Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Saturday, September 29, 2007

Privacy Management in Enterprises? It is a matter of Enforcement and Automation …

Privacy policy enforcement and automation are, in my view, two key aspects necessary to improve enterprise privacy management practices.

Privacy auditing and compliance checking are reactive approaches, definitely important but of little help when violations occur and the “privacy” of people has been compromised (e.g. their personal data has been misused, identity thefts, etc.). More effort is required to enforce privacy policies, in particular by introducing more automation (and integration with current enterprise identity management solutions …).

At HP Labs we have been researching for years in this direction. Some relevant projects have focused on:

In the context of the PRIME project, various Privacy Enhancing Approaches and Technologies have also been researched and developed.

More recently, the Identity Governance Framework (IGF) effort has introduced use cases, approaches and criteria to deal with data governance and enforce privacy both in enterprises and federated identity management contexts.

I argue that the decision on the “actual blend” of policy enforcement and auditing/compliance checking should be the outcome of a “risk analysis” process, which must keep into account the specific enterprise context and the assets to be protected.

--- NOTE: my original HP blog can be found here ---

Thursday, September 27, 2007

Research Report: Lack of Strong Identity and Access Management in UK Businesses …

A recent article by Miya Knights, called “Strong ID and Access Management eludes UK Business” provides an overview of the findings of a recent research report by Insight Consulting, on UK business attitudes towards identity and access management. Here are a few key points highlighted in this article:

“New research into attitudes towards identity and access management has found very few are taking effective steps to address potential security lapses.

Although most UK businesses realise the increased threat from inadequate security systems and policies the research, produced for Siemens-owned Insight Consulting, found 71 per cent of companies still rely solely username and password authentication, which has been criticised for its effectiveness in protecting against malicious attacks.A further 62 per cent of the 259 IT services and management professionals surveyed admitted that their organisation had no information security management system in place, or at least they didn't know if it did.

And more than 90 per cent do not have a fully automated solution capable of producing audit reports detailing network, application and data access, despite the fact that 51 per cent of businesses surveyed now have to deal with increasing partner, supplier and customer system access.

In addition, only 50 per cent of respondents were confident that network access rights of staff members who leave a company are removed or deactivated when they leave - the other half leave outdated user accesses active and open to malicious misuse as well.

Only 22 per cent of businesses have an enterprise single sign-on identity and access management systems in place, which Insight said delivers the fastest return on investment.”

--- NOTE: my original HP blog can be found here ---

Wednesday, September 26, 2007

On Security Experts pitching “Culture of Data” …

I’ve found this article by Matt Hines, called “Security experts pitch culture of data” quite interesting:

“The companies that are having the most success in advancing their data security efforts today are those that are finding a way to protect sensitive information without getting in the way of business users, industry experts maintain.

In crafting their data-handling policies and selecting from the multitude of security technologies at their fingertips, those businesses that can foster both ready access to information, along with strong defenses for end-users and IT systems, are making progress the fastest, claim leading vendors and service providers.

After years of "throwing technologies" at the data security problem while juggling complex business demands along with external threats and regulatory compliance audits, some businesses are finally discovering that they can simplify the entire process by taking a more comprehensive approach to tailoring their programs to the manner in which their users access, handle, and share information. …”

It would also be interesting getting some concrete examples, e.g. how this could be achieved for identity data, where related policies dictate goals and expectations from (sometimes contradictory) business, security and privacy perspectives.

--- NOTE: my original HP blog can be found here ---

Tuesday, September 25, 2007

Identity Usage Analytics: towards “IdentityBurner”?


As a blogger, I have found the services provided by feedburner very useful: in particular I like the service providing analytics about the usage of my blog, number and provenance (…) of visitors, accessed posts, etc. This helps to better understand from which geographic areas there is an interest in my posts, which topics are perceived being more relevant, etc. (ok, somebody might think about this as a privacy threat. We could have an interesting debate …).

