Retour Page d'Accueil
Communication     Development     Hi-tech     Internet    
iloubnan.info > Technology > All Opinions > Digital Identities
  Shortcuts
All newswires
All Opinions
All interviews
All Reportages
All portraits
Zoom on...
Technology Best Of
  Opinion
Digital Identities
January 07, 2008, By Marcel RIZCALLAH
 
Marcel Rizcallah is the Director of Identity Management at Oracle. He graduated from the “Ecole Nationale des Ponts et Chaussées”. He has more than 20 years of computer experience, thus 12 years as a technical director of the Valoris council cabinet. His deep experience in the Identity Management field has allowed him to accompany numerous clients from the upstream phase till the implementation of their projects. He also has a strong experience in the new technologies of the internet as well as in the urbanization of information systems. Marcel Rizcallah is also the author of a reference book on the LDAP directories, published by Eyrolles in August 2000 and November 2004. Moreover, Marcel Rizcallah wrote many white papers about identity management and about the BPM; and recently, he wrote about the Machine-to-Machine, in partnership with France Telecom and Syntec. He also wrote lots of articles in the electronic press.
 


We communicate information related to our identity on daily basis. For example, when accessing a website or corporate computer systems and applications, we provide an ID, an e-mail address, a credit card number, etc. This data, which is generally referred to as digital identities is saved and reused thanks to IT systems. But is it reused vigilantly? What are our rights and the obligations of companies when it comes to this data? Why are companies interested in this information? What are the opportunities that arise for experts in the field such as lawyers and computer scientists? What are the opportunities for Lebanon?

Beyond the ill-intentioned use of credit card numbers collected through online shopping activities by some sites, identity theft can take many forms and cause a lot of harm to each one of us, to administrative services as well as to companies that employ us. For example, we all have been victims of spam, at least once, these advertisement letters sent to everybody that pollute our mailboxes and constitute more than 70% of messaging traffic on the Internet! Spam is the consequence of the redistribution of our e-mail address to third parties. On the other hand, strengthening password strategy within a company or for online administrative services could result in users forgetting their password and needing to call customer service. This creates congestion within this service, deteriorates its quality and harms the company's image. Then again, with the increasing mobility of employees and remote access to the information system, how can we ensure that an employee is given access only to applications that correspond to his job? Laws on financial security, such as Sarbanne-Oxley (SOX) in the United States or LSF in France obligate companies to comply with “ethical” rules related to the jobs of the employees and their computer access rights. For instance, the non-accumulation of roles, i.e. the purchasing function and the responsibility of selecting suppliers, should also be reflected in denied access to connected applications.

The solution is to develop tools for managing identities and access that would enhance the security procedure and streamline the process of account creation and attribution of rights while ensuring consistency of access rights in a heterogeneous IT environment. These tools have so far reached a sufficient level of maturity: they are constituted by several components, each with a specific role. Some will ensure the management of the life cycle of identities; others will facilitate the approval process of access rights, while others will provide the required services for the strengthening of passwords, the strong authentication via smart cards and the control of access to applications according to the security strategy of the company.

In order to be successfully implemented, these tools should be based on appropriate approaches and best practices that are specific to issues related to IT security. Consultancy and systems integration firms will consequently find new service opportunities. The required skills are, first and foremost, the control of underlying technologies such as LDAP directories, tools of unique authentication (Single Sign On), authorization servers, and so on. They also include the control of organizational impacts generated by the establishment of rigorous processes for creating a new user, modifying his profile and even approving his rights. And finally, it is also necessary to be sufficiently familiar with existing laws on individual freedoms and regulatory compliance (such as Basel II and SOX) including the impact of these laws on IT solutions and the limitations they impose in terms of usage.

What are the opportunities for Lebanon? IT services companies will find new high added value business opportunities requiring a highly-qualified workforce. Companies will sooner or later have to develop these types of tools to protect their data heritage and control access to their applications.

Management of identities and accesses is none other than the transposition of social ties between individuals into a digital world. It is in fact, managing who is who, who does what, who is entitled to what, and so on in an IT system… and who is better than the Lebanese at doing this job?
 
envoyer
save
imprimer retour

(Advertisement)