Behavior-based Identity Management
By saragates on Nov 17, 2005
I was in Australia recently and I bought a necklace. The next morning I was asleep in my hotel room and my cell phone rang (it was early Australia time). My husband was calling because Visa had called him with a “very suspicious transaction” and he wanted to let me know and see if I knew anything about it. At first, I thought that was just really funny – I hadn’t even had time to break the news to him before Visa got to him (fortunately, he’s a great guy and supports my forays into the unnecessary). Then I started thinking about how this type of activity could be applied to identity management. We need to set our sights on moving from a era in which we have views of identity that are historical and/or current-state focused, i.e., “who-has-access-to-what” and “who-did-access-what”, to an era where we make more sophisticated decisions in real time about who-IS-doing what and if that appropriate or “normal.”
We have a lot to learn in cross-enterprise identity management from the behavioral modeling technologies with which the credit card companies are so advanced. This is where we’re headed – to real-time behavioral decision making on identity-based transactions. So if something is happening on the network that is out of pattern for an identity’s usual or expected behaviors – we can automate the process for session close, notification, instant message, etc. based on the value of the transaction in order to make better decisions and keep things safe. Going back to an earlier posting – this will let us accelerate without fear (and for those among us who love to shop, purchase without question).