So how was your summer? Here was an August item that had the locals buzzing here in Los Angeles.
Black Pearl at King Harbor Marina, August 26, 2006. Filming of Pirates of the Caribbean III. Captain Jack rumored to be around, but not spotted.
So speaking of piracy, bridge to identity theft.
Higher Education and Identity Management - what is this all about? Just another IT feeding frenzy?
If you're like me, "Identity Management" is one of those professional advancement topics that I'm going to get to "soon." By gosh, I'm going to read up on that. Nobody stole my identity this week, though, that I'm aware of. Probably a fad for someone selling black boxes. Remember the Xerox Encryption Gateway? Hah.
May 30, 2006. Walk out, get the Los Angeles Times off the driveway, thrown under the impatiens where the paper delivery guy always gets his kicks, payback time. Yawn, need some coffee quick. Dodgers 12, Braves 5 on Memorial Day; heh, heh. Tomahawk chop that, Braves. Whoa! Front page, L.A. Times:
College Door Ajar for Online Criminals
Hackers discover that universities are rich in personal data and easier prey than banks
Clearly, it is time to concentrate on these new security vulnerability trends, and to learn how Oracle may offer solutions, especially to our customers in Higher Education.
Excerpts from the L.A. Times article:
Cyber security officials say hackers are realizing that colleges hold many of the same records as banks. But why hack a bank, one official asked, "when colleges are easier to get into?"
And for the first time in seven years, colleges identified security as the most critical issue facing their computer systems, according to a survey of about 600 colleges released this month by EDUCAUSE, a nonprofit group that promotes information technology use. In a 2000 survey, security wasn't even among the top five concerns.
The L.A. Times article was followed by a larger set of 4 articles in USA Today on August 2, 2006.
When the mainstream media is putting a technology topic on page 1, that means we have left the niche realm of IT or Education magazines. Both the Times and USA Today articles pointed out the open-forum traditions of higher education, which creates "large portals to information". So our problem is an academic attitude with 1,000 year-old roots?
I think it is worth an alternative consideration. Think about the "Enterprise," and who roams within that boundary. For a bank, manufacturing firm, or a government agency, who are the users that populate the Enterprise? Employees is the answer, plus a few registered external suppliers with light privileges to perform a few selected tasks. At a university, who is within the Enterprise? Everyone needs to be included, and their use is heavy, mainstream, transaction-based. Students, who may also be employees, are demanding ever-broadening self-service transaction access. Faculty, administrative staff, visiting research professors from who-knows-where, advisors, alumni, donors, applicants, and non-applicant recruits must be within the fence of the Enterprise. Consider this excerpt from the L.A. Times article:
And Sacred Heart University in Connecticut reported last week that a security breach has compromised the Social Security numbers and some credit card numbers of 135,000 people -- some of whom never applied to, worked at or attended the university.
Like many universities, a spokeswoman said, Sacred Heart collects personal information from college entrance exams, college fairs and recruiting firms. Robert M. Wood, chief information security officer at USC, said the college's computer system is scanned by hackers an estimated 500,000 times a day.
An important lesson is that potential solutions to issues of security and identity management in Higher Education must address this unique, fast-turning population scope with a far-reaching fishnet. That is why the Oracle Applications team has linked its strategic initiative for Student Lifecycle Management with our Oracle Technology teammates who are offering new ideas and product capabilities in Security, Identity Management, and Provisioning. I'm not your security architect, but even I can sense the potential of a Higher Education solution based on PeopleSoft Enterprise databases for Recruiting, Students, and Employees in the new HCM/CS 8.9 "person model", managed through the Oracle Identity Management product set, coupled with issuance controls within the PeopleSoft Directory Services module which ensures synchronization with HCM/CS data. Provisioning, Single Sign-on, and role-based access privileges prevent duplicate records and keep a tight rein on all access roles, including that of student recruits or applicants. Lastly, new data integrity tools within Campus Solutions 8.9 provide for maintenance and clean recordkeeping with regard to duplicate student records, an old problem of student administration which can be a door to unauthorized entry and access to private demographic data and other security violations. This powerful solution is possible based on the early 2006 certification of Oracle Fusion Middleware for PeopleSoft Enterprise.
Oracle more recently announced its 10g package of Identity Management and security-related backbone features within Oracle Fusion Middleware. Certification with Oracle PeopleSoft Enterprise and eBusiness Suite 11i was part of the announcement.
This link includes various white papers and an upcoming Sept. 27th Security Summit in New York City to be led by Oracle President, Charles Phillips.
How can we learn about this important topic (yes, there are even Sarbanes-Oxley implications, how's that for gravity?)... other than following all these URL links?
Well, EDUCAUSE in Dallas is only a few weeks away, October 9-12, 2006. Look for me, I'll be the one in the black Oracle logo golf shirt. The main Oracle themes this year are as above: Identity Management and Security placed in the context of advancing student services and the Student Lifecycle Management initiative. In addition to coming by the exhibit booth to discuss this, learn more by attending one of the side sessions. In particular, try to attend Jerry Hanley's presentation, as he has been providing a lot of thought leadership since joining us from Cal Poly San Luis Obispo.
Oracle Hands-on Workshops | |
10:30 a.m. - 11:20 a.m. | |
11:40 a.m. - 12:30 p.m. | |
2:15 p.m. - 3:05 p.m. | Business Process Orchestration, SOA, and EBS: Changing the Rules of Integration |
3:50 p.m. - 4:40 p.m. | |
Wednesday, October 11, 2006 | |
8:10 a.m. - 9:00 a.m. | |
11:45 a.m. - 12:35 p.m. | |
2:20 p.m. - 3:10 p.m. | Manage Your IT Grid Environment with Oracle Enterprise Manager 10g |
3:55 p.m. - 4:45 p.m. | |
Oracle Presentation | |
3:40 p.m. - 4:40 p.m. | Security Breaches in Higher Education - How to Make Sure Your Campus Isn't Next |
The Exhibition Hall - Visit Oracle and our customers at booth #519 for demonstrations on our solutions and technology. |
One last point from a security layman: even the best IT security tools and ERP architecture must be deployed consistent with your organization's Security Policy. Furthermore, you must be able to audit the actual practice against that policy. Again, there are new Oracle products to enhance auditing. But the proper set up of roles and access methods is essential. Check with Oracle Consulting about a security audit. Find out if you are making best use of the Oracle and PeopleSoft products today, even before you contemplate major improvements.
See you in Dallas, where we'll learn together how to defeat the pirates lurking around our higher education data stores and foil their efforts to breach our systems.
