Data Debauchery That Happens in Vegas Doesn't Stay There
Organizations love to collect data on people, often in the name of identity and access control. But more often than not, the information gathering fails to improve security. In fact, it often makes matters worse, according to security experts speaking Tuesday at CSO Magazine's Digital ID World 2009 conference.
Employers want all the data they can get on a potential worker to ensure they won't do anything evil if hired, but they hire sinister seeds anyway. [See also: Hard Questions About Background Checks]
Retailers ask online customers lots of security questions to ensure they're the rightful owner of the credit card numbers they're using, but that does more to drive customers -- and their money -- to other sites than it does to prevent online fraud. [See also: Identity Management: Implementation Dos and Dont's]
Jeff Jonas, chief scientist of IBM's Entity Analytic Solutions division, described the first problem using a Las Vegas scenario.
Despite extensive background checks, crooked dealers have still been known to work the craps tables, partnering up with outside fraudsters on any number of schemes. The insider threat, he said, is alive and well in gambling halls along the strip and elsewhere.
"Organizations [like casinos] are getting dumber as more data becomes available," Jonas said. "They get overwhelmed and don't check all the details in front of them, like the fact that someone they're hiring has a criminal record and is likely to become part of a scam."
Jonas went beyond the insider threat to point out another chilling fact about all the data swirling around us: Thanks to the proliferation of mobile devices connecting to the Internet, especially laptops and mobile phones, it's becoming relatively simple for strangers to get a fix on your typical traveling habits, and that can be used to your disadvantage.
He noted that some 600 billion cell phone transactions are generated annually. Put the data from those transactions together and one can quickly get an idea of where you spend your time and who your friends are. And more often than not, the phone provider is more than happy to share that information with third parties. "The consequences for ID management systems are huge," Jonas said. "Your movements speak for themselves."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Security
Powered by TwitterOn Twitter now
Security
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
