In a previous post of mine I announced the release of a new HPL Technical Report, titled “On Identity Analytics: Setting the Context” (authors: Marco Casassa Mont, Adrian Baldwin, Simon Shiu), providing an overview of an HP Labs R&D project in the space of “Identity Analytics”.
I received a few emails asking (among other things) about HP/HPL strategies in Identity Management and how Identity Analytics fits in all this. Some additional details follow, based on what I can publicly discuss.
Identity Analytics is an HP Labs project, in the context of the Security Analytics project (Systems Security Lab). The R&D goal of this project is to innovate in the space of Identity Management (in a broad sense, i.e. including also human, social and economic aspects) by moving from an approach purely based on operational Identity Management solutions to an approach that also takes into accounts the “strategic” needs and requirements of key decision makers (e.g. CIOs/CISOs).
What is the impact on an organisation (e.g. in terms of costs, risks, reputation, trust, etc.) when making strategic decisions and/or defining policies in the space of Identity Management? Are current policies adequate based on current (business, security, etc.) objectives? How technical, educational, human, social and business aspects are going to affect the (economic, security and business) outcomes, based on choices and decisions made? What are the relevant trade-offs that need to be analysed and how to evaluate them? How to provide strategic, forward-looking, “what-if” analysis to decision makers? These are some of the questions to be answered …
This is a green field, open to innovation. In this context, technical Identity Management solutions are just one aspect of the overall equation (and sometimes not the most important …), that also includes costs, (security and business) risks, business priorities and economic aspects.
I am confident that there are new business and market opportunities in this space, considering also the current shift (backed by key decision makers) from a pure “compliance-based” approach to a “risk-based” approach …
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment