Identity & Trust

IT is tearing down walls faster than risk management capabilities can be created. So, Information Assurance is an increasingly urgent concern.

Nothing new there, but two recent blog entries provide a fresh look at two key concerns:

• Dennis Howlett's discussion of the need for secure coding is a good summary for those who don't follow the topic. I don't recall hearing much about it until a few months back...now SANS is pushing it hard, and it appears the large commercial SW vendors are climbing on board.
• Microsoft is the 800 pound IT gorilla of this generation (as IBM was when I was young), so whenever they say they're supporting an open standard, skepticism is a natural response. They've been promoting a mixture of proprietary and open standards (e.g., CardSpace & OpenID) in the security arena, and pitched an End-to-End Trust vision at RSA this week. I suspect even Microsoft can't predict exactly where this will go. Dignan & McFeters discussion of the proposal & the associated challenges of Identity and Trust is a good one.
  

Both of these discussions help highlight the centrality of Identity & Trust in the emerging hyperconnected world. Since the beginning of the Industrial Revolution, and the later flowering of Enlightenment skepticism into nihilism, existentialism, and relativism, these issues have become central to individual, family, community, and societal health.

I've referenced "Fighting Identity" before as a good discussion of how this is playing out in one arena, but it seems that Web 2.0's emphasis on group conversations and action is pushing the discussion of Identity & Trust to the center of the IT circle.

I'll leave it as an exercise to the reader to think about how these themes play out in the non-IT-based groups they're a part of...though I can't resist one observation: it is extremely difficult to change Identity and to build Trust; one should not undertake such efforts without carefully weighing the costs/risks against the potential benefits.