There’s a common nightmare haunting CISOs (computer information security officers) that features a glance at the morning paper, and 72-point banner headline with the name of their employer and the words “LOST” and “CUSTOMER DATA”.
There’s no question about it: protecting customer and employee data is one of the thorniest problems facing enterprises today. Oracle has taken a swing at solving that problem, announcing the Identity Governance Framework, an initiative to develop specifications for sharing identity data across heterogeneous applications. The project has the support of identity and access management (IAM) vendors Ping Identity, Sun Microsystems, and Securent, as well as CA and Novell, according to Amit Jasuja, vice president of product development for Oracle’s security and identity management products.
Problems such as lost data on laptops and identity theft all point to the need for over-arching standards that govern all the sensitive data squirreled away in data repositories across an enterprise, such as human resources, customer relationship management and custom-built internal applications, he says.
IGF addresses that problem by establishing a governance model that allows organisations to create “contracts” between applications and repositories of identity data. The model would cover how data flows within an enterprise and outside the enterprise to supply chain or business partners, he says.
Because the framework came together quickly, the real value of IGG will be determined in the coming weeks and months, as Oracle and its partners work to develop the specifications and transfer them to a standards group such as OASIS or the Liberty Alliance to manage, Bowen says.
“It’s a good first step. It will get us closer to the goal line,” says Don Bowen, director of identity integration at Sun. “Will it get us into the end zone? I don’t know.”