Welcome!

Blog Feed Post

Integrity of Things

The Beginning of Your Digital Identity

This somewhat dates me (as I just recently celebrated my half-century birthday)…I remember my Radio Shack TRS-80 color display computer with a dial-up modem connection to the CompuServe Information Service (CIS) in the early 1980′s. I received my TRS-80 under the Christmas tree when I was a teenager.

Screen Shot 2016-05-02 at 8.46.34 PM

Back then the “Internet” was all about file transfers, bulletin boards, and email. This is also, arguably, the beginning of social networking when users could communicate with a central system where they could download games and post messages to each other.

AOL created its member-created communities (complete with searchable “Member Profiles,” in which users would list pertinent details about themselves). If you don’t agree that CompuServe created the first social network (aka community), then maybe you’ll agree that AOL led the social network era with its community-based website.

By the mid-1990s it was in full motion. Yahoo! had just launched, Amazon had just begun selling books, and the race to get a PC in every household was on (Windows Version 3.0 became the default for every new PC).

Then a transformational social media site launched, called Six Degrees in 1997. It was named after the ‘six degrees of separation’ theory. Six Degrees allowed users to create a profile and then friend other users. Six Degrees also allowed those who didn’t register as users to confirm friendships and connected quite a few people this way.

By the year 2000, around 100 million people had access to the internet, and it became quite common for people to be engaged socially online. Of course, then it was still looked at as an odd hobby at best (e.g. for geeks like me).

In 2002, social networking hit its stride with the launch of Friendster. Friendster used a degree of separation concept similar to that of the now-defunct SixDegrees.com, but refined it into a routine dubbed the “Circle of Friends” (yeap Google, you weren’t the first to try!), and promoted the idea that a rich online community can exist only between people who truly have common bonds. And it ensured there were plenty of ways to discover those bonds.

From there it’s history! Most people recall that “social” took off from there with networks like MySpace (2003), Linkedin (2003), Facebook (2004), and Twitter (2006).

From 2002 to 2016, we’ve seen 100M people in total across all social networks become over 2 billion users with 1.7 billion monthly active users on Facebook alone. The number of digital identities on the Internet growing to almost half of the global population. As an end-consumer, you now have access to over 2 million digital applications just on your phone, and over 1 billion websites on the web.

Social Networks Empower Digital Identities

Back in 2002, few knew that Larry Drebes was studying the huge potential of social networking while he was at Yahoo!. He had became a part of the Yahoo! team earlier when they acquired his company, Four11, which created the product RocketMail. Four11′s RocketMail became the basis of Yahoo! mail today.

Larry had envisioned a need where companies would need to manage the growing number of user digital identities. This led to his work as part of the founding team of OpenID, a protocol that allows users to be authenticated by co-operating websites (known as Relying Parties or RPs) using a third party identity authentication service. The thinking was that people on the Internet could register and login into their digital applications without having to have a separate identity and password for each. The OpenID protocol work led to Larry starting Janrain, and Larry realizing his vision. Janrain became the first to provide what is referred to as Social Login today, and that was only the beginning.

Identity Access and Management Explodes

Managing customer identities on both web and mobile applications is known by you and me through almost daily experiences with traditional registration and login, social login, Single Sign-On (SSO), profile management (e.g. your nick name, address, hobbies, etc) and preference management (e.g. what you want to opt into). It may seem simple, but the seamless consumer experience takes a lot of work under the covers by companies who are constantly enhancing their customer’s digital experiences.

Behind the scenes, your banks, retail stores, wireless carriers, hospitals, digital home product providers, and utility companies are all working with Identity Access and Management (IAM) providers to provide a host of digital identity services that automate many enterprise services:

  • User Provisioning
  • Access Management
  • Multi-Factor Authentication
  • Single Sign-on
  • Directory Services
  • Password Management
  • Governance & Compliance Management

Janrain may have been the first to create the category back in 2002, but now it’s one of many companies who have seen the potential in making consumer digital experiences simple and safe. Other companies in this space include:

All these companies have two fundamental things in common: 1) Identity and Access Management, of course,  and 2) the End-User or Customer. These companies are better known for providing identity services to external end-customers as opposed to internal employees of global enterprise companies (employee identity and access management is used for legacy workforce or workforce to SaaS use-cases).

