I believe that Risk Management is going to have a deep impact on Enterprise Identity Management.
On one hand “Traditional” Enterprise Identity Management solutions (e.g. provisioning solutions, AAA, storage solutions, etc.) are under consolidation.
On the other hand, there is an increased urge to assess and (automatically) deal with risks and vulnerabilities affecting enterprise “assets”, driven by business and security perspectives. In this context, it is going to be important to accurately assess risks, vulnerabilities and threats for identity (and privacy) management practices, processes, solutions and related assets.
Of course, a few “Identity Risk Management” solutions are already aware on the market and there is a consolidation process in the consulting space. However, the big challenge has to come in a few years, because of the increased adoption of open “web 2.0” solutions by enterprises, the blurring of enterprise boundaries and a workforce that is more and more “accustomed” to use “social networking solutions” in their private and professional activities (and consequently expose enterprise information and assets to the external world).
It will be very important to be able to assess and mitigate risks about “confidential information” that has been directly or indirectly exposed to the web in terms of enterprise systems, plans, projects or activities and whose discovery and correlation (by third parties) can provide relevant insights and intelligence about enterprise “high-value” strategies and practices.
Ultimately “risk analysis” solutions will be used to assess threats concerning the overall “identity” of an enterprise in addition to the ones related to its assets …
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment