SYS-CON MEDIA Authors: Elizabeth White, Yeshim Deniz, Pat Romanski, Liz McMillan, William Schmarzo

Blog Feed Post

Integrity of Things

The Beginning of Your Digital Identity

This somewhat dates me (as I just recently celebrated my half-century birthday)…I remember my Radio Shack TRS-80 color display computer with a dial-up modem connection to the CompuServe Information Service (CIS) in the early 1980′s. I received my TRS-80 under the Christmas tree when I was a teenager.

Screen Shot 2016-05-02 at 8.46.34 PM

Back then the “Internet” was all about file transfers, bulletin boards, and email. This is also, arguably, the beginning of social networking when users could communicate with a central system where they could download games and post messages to each other.

AOL created its member-created communities (complete with searchable “Member Profiles,” in which users would list pertinent details about themselves). If you don’t agree that CompuServe created the first social network (aka community), then maybe you’ll agree that AOL led the social network era with its community-based website.

By the mid-1990s it was in full motion. Yahoo! had just launched, Amazon had just begun selling books, and the race to get a PC in every household was on (Windows Version 3.0 became the default for every new PC).

Then a transformational social media site launched, called Six Degrees in 1997. It was named after the ‘six degrees of separation’ theory. Six Degrees allowed users to create a profile and then friend other users. Six Degrees also allowed those who didn’t register as users to confirm friendships and connected quite a few people this way.

By the year 2000, around 100 million people had access to the internet, and it became quite common for people to be engaged socially online. Of course, then it was still looked at as an odd hobby at best (e.g. for geeks like me).

In 2002, social networking hit its stride with the launch of Friendster. Friendster used a degree of separation concept similar to that of the now-defunct SixDegrees.com, but refined it into a routine dubbed the “Circle of Friends” (yeap Google, you weren’t the first to try!), and promoted the idea that a rich online community can exist only between people who truly have common bonds. And it ensured there were plenty of ways to discover those bonds.

From there it’s history! Most people recall that “social” took off from there with networks like MySpace (2003), Linkedin (2003), Facebook (2004), and Twitter (2006).

From 2002 to 2016, we’ve seen 100M people in total across all social networks become over 2 billion users with 1.7 billion monthly active users on Facebook alone. The number of digital identities on the Internet growing to almost half of the global population. As an end-consumer, you now have access to over 2 million digital applications just on your phone, and over 1 billion websites on the web.

Social Networks Empower Digital Identities

Back in 2002, few knew that Larry Drebes was studying the huge potential of social networking while he was at Yahoo!. He had became a part of the Yahoo! team earlier when they acquired his company, Four11, which created the product RocketMail. Four11′s RocketMail became the basis of Yahoo! mail today.

Larry had envisioned a need where companies would need to manage the growing number of user digital identities. This led to his work as part of the founding team of OpenID, a protocol that allows users to be authenticated by co-operating websites (known as Relying Parties or RPs) using a third party identity authentication service. The thinking was that people on the Internet could register and login into their digital applications without having to have a separate identity and password for each. The OpenID protocol work led to Larry starting Janrain, and Larry realizing his vision. Janrain became the first to provide what is referred to as Social Login today, and that was only the beginning.

Identity Access and Management Explodes

Managing customer identities on both web and mobile applications is known by you and me through almost daily experiences with traditional registration and login, social login, Single Sign-On (SSO), profile management (e.g. your nick name, address, hobbies, etc) and preference management (e.g. what you want to opt into). It may seem simple, but the seamless consumer experience takes a lot of work under the covers by companies who are constantly enhancing their customer’s digital experiences.

Behind the scenes, your banks, retail stores, wireless carriers, hospitals, digital home product providers, and utility companies are all working with Identity Access and Management (IAM) providers to provide a host of digital identity services that automate many enterprise services:

  • User Provisioning
  • Access Management
  • Multi-Factor Authentication
  • Single Sign-on
  • Directory Services
  • Password Management
  • Governance & Compliance Management

Janrain may have been the first to create the category back in 2002, but now it’s one of many companies who have seen the potential in making consumer digital experiences simple and safe. Other companies in this space include:

All these companies have two fundamental things in common: 1) Identity and Access Management, of course,  and 2) the End-User or Customer. These companies are better known for providing identity services to external end-customers as opposed to internal employees of global enterprise companies (employee identity and access management is used for legacy workforce or workforce to SaaS use-cases).

Vendors known for internal or more traditional employee-centric IAM include:

There is also a big difference between older solutions engineered for on-premise deployment (initially designed for physical servers in company data centers) versus native cloud engineered solutions. For example, companies like IBM, Oracle, Microsoft, and CA all initially addressed IAM through traditional software solutions whereas new entrants like Okta and OneLogin were born out of the public cloud generation.

Similarly, Janrain launched its native cloud services on Amazon in late 2005 right after the public cloud giant launched, whereas others in the customer identity and access management market established themselves as a traditional software products.

Your Worst Nightmare – Digital Identity Theft

Javelin’s report, ”2015 Identity Fraud: Protecting Vulnerable Populations“, found that fraudsters stole $16 billion from 12.7 million consumers in the U.S. ALONE last year. With a new identity fraud victim every two seconds, there continues to be a significant risk to consumers who embrace going digital.

Data breaches were a big headline in 2014 (per the Javelin report), and they had a significant impact on identity fraud – see eBay (145M customers), Target (110M customers), Anthem (80M customers), TalkTalk (4M customers), and Dropbox and Box. The study found that two-thirds of identity fraud victims in 2014 had previously received a data breach notification in the same year, with many indicating their wariness about shopping at merchants, including big box retailers.

The Yahoo! breach of over 500 consumer identities announced this last month was the largest in history.  Most consumers might not think there’s much in their Yahoo account that would be of use to hackers, which typically might only include their email and Yahoo password. However, those two bits of information offer multiple uses for ingenious hackers bent on extracting the maximum value from information, say experts.

According to a Gartner survey, 50% of users reuse their passwords across multiple platforms. So armed with an email address and Yahoo password, hackers might be able to gain access to multiple accounts. The technique is called “credential stuffing” and it’s become epidemic over the last year and a half, said Avivah Litan, a vice president and analyst at Gartner Research. “The bad guys get lists of user IDs and password and then test them, they run through them at all the sites they want to attack to see where they work,” she says.

Other credential theft results due to “holes” found in company’s identity implementations. Back in 2014, Target’s massive data breach in the U.S. that was tracked back to December 2013 involved personal information being stolen including credit/debit card details of close to 110 million individuals. According to Cowen Group’s (a financial services firm) note to investors, criminals were able to hack into Target due to a lack of security, which was later determined to be a direct result of under-investment. Target quickly embarked on technological changes that cost more than $100 million in addition to $61 million incurred in breach related expenses in Q4 fiscal 2013 alone! Since proactive investments into things like customer identity security is a CEO decision, Gregg Steinhafel was in the firing line. Shortly after the breach, the company stated that Steinhafel and board members had mutually decided that it was time for Target to continue under new leadership.

One particularly notorious identity theft story involves one Simon Bunce, an Englishman who subsequently lost his six-figure job and became alienated to friends and family. This all happened because his credit card was used to purchase and download child pornography. Bunce, an avid online shopper, claims to only have dealt with large retailers and secure sites. Nevertheless, he was swept up as part of a massive UK anti-predator police offensive called Operation Ore. He was arrested on charges of possessing, downloading, and intending to distribute indecent images of children. His home and work computers were confiscated, along with a range of storage devices and media. As you may already have gathered, though, Bunce was innocent of these crimes. Investigators later determined that his credit card details had been entered into a computer in Jakarta, Indonesia, and that he had actually been using the card at a South London restaurant at almost exactly the same moment. His credit card details had been taken from one of the many popular online shopping sites he frequented, as a result of a data breach. Although the situation was eventually resolved, Bunce said the damage had been done. “Being arrested and accused of what is probably one of the worst crimes known to man, losing my job, having my reputation run through the mud, it was a living nightmare,” said Brunce.

External Bad Actors using Your Credentials

You may have heard something differently, but the threat actors haven’t shifted much over the last five years. Based on the Verizon 2015 Data Breach Report, internal employees and partners (typically covered by enterprise identity access management vendors) is not where the real risk lies. It’s data breaches occurring from outside or external parties.

Screen Shot 2016-05-15 at 10.43.34 PM

We find that most of the attacks make use of stolen credentials, “which is a story we’ve been telling since 1A.D”.

Screen Shot 2016-05-15 at 10.59.44 PM

With attacks making use of stolen credentials, over 95% of these incidents involve harvesting credentials from customer devices, then logging into web applications with them.

I don’t know about you, but my digital identity is one of the most important things I own. As I’m renovating my home, I’m thinking of of the all the new digital applications I can leverage….from security cameras, digital door locks, IP-connected thermostat, digital water heater, IP-connected lights, and digital entertainment center. It’s one thing to have someone hack my credentials and force me to reset my social network network password, but could they also take control of my digital home?

More to come on this…

Read the original blog entry...

More Stories By Jim Kaskade

Jim Kaskade currently leads Janrain, the category creator of Consumer Identity & Access Management (CIAM). We believe that your identity is the most important thing you own, and that your identity should not only be easy to use, but it should be safe to use when accessing your digital world. Janrain is an Identity Cloud servicing Global 3000 enterprises providing a consistent, seamless, and safe experience for end-users when they access their digital applications (web, mobile, or IoT).

Prior to Janrain, Jim was the VP & GM of Digital Applications at CSC. This line of business was over $1B in commercial revenue, including both consulting and delivery organizations and is focused on serving Fortune 1000 companies in the United States, Canada, Mexico, Peru, Chile, Argentina, and Brazil. Prior to this, Jim was the VP & GM of Big Data & Analytics at CSC. In his role, he led the fastest growing business at CSC, overseeing the development and implementation of innovative offerings that help clients convert data into revenue. Jim was also the CEO of Infochimps; Entrepreneur-in-Residence at PARC, a Xerox company; SVP, General Manager and Chief of Cloud at SIOS Technology; CEO at StackIQ; CEO of Eyespot; CEO of Integral Semi; and CEO of INCEP Technologies. Jim started his career at Teradata where he spent ten years in enterprise data warehousing, analytical applications, and business intelligence services designed to maximize the intrinsic value of data, servicing fortune 1000 companies in telecom, retail, and financial markets.

Latest Stories
Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine ...
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve fu...
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Friend and Jeff Flowers, Wasabi is on a mission to commoditize the storage industry. Wasabi is a privately held company based in Boston, MA. Follow and connect with Wasabi on Twitter, Facebook, Instagram and the Wasabi blog...
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
The dream is universal: heuristic driven, global business operations without interruption so that nobody has to wake up at 4am to solve a problem. Building upon Nutanix Acropolis software defined storage, virtualization, and networking platform, Mark will demonstrate business lifecycle automation with freedom of choice and consumption models. Hybrid cloud applications and operations are controllable by the Nutanix Prism control plane with Calm automation, which can weave together the following: ...
Inzata is a powerful, revolutionary data analytics platform for integrating, exploring, and analyzing data of any kind, from any source, at massive scale. Powerful AI-assisted Modeling and a patented analytics engine help users quickly load, blend and model raw and unstructured data into powerful enterprise data models, actionable real-time analytics and engaging visualizations. Go beyond spreadsheets and slides and compose a powerful narrative about how your business is performing, and how y...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail. As ...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app secu...
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
Only Adobe gives everyone - from emerging artists to global brands - everything they need to design and deliver exceptional digital experiences. Adobe Systems Incorporated develops, markets, and supports computer software products and technologies. The Company's products allow users to express and use information across all print and electronic media. The Company's Digital Media segment provides tools and solutions that enable individuals, small and medium businesses and enterprises to cre...
In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundat...
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings...
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the most comprehensive program and with 222 rockstar speakers throughout our industry presenting 22 Keynotes and General Sessions, 250 Breakout Sessions along 10 Tracks, as well as our signature Power Panels. Our Expo Floor will bring together the leading global 200 companies throughout the world of Cloud Computing, DevOps, IoT, Smart Cities, FinTech, Digital Transformation, and all they entail.