While working for a competitor, a former bank employee dials in to her old voice-mail account and filches internal banking announcements. An intern at a major manufacturer builds his own sales account simply by calling a secretary who gives him unfettered access to the company's sales-lead database. How secure is the data your company gathers and stores? If your company is like most, your data is probably more readily available than you think.
When companies forge partnerships with suppliers, clients, and customers, they expose their systems to security breaches not only by their own employees but their partners' employees as well. How can a chief technologist gain control over access to a company's secure resources? The answer seems to lie in a robust identity management system, which gathers and manages employees' personal data, ensures the approval of those whose data is being used, and offers ironclad security. On the surface, identity management offers many protections, but lurking beneath are the many thorny issues still surrounding privacy and trust.
Tony Scott — CTO of General Motors in Detroit and an active member of the Liberty Alliance, a federated-network identity standards group — sees a great need for identity management systems that better address privacy concerns.
"In a business context as collaborative as GM's — with all its partners and joint ventures — you worry about the security of partner identities," Scott says. "Let's say we contract with Company A to work with us on designing an automobile part. We want them to have access to some GM systems. You worry about privacy concerns in this context. And if I am an employee of Company A, I probably have to give GM a lot of personal information just to do the work with them, and I don't trust GM as much as I trust Company A."
If an identity management system fails to protect privacy, the company faces sharp fines, legal liability, a damaged reputation, and the loss of customers' trust. But a company that guarantees privacy guards against shattered end-user and business partner confidence, safeguards enterprise access points from unauthorized entry, and offers compliance with a slew of government-mandated privacy controls (see "Leading the charge into privacy legislation").
Getting privacy under control
Many technologists have yet to come to grips with the implications of an inadequate identity management system, says Walter Janowski, a San Jose, Calif.-based Gartner research director whose expertise includes enterprise privacy management.
"Privacy is a growing concern," Janowski says. "There will be large-scale abuse [of personal data] that will lead people to say, 'We'll never do that again.' But companies that are ahead on their thinking are considering ways to get their privacy [policies] under control."