Entering the 21st Century…When Worlds Collide…

Data Breaches in the 21st Century, When Worlds CollideI love old Science Fiction movies.  One of my favorites is “When Worlds Collide.”  It’s a pretty dire parable of how we react as a species when confronted with total annihilation. Of course it’s a 1950’s era movie so it has that Cold War influence affecting many movies of that era. It’s also Hollywood so there has to be some romance.  In the end, and I hope I’m not spoiling it for anyone, we find a new world and seemingly live happily ever after.

As someone recently hired at Centrify (four weeks as I write this blog post), I find it fascinating to compare my “pre-Centrify” world with my evolving post-hire world; sort of my own version of “When Worlds Collide.”  I wanted to start my blogging here at Centrify and share my personal experience as I join the organization and continue being exposed to this new world that has opened to me.  More specifically how my view of “identity” is evolving and how my previous experience, both personally and professionally, is shaping that view.

In my case I had worked for the same IT software company for over 18 years!  I know that’s a pretty crazy idea in this business but in my case it’s true. You might imagine how myopic one can become when exposed to a limited number of viewpoints.  In that time the Kool-Aid flavor may change slightly but overall your viewpoint tends to evolve more slowly than it might otherwise.  Most certainly it is shaped by the environment you live in.  This only became apparent to me during the time I was investigating places where I would like to work — perhaps more correctly areas of technology that I found interesting and compelling enough to change jobs.

While at my previous employer I was focused on solving Identity, Access, Security and Governance issues within the U.S. Federal government.  As you might imagine the federal government has many regulations, policies, mandates, directives and other compliance requirements that it needs to adhere to. Recent security breaches in the Federal government such as the OPM breach, have only heightened the level of sensitivity and awareness of the need for better controls around Identity, Access, Security and Governance.

FBI Director James Comey testifying before congress with regard to the recent OPM breach stated:

JamesComey“I’m sure the adversary has my SF-86 now,” Mr. Comey said. “My SF-86 lists every place I’ve ever lived since I was 18, every foreign travel I’ve ever taken, all of my family, their addresses. So it’s not just my identity that’s affected. I’ve got siblings. I’ve got five kids. All of that is in there.”

This poignantly illustrates how securing identities is not only affecting Federal agencies but it extends to the private sector and the individual.  You can certainly look at Presidential Policy Directive 21 alone as an indication of how both private and public sectors are inter-dependent and critically important to the security of our nation.

“This directive establishes national policy on critical infrastructure security and resilience. This endeavor is a shared responsibility among the Federal, state, local, tribal, and territorial (SLTT) entities, and public and private owners and operators of critical infrastructure (herein referred to as ‘critical infrastructure owners and operators’).”

Tom Kemp, Centrify’s CEO, talks in his blog post “Identity is the New Perimeter” from June 4th, about how our “identity” is ultimately where we now really start to define identity as the new security perimeter — how the recent security breaches were mostly a result of compromised identities.  When reading this I reflected on my two daughters who are now 18 and 20 and their experiences with their identities.  What is their “identity?”  More and more, their “identity” is defined by who they are within social media. They grew up in the generation where identity or personality is expressed and perceived more often online than face to face. This has presented many challenges for my daughters and me, with regard to guarding their online reputation. They’ve shared with me examples of how their social identities were compromised which affected how people perceived and treated them. As a result they took steps to better control their digital identities and social presence by reducing the footprint and minimizing the points of entry. Tom refers to this in his article when he talks about ensuring you are who you say you are when accessing resources.

“In other words, users’ identity is what the bad guys are after, and stolen digital identities are the means by which the vast majority of data breaches occur.”

With my daughters’ situation it would be eminently helpful if there had been a way to ensure it was really they who made that unfavorable post or comment and not someone who had compromised their identity. In the case of the recent OPM breach the root cause is believed to have been a compromised identity. I am sure all of the people affected (over 20M as of last count) would agree that a better manner of securing their identities would have been a prudent measure… to put it mildly.

First sunrise on the new planet, from the movie “When Worlds Collide”

These worlds colliding are causing the lines to blur and begin to totally dissolve those that separate our personal identities from our professional identities.  Perhaps less dramatic than in “When Worlds Collide” but nonetheless quite significant with its impact to our lives.  As we attempt allow for more freedom when navigating between our corporate resources and our personal resources our identities become intertwined and ultimately the most important asset to secure and manage.