I was thinking about the implications and impact of having a similar service in the context of “Identity Management”, where, by analogy, instead of monitoring blogs and posts, end-users would be enabled to monitor (potentially in a fine-grained way) their identity information and profiles scattered around an organisation …

I think this would give “more control” to users on their personal data, by helping them to better understand the status of their data, who has been accessing/using it, indications of any violations (against agreed purposes/consent), etc. – via a visual and easy to understand GUI. This feature could be provided in addition to the usual self-registration and account management capabilities, by Service Providers and/or by Identity Providers (in case of federated IdM) …

Anyway, I believe a key issue would be around “trust”. Should a user trust the information provided by such a service? Which assurance should be given to the user about the integrity and accuracy of these metrics and displayed information? Who should run this service?

Another key issues is the impact (cost) for the enterprise/service provider (if done seriously) because of the need to track, monitor, collect and process “events” associated to large set of data, within their IT stack. So, after all, would there be anyone willing to deploy and run such a kind of service – in the context of Identity Management?

--- NOTE: my original HP blog can be found here ---

Monday, September 24, 2007

Material Available on Identity Governance Framework (IGF)

As highlighted by Phil Hunt in a related post, material available on Identity Governance Framework (IGF) has been posted here. This includes overview material and previous documents such as:

I have contributed to the “Identity Privacy and Access Policy MRD” document and I believe IGF has key potentials to help organisations dealing with data/identity governance aspects.

What is your view on IGF? Any comment or feedback?

--- NOTE: my original HP blog can be found here ---

Sunday, September 23, 2007

ACM DIM 2007 – Workshop on Digital Identity Management

On November, 2nd 2007, George Mason University (Fairfax, VA) is going to host ACM DIM 2007 – a Workshop on Digital Identity Management, in the wider context of CCS 2007 (14th ACM Conference on Computer and Communications Security).

This year, DIM focus is on “Usability Issues for Identity Management”. Accepted papers cover the following topics:
  • Usability and Authentication
  • Identity Assurance and Linkability
  • Network based Approach to Identity Management
  • Reputation and Trust

A preliminary program is available here. Registration information is available here.

--- NOTE: my original HP blog can be found here ---

Saturday, September 22, 2007

Webcast (11 Oct 2007) - Federated Identity Management, Web Services and Health Information Exchange …

You might be interested in attending this online webcast by Ignacio Alamillo of CATCert (topic: “Federated Identity Management, Web Services, and Health Information Exchange: Technology, Policy, Case Study and Best Practices”) on October, 11 2007:

“The adoption of health information technology (HIT) with the development of decentralized, interoperable health information networks, is widely regarded as critical to enhancing the performance of our health care systems locally and globally. Health information exchange involving disparate networks enabling access to personal and public health information regardless of source or format will require scalable, affordable authentication and authorization individuals accessing these systems. Federated identity management provides real world solutions for real world identity management problems. This discussion will explore and describe the technology needed and policy considerations through the lens of a Case Study (Catalonia ePrescribing project) that delivers best practices guidance.”

Webcast registration information is available here.

--- NOTE: my original HP blog can be found here ---

Thursday, September 20, 2007

PRIME Project News

News from the General PRIME meeting:

“The PRIME project recently received more support and endorsement for its work to raise awareness and knowledge about Privacy-Enhancing Technologies for identity management to a wider audience that makes the decisions which will affect their take-up in real applications.

The main activities in PRIME are about advancing the state of the art in user-centric identity management, including in PETs themselves, but it also has an outreach and dissemination objective to ensure that its technology work is made known to all communities whose decisions will affect how these advances are made available for real use. As part of that objective, it has written two White Papers on its work, which are aimed at different audiences and will be soon made available on PRIME website http://www.prime-project.eu/ . The second of these is aimed at IT professionals.

A currently public version of the PRIME Whitepaper (v2) is available here.

PRIME is very keen to ensure that its work remains focused on topics that are relevant and on results that are deployable in real situations. To that end, it formed a project advisory board, named the Reference Group,that provides guidance on direction and priorities and reviews the project's output.