Vendors known for internal or more traditional employee-centric IAM include:

There is also a big difference between older solutions engineered for on-premise deployment (initially designed for physical servers in company data centers) versus native cloud engineered solutions. For example, companies like IBM, Oracle, Microsoft, and CA all initially addressed IAM through traditional software solutions whereas new entrants like Okta and OneLogin were born out of the public cloud generation.

Similarly, Janrain launched its native cloud services on Amazon in late 2005 right after the public cloud giant launched, whereas others in the customer identity and access management market established themselves as a traditional software products.

Your Worst Nightmare – Digital Identity Theft

Javelin’s report, ”2015 Identity Fraud: Protecting Vulnerable Populations“, found that fraudsters stole $16 billion from 12.7 million consumers in the U.S. ALONE last year. With a new identity fraud victim every two seconds, there continues to be a significant risk to consumers who embrace going digital.

Data breaches were a big headline in 2014 (per the Javelin report), and they had a significant impact on identity fraud – see eBay (145M customers), Target (110M customers), Anthem (80M customers), TalkTalk (4M customers), and Dropbox and Box. The study found that two-thirds of identity fraud victims in 2014 had previously received a data breach notification in the same year, with many indicating their wariness about shopping at merchants, including big box retailers.

The Yahoo! breach of over 500 consumer identities announced this last month was the largest in history.  Most consumers might not think there’s much in their Yahoo account that would be of use to hackers, which typically might only include their email and Yahoo password. However, those two bits of information offer multiple uses for ingenious hackers bent on extracting the maximum value from information, say experts.

According to a Gartner survey, 50% of users reuse their passwords across multiple platforms. So armed with an email address and Yahoo password, hackers might be able to gain access to multiple accounts. The technique is called “credential stuffing” and it’s become epidemic over the last year and a half, said Avivah Litan, a vice president and analyst at Gartner Research. “The bad guys get lists of user IDs and password and then test them, they run through them at all the sites they want to attack to see where they work,” she says.

Other credential theft results due to “holes” found in company’s identity implementations. Back in 2014, Target’s massive data breach in the U.S. that was tracked back to December 2013 involved personal information being stolen including credit/debit card details of close to 110 million individuals. According to Cowen Group’s (a financial services firm) note to investors, criminals were able to hack into Target due to a lack of security, which was later determined to be a direct result of under-investment. Target quickly embarked on technological changes that cost more than $100 million in addition to $61 million incurred in breach related expenses in Q4 fiscal 2013 alone! Since proactive investments into things like customer identity security is a CEO decision, Gregg Steinhafel was in the firing line. Shortly after the breach, the company stated that Steinhafel and board members had mutually decided that it was time for Target to continue under new leadership.

One particularly notorious identity theft story involves one Simon Bunce, an Englishman who subsequently lost his six-figure job and became alienated to friends and family. This all happened because his credit card was used to purchase and download child pornography. Bunce, an avid online shopper, claims to only have dealt with large retailers and secure sites. Nevertheless, he was swept up as part of a massive UK anti-predator police offensive called Operation Ore. He was arrested on charges of possessing, downloading, and intending to distribute indecent images of children. His home and work computers were confiscated, along with a range of storage devices and media. As you may already have gathered, though, Bunce was innocent of these crimes. Investigators later determined that his credit card details had been entered into a computer in Jakarta, Indonesia, and that he had actually been using the card at a South London restaurant at almost exactly the same moment. His credit card details had been taken from one of the many popular online shopping sites he frequented, as a result of a data breach. Although the situation was eventually resolved, Bunce said the damage had been done. “Being arrested and accused of what is probably one of the worst crimes known to man, losing my job, having my reputation run through the mud, it was a living nightmare,” said Brunce.

External Bad Actors using Your Credentials

You may have heard something differently, but the threat actors haven’t shifted much over the last five years. Based on the Verizon 2015 Data Breach Report, internal employees and partners (typically covered by enterprise identity access management vendors) is not where the real risk lies. It’s data breaches occurring from outside or external parties.

