Welcome!

Industrial IoT Authors: Liz McMillan, Carmen Gonzalez, Aruna Ravichandran, Pat Romanski, Elizabeth White

Related Topics: Cloud Security, Industrial IoT, Microservices Expo, Open Source Cloud, Machine Learning , Agile Computing

Cloud Security: Blog Feed Post

The Stages of Identity

How people relate to their Identity data on a number of different levels

Recently I've been thinking about what happens to an identity through its life cycle and how the identity data is treated during this process.  I think you will also see that the Enterprise itself has differing methods of dealing with it as well. I am considering this to be the beginning of a framework and nomenclature that one can use for expressing how people relate to their Identity data on a number of different levels. I think we can pretty much consider this to be a "work in progress," and I would greatly appreciate feedback.

So why do we need this, anyway? I have observed that organizations, consulting groups, and other industry experts relate to Identity based information. It seems that we all have our own set of assumptions about what is supposed to happen to this information based on our roles and responsibilities and that such a framework will help to organize our thinking a little better.

First off we have what I refer to as the Pre-Identity. During this time the data that will become the identity is in its most undefined form. Data in this stage might sit in a number of different silos or systems before moving on but is mostly used by Employment and HCM systems. Typically this data has some form in that it can identify and maybe even describe an individual in terms of the Enterprise, but it does not say anything about what it can actually do.  At this stage there are no entitlements that are associated with the user. The primary relationships held by this data are mostly legal ones as this data is used to connect with government and other systems to prove data on a legal / governmental level, such as the IRS, Department of Motor Vehicles, etc.

Once we have connected the data and accepted it into the Enterprise, the Identity information moves out of Pre-Identity systems into what I refer to as Dynamic Identity. This is the phase of Identity Management that most of us work with full time.  We will analyze this data, transform, populate (and de-populate) it in our Enterprise systems. This is also the time that we will grant, modify and revoke entitlements and apply that extra "dimension" that did not exist in the Pre-Identity stage. As the relationship between people, their Enterprise Identity and their organization(s) change, so will the Dynamic Identity. Systems and Processes will constantly be changing based on the need for access based on geography, roles, titles, responsibilities and other enterprise requirements.

Happening mostly at the same time as Dynamic Identity is that of InterrogativeIdentity. This stage of Identity encompasses some of the latest trends in the field of Identity Management. As there is an increasing need to clarify, document and ultimately define what an Identity has access to and ensure that the Identity is compliant with internal enterprise rules (governance) and governmental rules (compliance) it is essential that there is a defined set of processes that enable this to occur. There are now several sets of guidance on these practices established by governments and standards bodies and a growing set of application vendors to help navigate their processes.

As another dimension of Interrogative Identity, there is the constant need by the Enterprise to understand its own data. Access to data through Enterprise Systems and linking the elements of Pre-, Dynamic and even Interrogative Identities is increasingly being managed by Business Intelligence (BI) systems.  Our understanding of how the Identity and Enterprise are connected is being enhanced as BI is extended into Identity models. This trend will only continue to grow; however its management through will need to be maintained and monitored by Dynamic and Interrogative systems to ensure that Identity and Access data is properly protected.

Finally, we must define what happens when an Identity is no longer associated with the Enterprise. The Post Identity phase is one that is often overlooked, and is the cause of many exploits and Identity Management related crises. Ensuring that there are ways to properly separate the user from the Enterprise systems while maintaining their existence for ongoing Interrogative Identity practices is required properly complete Dynamic Identity operations.

Throughout this article I have made references to "the Identity" without going into much detail.  This is done this on purpose so that there are no preconceptions as to what can be managed by this model. Any type of Enterprise object could be managed in this framework, whether it is people, groups, roles, privileges or other objects such as systems, phones and other hardware, and the relationships therein.

I have also been somewhat vague about what constitutes the Enterprise.  For far too long, the field of Identity Management has been confined to the Corporate Enterprise. However with ongoing initiatives to "Cloud" and "Service" based systems, there is a greater need to manage and monitor these relationships as one would in a Corporation or Government system. Our increasing reliance on systems such as Google, Facebook, LinkedIn, Yahoo!, etc. to store our data and provide next generation service such as Federated access makes this all the more essential.