The Reference Group comprises more than a dozen professionals from various countries' data protection commissions and privacy specialists from industry, consumer groups and academia. They recently reviewed the second White Paper and were very positive about it and the role it could play in bringing about wide adoption of PETs. The project is now making plans for another White Paper, together with other educational materials, such as tutorials, that will be aimed at other communities.”

--- NOTE: my original HP blog can be found here ---

Tuesday, September 18, 2007

EU PRIME Project – Look Forward to Hearing from You!

I am currently attending a General Meeting (one of the last – the project is meant to finish by the beginning of next year) of the EU PRIME Project (Privacy for Identity Management in Europe).

Current PRIME results and published documents (in terms of requirements, approaches to privacy, whitepapers, reports, architecture, prototypes, etc.) are available here.

We look forward to hearing from you: any question, concern, feedback, etc. is welcome. I’ll make sure to share this with the team here and let you know about any reply.

--- NOTE: my original HP blog can be found here ---

Sunday, September 16, 2007

Part II: To Be or Not To Be an Identity Provider?

In a recent post, James McGovern makes this comment about a post of mine, called “To Be or Not To Be and Identity Provider?”:

“One should never research the notion of the business model of identity providers from scratch when there are many already in existence. How about starting with Securities Hub to not only understand the business model of being an identity provider but why it matters in an industry vertical context which most identity bloggers pretend don't exist.”

Well, I’ve never said I was researching on this topic – I was just trying to understand the business model …, as I also wrote in a previous post of mine called “What is the Business Case for Identity Providers?”: “I wonder what would be the incentive for an organization to be an Identity Provider (IdP) and, in particular one that just plays this role i.e. with no additional stake in providing other services”.

Anyway, thanks for suggesting an example – even if this example looks like more being about a “Hub-based Service Provider” rather than an “Identity Provider” …

Any other example? In particular where the role of the Identity Provider is clear, whatever underlying federated identity management solution is adopted.

--- NOTE: my original HP blog can be found here ---

Saturday, September 15, 2007

New Interdisciplinary Initiative at University of Toronto on Identity, Privacy and Security

I think this is a great initiative, opening new opportunities in teaching and researching in the areas of Identity, Privacy and Security – as highlighted in this article by CNW Group:

“On September 17, 2007, Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, will be presenting the inaugural lecture at the University of Toronto's new interdisciplinary program called the Identity, Privacy and Security Initiative (IPSI), www.ipsi.utoronto.ca.

This initiative links two new graduate concentrations in privacy and security, offered this fall through the Faculty of Applied Science and Engineering and the Faculty of Information Studies. A key goal of IPSI is to bring together faculty and students from different disciplines to study and think together about identity, privacy and security and related technologies, policies and sciences.

Commissioner Cavoukian was appointed as the Chair of the Advisory Council for IPSI. "Given the Commissioner's strong support over the past two decades for privacy-related research, education and innovation, we are delighted that Dr. Cavoukian has agreed to act as the Advisory Council Chair," says Dr. Tim McTiernan, Interim Vice-President, Research, at the University of Toronto. "We feel that she is the ideal partner for this exciting initiative." …”

--- NOTE: my original HP blog can be found here ---

Friday, September 14, 2007

Google and the Call for Global Privacy Standards

You might be interested in this initiative by Google, which is meant to make a call for Global Privacy Standards. An article by Jeremy Kirk provides an overview:

“Search giant Google will propose on Friday that governments and technology companies create a transnational privacy policy to address growing concerns over how personal data is handled across the Internet.

Google's global privacy counsel, Peter Fleischer, will make the proposal at a United Nations Educational, Scientific and Cultural Organization meeting in Strasbourg, France, dealing with the intersection of technology with human rights and ethics. Fleischer's 30-minute presentation will advocate that regulators, international organizations, and private companies increase dialog on privacy issues with a goal to create a unified standard.

