As my friend Jackson Shaw would say – Good Identity Management is the cornerstone to business continuity. While I’m in fervent agreement, I’d ask you – who’s in charge of your identity? Who is managing your identity for you? How many YOU’s are there in the digital world?
Most of us don’t have one single, consolidated (digital) entity. We’ve got accounts spread across the ether – at work, free sites like Outlook.com or Gmail, personal information site – like Facebook, Twitter or Myspace (for those who are really out of touch)… even service providers like Comcast, Sprint or ATT want us to be entity unto them. I know I’ve got so many disparate identities, I have a complicated system to keep passwords different enough, yet still memorable – and it’s a chore to maintain. Add to this many of these “identity shards” require the same information and at least another reference to some other digital entity, forcing us to create this web of identity that could easily collapse if some circular reference is created and fails. Does your Yahoo account point to ATT which points back to Yahoo? Well – get locked out of one or the other and they could be sending password reset confirmations to a locked out account and you’ll never see those archived emails again!
It’s a complicated story that exposes a hole in our perceived digital selves. Are we one identity, or an amalgamation of many? Do all your identities belong together or should you keep them separate? It’s likely a combination of both. Some identity shards belong together (work related and employer friendly identities might, but family oriented Facebook and photo sharing sites probably don’t belong in that grouping).
Identity Management tools today tend to be focused on one identity – your workplace identity. And hey, that’s probably appropriate because managing that identity costs time and money. What’s missing though is a way to combine work appropriate identities into that workplace identity shard – so you’re a more complete person and not managing social media, work related blogs and cloud based services on your own (or in some cases NOT managing them!).
What do I mean by your cloud based service identities? You may not be thinking about it like this but Dropbox, Google Drive, SkyDrive and the like are part of your identity. At the very least, they consume an identity shard to ensure you’re who you say you are when you add documents or pictures from the office Christmas party! These aren’t just accounts – they’re identity. Your identity. And a compromise of these identities can be devastating and damaging to you and your company.
The other aspect of the amalgamation of your identity shards that we should talk about is portability. Here the onus on is the externally facing services that hold each of these shards – to make them easily portable so that if you move or change jobs, you don’t lose access to a portion of your identity that should belong to you. That said – your employer should have a way to ensure that data you have associated with these identity shards don’t contain any work related content.
Yes, there’s a lot of territory yet to be covered. But if you start thinking about all your digital selves and the identity shards that make up the complete you, you can at least start to manage them effectively all by yourself. With the state of Identity Management today and its focus on employer related identity, I’d recommend creating identity shards that are work appropriate and keeping any personal or family oriented identities completely separate. Until we get Identity Management that can manage your complete digital identity, and it’s portable, you have to do a lot of the legwork yourself! Take advantage of Security blogs and recommendations (such as this one from CNET: https://www.cnet.com/au/news/the-25-worst-passwords-of-2011/) and automate whatever you can!