By Chris Pickles
When you get close to the forest of security solutions, often all you see are the individual products. But it’s important to see how those products relate to each other. And it’s even more important to understand how those products relate to the customer’s real reasons for needing security. Those reasons are very likely to be something to do with identity management – even if the customer doesn’t know that!
A basic question around security is – are you entitled to do what you are trying to do? For example, the company may not want an employee to look at the details of the salaries of everyone who the company employs – but if that employee is the Head of HR then maybe that employee should rightly be allowed to do this. Identity management is partly about the “who” and partly about the “what” – about the actor in question and about the role that the actor is playing. Any actor can play many different roles, and not just on stage or TV but as a member of the general public as well. The same is true for all of us individually, and it’s also true for any company or organisation or legal entity. For example, BT is recognised as a company by Companies House, as an employer by HM Revenue & Customs, as an issuer of securities by the Financial Conduct Authority, and as a telecommunications services provider by Oftel. It’s always the same BT, but it’s looked at in a different role by each of these different government departments. [Read more...]