About Me

My photo
Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.

Wednesday, May 30, 2012

Identity - Who are you?

Identity, Identity Management, Username - what about all this identity topics these days.  You have an identity login for work, personal, and some public.  Hard to remember all these logins and passwords I know, and we need to keep focus on security these days. 

Have you read some of the discussion around owning your own identity.  Your personal identity is federated to your work systems, your personal banking, how you vote and the list goes on.  Would that be a bad thing?  Think of it as a digital identity you now own, this is me and I have authorization to be in your system.  Sounds cool to me, as I can own, and manage my digital identity and what systems I interact with, either on desktop or mobile. 

So who would broker these digital identities? Should it be a private company?  Government?  Should it be a cloud provider?  This is the challenge, as you will need specifications, guidelines and rules on how  these digital identities are used, read, and secure.  Would it make sense to tag this to a driver license process?  If I am going to vote with this identity, perhaps use it for online government sites, like DNR, IRS, etc - then we need a government agency interaction to this effort. 

I am all in favor of a personal digital identity.  My concern would be around the issuing body, governance body and how we deal with security events around these.  I think this can be accomplished and the benefits would out weigh the concerns, but we need to have all the process(s) in place up front. 

The training effort around this would also be enormous.  We would need to make is simple and self service for as much as possible.  Perhaps a government agency using ServiceNow to manage the personal digital identities.  How about that?  Now that would be a good investment.

This topic will continue to grow in the months / years ahead.  Better to be engaged up front and help steer the direction, then to change something on the back end. 

Keep it positive!

Scott Arnett
scott.arnett@charter.net

No comments:

Post a Comment