Google envisions the policy to be a product of self-regulation by companies, improved laws, and possible new ones, according to a Google spokesman based in London. …”

I believe this is going to be a huge challenge, considering the different cultural approaches to privacy and ways to deal with it (just look at how US and EU have a different interpretation and approach to the concept of privacy …). It would also be interesting to see how the voice of consumers and citizens is going to be factored in.

More details and thoughts about this initiative can be found in a post by Peter Fleischer.

--- NOTE: my original HP blog can be found here ---

Thursday, September 13, 2007

What are your Priorities in the Identity Management space?

As a researcher at HP Labs I have some ideas and opinions about what could be (long-term) priorities in the Identity Management space. Some of these opinions are driven by factual information (analysis of trends, etc.) others by intuitions. I expressed some of my views in various previous posts.

Listening to people and customers is another important source – to understand what is valuable and required by the business. For example, a customer has recently told me that their key priorities in the identity management space include:
  • Consolidation, integration and coordinated management of various identity management systems in their organisation: this apparently is still a major issue and problem to be solved;
  • Suitable authentication mechanisms for their customers, along with mechanisms providing a better attestation of their asserted identities.
As you can see, these are not very fancy “things” but they are very important from a business perspective.

What are your priorities in the Identity management space? Which areas of identity management you think are/will be more valuable to you/your business/the market?

--- NOTE: my original HP blog can be found here ---

Wednesday, September 12, 2007

To Be or Not To Be an Identity Provider?

Yesterday, in a post of mine called “What is the Business Case for Identity Providers?”, I was wondering what would be the incentive for an organization to be an “Identity Provider”(IdP) and, in particular one that just plays this role i.e. with no additional stake in providing other services

Of course there is no constraint for being both an IdP and also a Service Provider (SP). Actually this is the most likely case to happen – in my view. I would not be surprised if Federated Identity Management will consolidate and happen for cases based on a dominant organization/service provider and other subordinated service providers, where the dominant organization plays both the IdP and SP roles and use federation to simplify the life of its customers, in a well controlled environment. This is already happening in telecom and outsourcing contexts …

In theory, being just an IdP would be the ideal case, with a clear “separation of duty” between who manage identities (on behalf of users) and who “consumes” them. But, in practice, does this make any sense? Here are some initial thoughts:
  • Would the Identity Provider have to charge users to store their personal data and enable their SSO across various Service Providers? Not sure if users are really willing to pay for this kind of service …
  • Would the Identity Provider have to charge Service Providers, let’s say on transactional basis? But would Service Providers (1) be willing to give up the control that currently have on personal data and (2) have also to pay for it?
  • Would the Identity Provider make a living based on advertisement? Maybe, but then the temptation to use stored personal data for providing better, customised advertising to users or for potentially other purposes would be too strong. Would users be happy about this?
  • Would the Identity Provider be the user itself? If so, what would be the practical implications?


I think this is an important aspect to understand - independently from various approaches, standards and technologies that are emerging (and competing) in this space – in particular for its implications on trust, privacy and assurance matters.

--- NOTE: my original HP blog can be found here ---

Tuesday, September 11, 2007

What is the Business Case for Identity Providers?

I’ve recently been asked by a customer what would be the business case for Identity Providers, in the context of federated identity management …

This question specifically referred to Identity Providers that just play this role i.e. have no additional stake in providing other services (e.g. being also Service Providers) and, by doing this, ensure real “separation of duty” between who handle identities & authentication (them) and relying parties that “consume” this information.

Any link to available material (so far, I haven’t found anything particularly relevant)? Any thought?

