« EBS Bulk Storage Solution from Oracle SSI | Main | Life at Oracle an Interview With Vivek Marla by Pushpa Sreenivasan »

Emerging Trends and Challenges in the Identity Management Space – An Indian Context

By diksha.charan on February 17, 2009 1:07 PM

Thirumani Solaiappan, Oracle SSI

Identity Management (IDM) has emerged as a key technology to aid in handling the complexity of today’s Enterprise.  Open systems facilitate synergy in developing suitable solutions to tackle key problem in IDM space like dealing with security in the virtualized environment, strong authentication and dealing with persistent threats from Insiders.  This paper attempts to provide direction to entities interested in innovating in this space.  It also discusses some of the issues in the Indian context and similar research happening around the world.

I. Introduction

Identity management landscape has seen profound changes in the past few years.  In the simple settings of a typical Indian village establishing one’s Identity was never a problem.  Authentication is a simple task, as everyone knew everyone else.  But in today’s flat world where most communication happens over the wire, we deal with people whom we have not seen or even talked to.  Establishing trust becomes a complex and difficult proposition.  Authorities like the Government, Employers, Universities, Insurance providers, Banks or even the local retailer have the same problem.  Each one of these entities needs to know different things about a person to perform their job.

Defining an Identity boils down to specifying the minimum information that need to be maintained about a person without disturbing privacy of the individual.  Establishing a reliable chain of trust has become a critical need for smooth conduct of business.

Traditionally Identity Management solutions provided ROI in the form of automatic resource provisioning, self service for tasks like password reset etc, centralized user lifecycle management.  These areas have matured and are now considered as bare minimum necessities for an Enterprise class solution.  SSO (single sign-on) is a good to have feature that brings comfort to the end user rather than adding any new functionality.  With systems becoming more open, GRC (Governance Risk Management and Compliance) has become the driving force and IDM infrastructure has moved from being administrator centric to being business oriented (also known as Identity 2.0).

The year 2008 saw the launch of major research programs in universities and research centers across the globe.  This paper discusses the various problems these research programs are trying resolve specifically those that are relevant in the Indian context.  The emerging trends in the Identity Management space are also discussed.

II. Key Challenges

a.  Improving the Flexibility
Indian companies have adopted virtualization in a big way.  Virtualization has simplified the task of managing shared computing resources. The shift to centrally managed and centrally hosted environments gives more mobility and flexibility to the users. This opens up new challenges to the IDM system.  Identity management policies, procedures and technology will have to work together to create a secure yet flexible environment.

b.  Strong Authentication
Changes in business practices are forcing the enterprise to open up access to partners, employees working from home and in increasingly many cases even to end customers. IDM infrastructure was held within the boundaries of the Intranet and relied on a single source of truth to authenticate a user or to perform other workflow related tasks. This is no longer the case. The focus is shifted to knowing who is doing what with the data and applications irrespective of where they are physically located. Strong Authentication and Contextual Authorization are more important in this environment.

c.  Insider Threats are Persistent
As the enterprise opens up more and more critical resources and systems the probability of insider posing a threat is higher. Insider threat has been and will remain a key challenge in the IDM space. How can we prove that someone indeed has accessed the system when this person has used his friend's ID? It is important for an enterprise to know who is having access to systems, how they are accessing the system, what they are doing and from where? Advancements in biometrics and the reduction in the cost of security infrastructure may help in reducing this risk.

III. Emerging Trends

a.  Online Banking reaches the common man
Online banking has caught up significantly in India. BSNL has done a phenomenal job of connecting all the villages in India (should I say most of the villages). Computers and broadband connectivity is within the reach of the common man today. Also gone are the days when customers felt very insecure giving out a pin number for a purchase or do shopping online. 

