Fighting Fraud With ID ManagementA Global Coalition Creates an Authentication Framework
"If you look at everything that is bad or problematic on the Internet, generally, identity is at the root of all those failures," says Simmonds, CEO of the Global Identity Foundation.
The foundation is working to establish a new identity verification system that can be used in any country, within any industry, for any person, corporation or device, Simmonds says during this interview with Information Security Media Group. The group is a coalition of security vendors, technology experts and a variety of organizations that have an interest in strengthening identity management.
"When we went to look at why every initiative to manage identity globally has failed, we found that we do it like the mainframe likes to do it," he explains. "The mainframe holds your account, so we have to authenticate ourselves to that account. And basically, it doesn't work."
The foundation is working to develop an identity framework that is not so dependent on a network or system. The concept, which has been in development for about a year, relies on verifying the characteristics of an individual, rather than a password or code, Simmonds explains.
Since Simmonds first described the Global Identity Foundation's initiative earlier this year, participants in the project have made some advances, Simmonds says (see Managing Identity Risks). "We've evolved to the point that the concepts we talked about in February have been tested," he says. "We think this model stands up to rigor."
During this interview, Simmonds discusses:
- The six conundrums of global identity;
- The details on how the new global identity system would work; and
- Steps banking institutions and other organizations should take now to ensure they're facilitating the right kind of identity and access management controls as well as authentication.
In addition to his role as head of the new Global Identity Foundation, Simmonds is a board member for the Jericho Forum, a global security group for CISOs. He's also an independent security consultant who formerly served as the CISO of AstraZeneca, a global biopharmaceutical research company. Simmonds also previously oversaw information security for a high security European Web hosting company and was the global information security manager for Motorola.