--- NOTE: my original HP blog can be found here ---

Monday, September 10, 2007

Liberty Alliance - a New Identity Assurance Initiative

On Sunday, 9th September, Liberty Alliance has announced the creation of a new Identity Assurance initiative:

“Liberty Alliance, the global identity consortium working to build a more trusted Internet for consumers, governments and businesses worldwide, today announced it has formed a new expert group to deliver the Liberty Trust Framework, an organizational framework designed to fill industry requirements for standardized identity assurance criteria for use in a broad range of federation scenarios. Liberty’s Identity Assurance Expert Group (IAEG) was established by the recent merge of the Electronic Authentication Partnership (EAP) into Liberty Alliance, and consists of representatives from the worldwide financial services, government, healthcare and service provider sectors working collaboratively to release the Liberty Trust Framework for public review and input later this year. The Liberty Trust Framework will remove a major barrier to global inter-federation deployments: the complexity of assessing the level of identity assurance among all organizations participating in federated relationships. Currently, different federations have varying policies and processes governing identity operations, the interpretation of which adds to the cost and complexity of deploying assured identity services. …”

Hopefully this initiative will help to define comprehensive requirements and criteria for “Identity Assurance” in Federated Identity Management contexts.

A few colleagues of mine and I recently wrote an HP Labs Technical report on a related topic, called “On Identity Assurance in the Presence of Federated Identity Management Systems”.

In our view Identity Assurance must be concerned with the proper management of risks associated with identity management. In an enterprise context, “processes” define how identity information has to be managed; identity management technologies ease the burden of dealing with them, by automating some of the related operational aspects. However, it is of paramount importance to ensure that these processes are well controlled and therefore risk is controlled – hence the need for identity assurance. Prior to defining an identity assurance framework, a risk analysis needs to be carried out identifying the identity assets (e.g. user accounts, user profiles, user rights, etc.) and the impact if there is a loss of confidentiality, availability or integrity along with threats that could lead to such losses. From an understanding of risks an enterprise can make decisions about the control objectives (strategies for mitigating risks) they need and ultimately design the controls that need to operate to achieve these objectives. Typically controls will be additional stages in management processes designed to mitigate risks (e.g. an approval step) although they may be technological mechanisms.

The interesting challenge is how to enable Identity Assurance in a federated identity management context, where multiple organisations need to collaborate and share information to achieve this. In our paper we suggested a potential approach to move forward …

--- NOTE: my original HP blog can be found here ---

Liberty Alliance Advanced Client Specs - Draft Release 2 (Identity Capable Platforms, Provisioning Services, …)

As already stated by Conor Cahill, in a recent post, the Draft Release 2 of the Liberty Alliance Advance Client Specs is available online, here.

In February 2007, Intel, BT and HP successfully built a first proof-of-concept (PoCv1) based on the Draft Release 1 and demonstrated the feasibility of these specs (in terms of Identity Capable Platforms and related Provisioning Services) during a related Liberty Alliance Workshop at RSA 2007.

--- NOTE: my original HP blog can be found here ---

Saturday, September 8, 2007

TrustBus 2007: presentations on “Device-based Identity Management in Enterprises” and "Challenges and Opportunities in IdM”

I am back from Regensburg, Germany where I attended and presented at TrustBus 2007. This conference was very interesting for the variety of presentations and covered topics, including:
  • aspects of trusted and secure virtual organisations;
  • identity management and usage control;
  • authentication and access control;
  • compliance and user privacy;
  • policy management;
  • secure system management and trust.

In this context I gave a presentation on our work on “Device-based Identity Management in Enterprises”. My presentation is available here: it describes the outcome of our related R&D project, where we explored ways to model and represent device identities (and the role that Trusted Computing/TPM can play), provision these identities by leveraging enterprise IdM solutions and use them to define access control policies. Technical results and outcomes are shared.

I’ve also been involved in a panel discussion on “Managing Digital Identities – Challenges and Opportunities” (chair: Gunther Pernul). My presentation (along with my view on top challenges and opportunities in the IdM space) is available here. The other panellists gave interesting presentations, with additional, complementary views of IdM challenges and opportunities, from government, software developer and academic perspectives. Hopefully their presentations will be made available online.