During the past 8 months leading banks in India have significantly upgraded their infrastructure to use superior technology. Banks and other financial organizations are able to do assess risks faster. Further developments can be expected in the area of improving accuracy of background checks, more accurate and fine-grained risk assessment to aid insurance and retail industry. Entities like RBI might impose regulations. Banks around the globe are currently testing sophisticated encryption mechanisms and Flash-player based methods.

b.  OpenID for Identity 2.0
Open ID is a key standard for Identity 2.0.  InfoCards and CardSpace are becoming part of real life.  Governments around the globe are participating actively in the OpenID concept. They seem to have realized that protecting the identity of their citizens online is as important as providing physical security. http://www.openideurope.eu/ is a very good example of this.

In India there has been a talk about providing an ID card to every citizen.  But we need to cover lot of ground before we leverage its full potential. With the recent developments in the news, this initiative might get a renewed push.

c.  Governance, Risk Management and Compliance (GRC)
Compliance regulations are starting to drive the development of some common rules and best practices for Identity Management. It might not become standards though in the near future. GRC has become a driving force for Identity Management focusing on business-oriented Identity management. Specialized applications for Risk Management and Auditing will be launched. Business Role Management will also mature within this year.

d.   SOA and IDM grow together
Collaboration between SOA and Identity Management is a key requirement. Investigations are on to arrive at services that can be executed in the context of identities to ensure end-to-end security. Identity Federation and use of virtual directories for flexible provisioning of Identity data will continue to grow.

III. Research Programs

In Aug 2008 experts at Cranfield University, Royal Holloway University of London, Salford University, Consult Hyperion and Sunderland City Council have formed a consortium and are teaming up on a three-year project to pioneer innovations in the Identity Management space specifically in the privacy and consent for Identity Management. Indian Universities also can take up similar initiatives and contribute ideas to resolving Identity Management problems India faces.

Digitizing the land records and computer-aided registration has brought in significant benefits like eliminating bribe and avoiding stamp paper scams.  But even in this initiative there is lot of scope for improvement, as the Identity of a person is not linked across the various Government departments like the Passport office, Birth & Death Registration office, Marriage Registration Office and many other offices.

Today the police in Bangalore are trying out latest technology to aid their decision-making. This also needs lot of focused attention and research. The cops here do note down the vehicle number of those who are jumping signals or not following traffic rules. But I don’t think they are able to successfully link the vehicle number to the Identity of the person owning the vehicle. Dubai has implemented an advanced system to automatically detect offenders through cameras located at different road intersections and link it to the account of the person owning the vehicle thereby automatically deducting the fine amount. This is possible only if we build a good Identity Management system for our citizens.

IV. Conclusion

Universities in India can take up research work in the Identity management space to contribute innovations to resolve problems faced by Indian enterprises and Government. Open systems and standards facilitate collaborated efforts and research work in the IDM space.

References 

  1. Blogs and news items posted at http://www.kuppingercole.com/
  2. Blogs and news items published in http://news.cnet.com
  3. Blogs and news items published in http://www.computerweekly.com/
  4. Blogs and news items published in http://www.sourcewire.com/

----------------------------------------

Thiru

Thirumani Solaiappan is a Principal Consultant & leads the Security & Identity Management Team at Oracle SSI. He can be contacted on thirumani.solaiappan@oracle.com. You can also read more of his writings on his personal blog http://thirumanusolaiappan.blogspot.com.

AddThis Social Bookmark Button

TrackBack

TrackBack URL for this entry:
http://blogs.oracle.com/mte1521/mt-tb.cgi/10041

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search All Blogs

Google Search


Only search this blog

About This Entry

This page contains a single entry from the blog posted on February 17, 2009 1:07 PM.

The previous post in this blog was EBS Bulk Storage Solution from Oracle SSI.

The next post in this blog is Life at Oracle an Interview With Vivek Marla by Pushpa Sreenivasan.

Many more can be found on the main index page or by looking through the archives.

Top Tags

RSS

Subscribe to this blog's feed
Powered by
Movable Type and Oracle