Identity Management

We know that identity theft is a major and growing problem. According to the results of a survey carried out at McMaster University, 6.5% of Canadian adults, almost 1.7 million people, were the victim of some kind of identity fraud last year.

In the study, identity fraud was defined in a wide ranging way, such that it included at one end simply an unauthorized use of someone’s credit card to, at the other end, a full scale theft of a person’s identity with consequent piling up of debts in the name of the victims. There is everything imaginable in between.

According to the report, these victims spent over 20 million hours and more than $150 million to resolve problems associated with these frauds.

The growth of identity theft is complicated by the number of ways in which a person can reveal his or her identity online. When a user goes to register on a site, for example, and uses a Social Media Account to log in, that site often requests access to certain information of the user, such as location, or profile information. If these requests are agreed to, it doesn’t take too long to build up a web of exposure to identity theft.

A further complication is the growing use of mobile units, such as tablets and smartphones. Increasingly they are being used for onsite contacts with stores, including payments. This process exposes the user to another web of exposure.

This requires a lot of management to protect those users. Within an organization, there may be 100,000 users. If they are operating in the cloud, they might take in another million or more users. Ethically and in some jurisdictions, legally, they are required to take reasonable precautions to protect the identities of their users. But this is a massive job, and one that is not done very well by a lot of them.

For example, Oracle says that managing the identities of those 100,000 using conventional methods can take as many as 1000 administrators. A massive administrative job by any measure.

A growing industry of identity management is helping. But it is a relatively new development, although major components of it such as access control have been around for a long time, access control principles being used are sometimes those that predate the advent of the cloud.

A large number of identity management solutions are now available, many by leading software and systems providers, and that is a good thing. But there is much to be done.

The European Union has been supporting a consortium study called the Future of IDentity in the Information Society (FIDIS) (, which has released a number of interesting and well researched studies and makes interesting reading for those who are seriously interested in exploring the topic.

For the rest of us, given the state of play in this new and rapidly growing industry, it is wise to remain vigilant and cautious when giving out any personal information.