--- NOTE: my original HP blog can be found here ---

Friday, September 7, 2007

New Report: Enterprises Lack Effective Risk Management

A recent article, provides an overview of the findings of a new report (accessible as a free download, here) by “The Alliance for Enterprise Security Risk Management (AESRM)”:

“The currently popular silo approach to managing enterprise risk is inadequate because it leaves too many gaps and provides no reliable way to evaluate an enterprise’s risk position, according to a new research report issued by The Alliance for Enterprise Security Risk Management (AESRM), a partnership of leading international security associations ISACA and ASIS International.
The Convergence of Physical and Information Security in the Context of Enterprise Risk Management shows that while risk management is fundamental to most enterprise managers, many risk reduction initiatives are not coordinated or integrated across all risk areas. Only 19 percent of executives surveyed said their company has a robust process in place for identifying when risk tolerance approached or exceeded defined limits. To address these risk challenges, organizations are investigating more inclusive enterprise risk management (ERM) programs and converging traditional and information security functions. Although this convergence is intuitive and logical, it is still in its early stages, according to the research conducted by Deloitte.

When asked to identify the major drivers of their companies’ security integration efforts, 73 percent of the executives cited “reducing risk of combined information and physical security threats,” 58 percent said “increased information sharing,” and 50 percent noted “better protection of the organization’s people, intellectual property and corporate assets.” The survey shows that security integration and ERM, when aligned, add value throughout an organization.”

As you might expect, the management of identity information has itself its “risks”. In particular, in terms of identity and identity management this report mentions that:
  • Identity thefts and account frauds are listed among one of the main (internal and external) threats that enterprises have to face
  • Each stolen customer identity is the cause of a financial lost of $100 (rule of thumb)
  • Identity and Access Management is the third more important initiative in terms of “current focus on security initiatives”
--- NOTE: my original HP blog can be found here ---

Wednesday, September 5, 2007

Episode II: On the Role of “Role Mining” in Enterprises …

James McGovern, in a recent post to his “Enterprise Architecture: from Incite comes Insights” blog makes this comment to a recent post of mine, “On the Role of “Role Mining” in Enterprises”:

“I really hate stealth blog entries that don't talk about why and where role mining activities fail. In fact, I would love it if somewhere were to blog a comparison of starting with role mining vs starting with entitlements management and let the coins fall where they may”

James, thanks for your input. Actually, I thought I covered the “limitation” point, in the final part of my post:

“… Solutions are already available in the market: however I believe this is still a green field, open to innovation – in particular if we consider this in the overall context of Enterprise Identity Management (by including provisioning, access control policy setting and compliance management).

After all, the effectiveness of “Role Mining” solutions and related techniques can be measured in their capability of extracting meaningful set of roles, from a business perspective (i.e. meaningful to and comparable with an enterprise organisation) rather than purely from a technical perspective (i.e. a list of “labels” identifying abstract roles) and helping administrators to spot potential anomalies and suggest remediation steps – integrated with state-of-the-art identity management solutions.”

Do you see any additional limitation or cons about “Role Mining”? I’d like to hear your view on this – as you might have additional insights.

I think “role mining” is interesting from an IdM Research perspective – because of its potentials and also because of some of its current limitations.

I am not sure what you meant by “… comparison of starting with role mining vs starting with entitlements management”. In my view I see them as complementary approaches, not really in competition one against the other. Both could be used at different stages – depending on the context/need. Do you have a different view? What is your take on this? I am very interested in getting your comments on this.

--- NOTE: my original HP blog can be found here ---

Monday, September 3, 2007

On the Role of “Role Mining” in Enterprises

I believe that “Role Mining” is and will become more and more relevant in enterprises and complex organisations. Too many changes happen nowadays in enterprises (changes in org charts, merge & acquisitions, business-focus changes, increased outsourcing of activities and temporary labour force, etc.). How to ensure that the right people/groups have the necessary access rights in a context that is constantly changing?

