Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

ID management a 'human problem,' says privacy group

A word of advice: "Be very afraid of your most helpful staff"

March 13, 2006 12:00 PM ET

Computerworld Australia - CIOs and IT managers should be aware IT projects fail due to myriad factors and that technology may not be the answer to a problem, according to Australian Privacy Foundation Chair Anna Johnston.

Speaking at an identity management summit in Sydney on "how to stuff up an identity management program," Johnston said she has seen a lot of money wasted on projects driven by technology providers and politicians.

"Politicians and CEOs like to cut the ribbon on new projects," Johnston said. "There's no point in proceeding if there is no point."

In the case of identity management, Johnston said anything from a "human problem" to poor design, legal noncompliance, and lack of transparency can contribute to a failed project.

"Lesson 1 is to check you have a need for technology and that it cannot be solved another way, [and] don't use a sledgehammer to crack a nut," she said. "If you are in government or business and have the responsibility to do identity management projects, you need to step back and see if there is a key business driver. See if technology is the answer [or whether] investing in staff may be a better answer."

Johnston said to avoid poor design by ensuring that the data-checking systems are well designed to start with, not just the technology.

"To get it right you will need to [discuss it] with people across the organization, including HR and marketing," said Johnston, who is also a director of privacy consulting at Salinger & Co. "Most breaches of privacy and security come from your own staff. The most secure technology can't protect you from lazy, accident-prone or corrupt staff."

No longer surprised at how many people write passwords on Post-it notes, Johnston cited one case where an executive would shout out to a secretary "what's my username and password" and the secretary, in an open-plan office, would shout it back.

"If you're in charge of data security in your organization, you should be very afraid of your most helpful staff," she said, adding that her favorite story is of a police officer who accidentally left DNA evidence on a train on the way to a hearing; as a result, the charges were dropped.

"There is no technology system that can compensate for human frailties. You need good peopl,e and data protection must encompass hard copies of data."

Rather than telling employees you need to prove their identity because of terrorists or the Privacy Act, Johnston recommends being open with staff about what the information will be used for.


Reprinted with permission from

Computerworld AustraliaFor more news from Computerworld Australia, visit its Web site. Story copyright 2006 Computerworld New Australia. All rights reserved.

Jump to comments

Security

Additional Resources

Xerox
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Save time and mitigate security risk. Deploy it now.
Sybase
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Share our Strength
Download Now  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...