Too often, government takes an after-the-fact approach to network security--confronting issues after a breach takes place. But by offering effective identification management solutions, VARs can help agencies to detect malicious intruders before they ever get inside.
During a panel discussion at an identity management conference hosted by the Information Technology Association of America (ITAA), Bill Crowell, security consultant and member of the Markle Foundation Task Force on National Security, described how he drove up to the hotel where the event took place with two Propane tanks sitting in plain view and obviously no one took much notice. "[My car] is still parked out front," he said. "For all the cameras, there aren't that many watching."
Historically, the government's handling of terrorism threats has often been similar: take notice only after an incident occurs. Crowell is advocating that needs to change. "We have to spend time preventing terrorism rather than a continuing to document effects," Crowell said. "That can only come by creating a trusted information network. You better know who you are giving information to." With that in mind, the Bush Administration passed the Intelligence Reform and Terrorism Prevention Act of 2004, which called for proper identification management in the creation of a decentralized, distributed and coordinated information-sharing environment.
But there is still a lot of work to be done. One challenge is the lack of a unified plan, which is difficult to achieve in government when all of the different agencies carry different standards and requirements. "[People] look within silos and focus only on [their] own issues," said Frances Zelazny, director of corporate communications at Minnetonka, Minn.-based biometrics manufacturer Identix Incorporated. "It all needs to tie back together."
For true identification management, Zelazny said, agencies need to take a building block approach that incorporates registration and identification proofing, credentialing, authentication, regulation tracking and intruder detection. "Identification management needs core subsystems," Zelazny said, with the biometric data collection associated with ID proofing being perhaps the most crucial. "If you get that wrong, the whole system is at risk."
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
