Companies that continue to ignore the need to protect data from prying eyes, let alone give it away without express consent, are about to be hammered.
People's tolerance for online privacy breaches and data leakages is reaching a tipping point, according to Burton Group senior analyst Mike Neuenschwander. "They're going to find in the next couple of years, especially in Canada and Europe, that the world is mad as hell and we're not going to take it anymore."
Neuenschwander's comment was among the ample advice dispensed by analysts, industry leaders, practitioners and vendors at last month's Burton Group Catalyst Conference 2004 in San Diego. The focus for security professionals was on the ethical debates, legal frameworks and technical implementations involving digital and identity management.
The boom in both government regulation and threats from the hacker underground, not to mention increasingly complex business relationships and borderless networks, are forcing companies to harden their security policies in general.
"Now's the time to think of stronger identity management tools. We need to make those investments," advised Phil Schacter, service director for Burton Group. Because of the explosion in online services and proliferation of usernames and passwords needed to access so many Web-based applications, Schacter joked that "soon we'll need our own personal identity management systems."
Privacy is helping drive the deluge of digital identities. And increasing regulation worldwide is ensuring sensitive data is protected during the explosion.
"We have more privacy laws than we can shake a stick at," Schacter said. "And many more are on the way. This is becoming a very complex and costly issue for many companies."
Neuenschwander noted successful privacy laws in neighboring Canada, particularly one adopted in 2001 that requires a company to report all of its information on an individual upon that person's request, and in less than two months' time. The United States, by contrast, has taken a more segmented approach by focusing specific data protection legislation on vertical markets. Gramm-Leach-Bliley, for example, involves only financial companies; HIPAA, the health care industry.
The upshot of all these laws, though, is a greater consumer expectation that a company will do its best to protect users' data. "We need to prepare now and we need better governance over personal information," Neuenschwander warned.
Informal discussions with participants during the day confirmed what speakers were saying: IT security is finding it harder to manage the identities of people and machines with an increasingly mobile workforce and dissolving corporate borders.
"Stronger identification is going to be critical to everyone," Schacter said.
This story originally appeared on SearchSecurity.com.