This article can also be found in the Premium Editorial Download "Information Security magazine: Security 7 Award winners unmasked."
Download it now to read this article plus other related content.
In the Driver's Seat
by Bill Brenner
CISO and corporate executive director, Information Technology Centre
Stress Reliever: Enjoys game hunting. Next stop: Tanzania in November.
Favorite geek site: No particular site; he focuses on GM's credit rating, sales and the price of oil.
You'd be amazed what Hans-Ottmar Beckmann sees when he sits behind the wheel. It's not the car's dashboard lighting up like an instrument panel, its six-speed transmission or its potential for blistering speeds. Rather, he sees an intersection of security and supply-chain management where every part, person and activity in the auto-mobile industry are numbered and tracked--an electronic highway, where cars can be remotely diagnosed and fixed. It's a world fueled by passion, efficiency and identity management.
As CISO of Volkswagen AG, it's a road Beckmann will be traveling for some time, as he embarks on an project to adopt a standard approach to ID management across Volkswagen's network. "Standardization is no easy task inside a worldwide company, with local requirements and different management attitudes," says Dieter Schacher, Volkswagen's former CIO. "[Hans-Ottmar] has never given up and has found suitable approaches almost every time."
Beckmann's milestones are impressive and include implementing user administration, provisioning, password management and business process workflow controls to regulate and monitor access to critical systems and processes. Globally, Volkswagen has more than 250 companies, 300,000 employees, 80,000 suppliers, and 200,000 dealers and repair personnel.
Beckmann is a man of "big ideas and a clear vision," says Somesh Singh, vice president and general manager of Houston-based BMC Software's identity management business unit. "He thinks of the possibilities a technology offers instead of being confined by today's problem and today's solution." Beckmann's vision is for vehicles to be tracked with an ID number, and for the vehicle's history to be available online. Says Singh, "Extend this concept to Volks-wagen's ability to remotely diagnose and fix those vehicles or allow the owner to upgrade software, and extend it to dealers and parts suppliers. The opportunity to change how vehicles are built, shipped and managed through their lifecycle is enormous."
When you consider all the computerized components of a car and the potential to fix problems remotely, extending ID management to cars is a no-brainer, Beckmann says. "ID management, based on authentication, authorization and audit, is not just about the user; it's the systems--the car," he says. "Our cars have about 50 computers inside with 100 megabytes of program code. It has its own network, so we have to make sure the right networks are in place, and you need authentication as part of that." There must be a concept to send encrypted data to the car so it can verify that the signature is actually coming from Volkswagen, he says. He hopes to have the system up and running in three years, but with seven brands that include the Audi, Lamborghini, Bentley and #, he expects a challenge akin to rebuilding an IT infrastructure.
The passion Beckmann puts into bettering ID management isn't limited to his role at Volkswagen. He has also helped to develop a federated identity management protocol for the European Automotive Society. "When it comes to ID management, it's very difficult to fix all the requirements under one umbrella," Beckmann says. "You have to design your security model, how you make things secure. You need a few bright people to talk to along the way. In every corner, you find a piece of security--software, hardware, etc.--and different people managing it. The challenge is to bring everything into one plan, find all the pieces and find what's missing."
It's a jigsaw puzzle where the technological part often falls into place more easily than the people part. "Technology is something you can predict," he says. "It's 20 percent technology and 80 percent people. The idea is to make them work in the same direction."
With more than 9,000 IT staffers and more than 2,000 applications (with 500 more under development), it's a mighty big jigsaw puzzle.
"It's a problem where we literally have to educate thousands of people and organize everything, but it's all fascinating," he says.
This was first published in September 2005