The Integrity News
Vol. XII No. 20
June 29, 2003
June 23, 2003 ( pgs. 55-61 )
Imagine the following:
"An intern at a major manufacturer builds
his own sales account by simply calling a
staff member who gives him unfettered access
to the company's sales-lead database. Or,
a former bank employee dials in to her old
voice-mail account and filches internal
"How secure is the data your company
gathers and stores ? If your company is
like most, your data is probably more
readily available than you think."
"When companies forge partnerships with suppliers,
clients, and customers, they expose their systems to
security breaches not only by their own employees
but also by their partner's employees."
How can your chief technologist control access to a
company's secure resources ?
"The answer seems to be a robust ID Management
system, which gathers and manages employee's
personal data, ensures the approval of those whose
data is being used, and offers ironclad security."
ID Management systems must include corporate policies that
define the level of access to information that employees have
according to their role within the company. And .......
ID Management systems must themselves be tightly managed
to keep up with the mobility of employees.
People's "identities are ripe for the picking if unique
qualities -- such as an unusual last name, a medical condition
condition, or even a geographic area -- can be used to link
someone's digital identity with personal identifiable data."
Frequently, "much of the information being stored -- in an HR
or customer-order database, for example -- is being pulled on
the fly into less secure meta and virtual directories for
"An ID management system should have a good privacy system
working in conjunction with it which has an emphasis on
human interaction and judgment. To be effective, it must
include a hierarchy of sensitivity that allows critical data
to be treated and navigated differently as higher levels of
access are attained." "Most importantly, a 'permission
frame-work' and its integration points must be common
throughout an organization."
"Privacy is the 'sleeping tiger' technology because it allows
companies to prove to their customers that their data is
being protected, establishing a high degree of trust with them."
This is why The Integrity Center tightly controls
passwords, provides free multiple accounts, has
highly definable access areas, runs its own data
centers with its own licensed investigators, and
has five levels of back-up.
"There is a new focus now on ID Management, because it is
thought of as a way to address several problems, including
identity theft, fraud, and other security issues."
There are several important initiatives which include major
companies such as GM, Microsoft, IBM, and others, who are
endorsing an ID Management model of creating trusted groups
of partners and clients.
Most security experts agree that an ID Management system
must be both "an enforcement engine and an auditing tool
to assess the current state of policy adherence."
In recent years, The Integrity Center, Inc. has introduced
services such as Online Employee Files, Online Benefits
Administration, and Employee Self-Serve which have the
company playing a continually larger ID Management role
in the lives of its clients. To discuss any aspects of security
related to company information assets, feel free to call
(972) 484-6140 and ask to talk with one of our technology