Wednesday, June 09, 2004

Identity Management

I'm speaking at an Identity Management Seminar tomorrow. This topic has lot's of traction in the marketplace now given all the hub-bub around Sarbanes-Oxley and the like. It seems like common sense to me and I've been using consolidated ID infrastructures since I stopped managing my Sun machines by editing /etc/passwd and installed yp (a.k.a NIS). I'm continually stunned by the horrid state some companies are in with respect to their own user accounts and how they are managed. I've only seen a few shops actually get it right and most companies can cut through the politics to actually come up with a good centralized way to manage accounts. Hell, I've seen financial trading environments where the head trader, someone in charge of millions of dollars worth of other people's money, wrote his password on his monitor in plain sight. I guess when some CFO and CTO end up doing the "perp walk" because their company lost millions to an internal hack companies will finally get the picture.


Post a Comment

Subscribe to Post Comments [Atom]

<< Home