This does not mean that non-cloud methods and repositories do not benefit from this type of organization. These relationships are just as important when considering ERP, LDAP and other "classic" Enterprise systems as I have referenced earlier in this article.  The organization of this data is still among the leading determinants in the choice of both ERP and Identity Management systems. It is my hope that in defining and expanding this framework in terms of Pre-, Dynamic, Interrogative and Post Identity stages (PDIP) that we can find a way to address all types of Identities in all possible systems.

Read the original blog entry...

More Stories By Matthew Pollicove

Matt Pollicove is an Identity Management architect, engineer, trainer, project manager, author and blogger with experience in user account provisioning, data synchronization, virtual directory and password management solutions. As a MaXware Technical Consultant and later as a System Engineer, he worked extensively with MaXware (now SAP) software products in large customer environments. In the past Matt has worked with several leading national and international consulting firms and is currently a Sr. Principal Consultant for Commercium Technologies. He is currently the Practice Lead for SAP NetWeaver Identity Management and SailPoint IIQ.

@ThingsExpo Stories
The security needs of IoT environments require a strong, proven approach to maintain security, trust and privacy in their ecosystem. Assurance and protection of device identity, secure data encryption and authentication are the key security challenges organizations are trying to address when integrating IoT devices. This holds true for IoT applications in a wide range of industries, for example, healthcare, consumer devices, and manufacturing. In his session at @ThingsExpo, Lancen LaChance, vic...
Who are you? How do you introduce yourself? Do you use a name, or do you greet a friend by the last four digits of his social security number? Assuming you don’t, why are we content to associate our identity with 10 random digits assigned by our phone company? Identity is an issue that affects everyone, but as individuals we don’t spend a lot of time thinking about it. In his session at @ThingsExpo, Ben Klang, Founder & President of Mojo Lingo, discussed the impact of technology on identity. Sho...
Manufacturers are embracing the Industrial Internet the same way consumers are leveraging Fitbits – to improve overall health and wellness. Both can provide consistent measurement, visibility, and suggest performance improvements customized to help reach goals. Fitbit users can view real-time data and make adjustments to increase their activity. In his session at @ThingsExpo, Mark Bernardo Professional Services Leader, Americas, at GE Digital, discussed how leveraging the Industrial Internet and...
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
IoT generates lots of temporal data. But how do you unlock its value? You need to discover patterns that are repeatable in vast quantities of data, understand their meaning, and implement scalable monitoring across multiple data streams in order to monetize the discoveries and insights. Motif discovery and deep learning platforms are emerging to visualize sensor data, to search for patterns and to build application that can monitor real time streams efficiently. In his session at @ThingsExpo, ...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
WebRTC is about the data channel as much as about video and audio conferencing. However, basically all commercial WebRTC applications have been built with a focus on audio and video. The handling of “data” has been limited to text chat and file download – all other data sharing seems to end with screensharing. What is holding back a more intensive use of peer-to-peer data? In her session at @ThingsExpo, Dr Silvia Pfeiffer, WebRTC Applications Team Lead at National ICT Australia, looked at differ...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Day 2 Keynote at 17th Cloud Expo, Sandy Ca...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Providing secure, mobile access to sensitive data sets is a critical element in realizing the full potential of cloud computing. However, large data caches remain inaccessible to edge devices for reasons of security, size, format or limited viewing capabilities. Medical imaging, computer aided design and seismic interpretation are just a few examples of industries facing this challenge. Rather than fighting for incremental gains by pulling these datasets to edge devices, we need to embrace the i...
Internet of @ThingsExpo, taking place June 6-8, 2017 at the Javits Center in New York City, New York, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo New York Call for Papers is now open.
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Things are changing so quickly in IoT that it would take a wizard to predict which ecosystem will gain the most traction. In order for IoT to reach its potential, smart devices must be able to work together. Today, there are a slew of interoperability standards being promoted by big names to make this happen: HomeKit, Brillo and Alljoyn. In his session at @ThingsExpo, Adam Justice, vice president and general manager of Grid Connect, will review what happens when smart devices don’t work togethe...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...