Screen Shot 2016-05-15 at 10.43.34 PM

We find that most of the attacks make use of stolen credentials, “which is a story we’ve been telling since 1A.D”.

Screen Shot 2016-05-15 at 10.59.44 PM

With attacks making use of stolen credentials, over 95% of these incidents involve harvesting credentials from customer devices, then logging into web applications with them.

I don’t know about you, but my digital identity is one of the most important things I own. As I’m renovating my home, I’m thinking of of the all the new digital applications I can leverage….from security cameras, digital door locks, IP-connected thermostat, digital water heater, IP-connected lights, and digital entertainment center. It’s one thing to have someone hack my credentials and force me to reset my social network network password, but could they also take control of my digital home?

More to come on this…

Read the original blog entry...

More Stories By Jim Kaskade

Jim Kaskade currently leads Janrain, the category creator of Consumer Identity & Access Management (CIAM). We believe that your identity is the most important thing you own, and that your identity should not only be easy to use, but it should be safe to use when accessing your digital world. Janrain is an Identity Cloud servicing Global 3000 enterprises providing a consistent, seamless, and safe experience for end-users when they access their digital applications (web, mobile, or IoT).

Prior to Janrain, Jim was the VP & GM of Digital Applications at CSC. This line of business was over $1B in commercial revenue, including both consulting and delivery organizations and is focused on serving Fortune 1000 companies in the United States, Canada, Mexico, Peru, Chile, Argentina, and Brazil. Prior to this, Jim was the VP & GM of Big Data & Analytics at CSC. In his role, he led the fastest growing business at CSC, overseeing the development and implementation of innovative offerings that help clients convert data into revenue. Jim was also the CEO of Infochimps; Entrepreneur-in-Residence at PARC, a Xerox company; SVP, General Manager and Chief of Cloud at SIOS Technology; CEO at StackIQ; CEO of Eyespot; CEO of Integral Semi; and CEO of INCEP Technologies. Jim started his career at Teradata where he spent ten years in enterprise data warehousing, analytical applications, and business intelligence services designed to maximize the intrinsic value of data, servicing fortune 1000 companies in telecom, retail, and financial markets.

Latest Stories
You know you need the cloud, but you’re hesitant to simply dump everything at Amazon since you know that not all workloads are suitable for cloud. You know that you want the kind of ease of use and scalability that you get with public cloud, but your applications are architected in a way that makes the public cloud a non-starter. You’re looking at private cloud solutions based on hyperconverged infrastructure, but you’re concerned with the limits inherent in those technologies.
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing bes...
A look across the tech landscape at the disruptive technologies that are increasing in prominence and speculate as to which will be most impactful for communications – namely, AI and Cloud Computing. In his session at 20th Cloud Expo, Curtis Peterson, VP of Operations at RingCentral, highlighted the current challenges of these transformative technologies and shared strategies for preparing your organization for these changes. This “view from the top” outlined the latest trends and developments i...
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
SYS-CON Events announced today that Datanami has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datanami is a communication channel dedicated to providing insight, analysis and up-to-the-minute information about emerging trends and solutions in Big Data. The publication sheds light on all cutting-edge technologies including networking, storage and applications, and the...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
SYS-CON Events announced today that EnterpriseTech has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. EnterpriseTech is a professional resource for news and intelligence covering the migration of high-end technologies into the enterprise and business-IT industry, with a special focus on high-tech solutions in new product development, workload management, increased effi...
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
In this presentation, Striim CTO and founder Steve Wilkes will discuss practical strategies for counteracting fraud and cyberattacks by leveraging real-time streaming analytics. In his session at @ThingsExpo, Steve Wilkes, Founder and Chief Technology Officer at Striim, will provide a detailed look into leveraging streaming data management to correlate events in real time, and identify potential breaches across IoT and non-IoT systems throughout the enterprise. Strategies for processing massive ...
"Our strategy is to focus on the hyperscale providers - AWS, Azure, and Google. Over the last year we saw that a lot of developers need to learn how to do their job in the cloud and we see this DevOps movement that we are catering to with our content," stated Alessandro Fasan, Head of Global Sales at Cloud Academy, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.