are now widely available is a significant enabler to achieving the benefits EHRs promise, while minimizing the security risk. Watch for these specific debates and discussions to progress in 2H 2009.

Greater Emphasis on User Workflows Considered in Product Development
While biometrics authentication has certainly played a role in making user lives easier, new developments around walk-away security and faster access to systems are shortening the process to secure logon. By making it easier for users to come and go from a system, there is less password sharing and improved employee productivity, while encouraging and enforcing better overall identity and password policy management.

What areas do you see most, now that we are half way through 2009?

What issues do you seek to solve?

How can identity management better serve you? --David