Good practices and processes, auditing and compliance checking are ways to achieve for … However, “Role Mining” solutions can provide additional help, from an operational perspective, to identify “organisational roles” that reflects current security and access control permissions associated to employees. The analysis of the outcome of a “role mining” activity can sometime reserve surprises …

“Role Mining”, at the very core, is about identifying and extracting meaningful “roles” in an enterprise from “row data” (e.g. access control rights, ACLs, etc.) by using different techniques (e.g. data mining, clustering, etc.). A related, interesting paper on Role Mining can be found here.

Solutions are already available in the market: however I believe this is still a green field, open to innovation – in particular if we consider this in the overall context of Enterprise Identity Management (by including provisioning, access control policy setting and compliance management).

After all, the effectiveness of “Role Mining” solutions and related techniques can be measured in their capability of extracting meaningful set of roles, from a business perspective (i.e. meaningful to and comparable with an enterprise organisation) rather than purely from a technical perspective (i.e. a list of “labels” identifying abstract roles) and helping administrators to spot potential anomalies and suggest remediation steps – integrated wit hstate-of-the-art identity management solutions.

--- NOTE: my original HP blog can be found here ---

Sunday, September 2, 2007

If OpenID is the Answer, What Was the Question?

I’ve recently been asked this question, that I am now turning to the Identity Management Community (I am very keen to hear your replies …).

My current answer is that OpenID provides a simplified, open-source based approach to SSO, for low-cost/low-risk transactions on the web, primarily in consumer/user-driven, B2C environments.

An article titled “The Case for OpenId”, by Phil Becker, makes a more compelling case for OpenId. However it must also be said that:

  • There are not many use-cases justifying the usage of OpenId in other contexts, such as enterprises or B2B contexts (thanks to the people whom suggested a few of them). Still looking for suggestions from the community …
  • Recent blog discussions have highlighted potential OpenID limitations (in terms of trust, privacy and security – e.g. see here, here and here), along with possible ways to mitigate some of them (such as identity phishing, see here) by leveraging CardSpace and/or other approaches
What else to say?

--- NOTE: my original HP blog can be found here ---

Saturday, September 1, 2007

On Databases and Balancing Privacy with Utility

I’ve just finished to read this article, published by ScienceDaily, called “Databases Must Balance Privacy with Utility, says the Professor”. The Professor mentioned by this article is George Duncan, Carnegie Mellon University.

I tend to agree with his points, in particular: “Agencies like the U.S. Census Bureau produce a voluminous amount of data, much of which is of tremendous value to social scientists and other researchers. But the data also includes personal information that, under the law, must be protected and could be harmful were it to fall into the wrong hands. Thus, organizations that maintain such databases need to devise ways to protect individuals' privacy while preserving the value of the information to researchers”.

Prof. Duncan also raised an important question: 'How can data be made useful for research purposes without compromising the confidentiality of those who provided the data?'".

I would say that this question is true not only for “research contexts” but also for any other context and purpose where personal data is accessed, used and disclosed (e.g. for business, marketing or other reasons). Privacy management is indeed a very complex topic, and has different connotations depending on the contexts and type of personal information, as mentioned in the article.

In my opinion, when specifically discussing about privacy-enhancing solutions in an enterprise/organisation context, it is also important to consider (1) the role that current identity management solutions have in enterprises, (2) the complex enterprise processes and information flows that involve identity information and (3) the fact that different types of data repositories are used in enterprises (i.e. not just RDBMS databases but also LDAP directories, meta and virtual directories, etc.).

In this context, privacy management is ultimately yet another aspect of enterprise IT and data governance and is handled from business and regulatory compliance perspectives: enterprises deal with it in terms of risk management and threat mitigation. In order to be adopted, privacy-enhancing proposals need to recognise this situation and leverage (and potentially extend/be compatible with) current enterprise identity management solutions - for practical and economical reasons.

At HP Labs we have been working in this direction during the last 3 years, in particular in the context of two related R&D projects:

An overview of other related R&D privacy management projects can be found in my web page.

--- NOTE: my original HP blog can be found here ---