Digital Identity Risk in the Era of Information Explosion

1,716 views

Published on

Presented at: I-SAFE 2013 Conference |
Organised by: Information Systems Audit & Control Association (ISACA) | 30 – 31 October 2013 | Atlantis The Palm| Dubai | UAE.

Published in: Technology, Business
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,716
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
50
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Digital Identity Risk in the Era of Information Explosion

  1. 1. Digital Identity Risk in the era of Information Explosion Presented by Dr. Ali M. Al-Khouri I-SAFE 2013 Conference Organised by: Information Systems Audit & Control Association (ISACA) 30 – 31 October 2013 |Atlantis The Palm| Dubai | UAE. Our Vision: Provide an integrated and advanced personal identity management system that contribute to the transformation of the government and the economy and promotes security and global competitiveness of the UAE. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved Partners in Building UAE's Security & Economy
  2. 2. Agenda • Introduction • Big Data and Privacy Concerns • Modern Identity Management Infrastructure • Concluding Remarks www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  3. 3. Agenda • Introduction • Big Data and Privacy Concerns • Modern Identity Management Infrastructure • Concluding Remarks www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  4. 4. The BIG BANG era! • Everything around us today seems to follow the BIG BANG approach. • Pace of technological development & data explosion is faster than ever.. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  5. 5. Content Generation - Every Minute? 2 million search queries 571 new websites 200,000,000 email messages 100,000 tweets www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved 48 hours of uploaded video
  6. 6. Digital Universe 2005 - 2020 Digital universe will about double every two years.. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  7. 7. Information Chaos • information burst is no less than being chaotic! • gazillions of data, only 10% is structured. IDC Report 2012 www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  8. 8. Value Creation in Information Chaos Interesting Facts 1. 75% of data generated by individuals. 2. Persons create content 3 times more than what others do about him/her. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  9. 9. Value Creation in Information Chaos Interesting Facts 1. 75% of data generated by individuals. 2. Persons create content 3 times more Quantum of static data: 1 Gigabyte of than what others do data generates 10E7 (ten million) about him/her. Gigabyte; viewership information is transient in nature.. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  10. 10. Opportunities … • Data-driven practices and guided-decisions, have significant potential.. (MIT Centre for Digital Business) • Hold the key to breakthroughs and a completely new world.. • Change the way governments, organizations, and academic institutions conduct business and make discoveries, and its likely to change how everyone lives their day-to-day lives! www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  11. 11. Agenda • Introduction • Big Data and Privacy Concerns • Modern Identity Management Infrastructure • Concluding Remarks www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  12. 12. Market is Eager to Exploit Big Data but what about individuals privacy rights? Big Data is “[L]ike the explosive thrust blowing out of a rocket nozzle,” and “how to maximize its value remains a mystery to most of us.” John Thielens In: Big Data Wizardry: Pay Attention To What’s Behind The Curtain Article Source: http://www.forbes.com/sites/ciocentral/2012/02/23/bigdata-wizardry-pay-attention-to-whats-behind-the-curtain/ www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  13. 13. The Real Challenge? • among zillions of data, less than a third of this is protected or has some minimal protection • Alarmingly, less than 50% of information that needs to be protected is protected! www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved Quantity of global digital data based on the International Data Corporation (IDC) Digital Universe Study,, Dec 2012
  14. 14. Growing Connectivity www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  15. 15. Connected Devices and Data Generated Risks? Sources? Do we know them? www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  16. 16. Risk in the Digital Universe - IDC Study: classifies unstructured information security into five categories information requiring the highest security, such as financial transactions, personnel files, medical records, military intelligence, etc. “information the originator wants to protect, such as trade secrets, customer lists, confidential memos, etc” such as emails that might be discoverable in litigation or subject to retention rules. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved such as an email address on a YouTube upload account information, a breach of which could lead to or aid in identity theft
  17. 17. Trust in Digital Universe The frightening realization is that the amount of information that needs to be secured is growing faster than our ability to secure.. So ….? www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  18. 18. Growth in Storage Capacity: Analog and Digital Data www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  19. 19. Identity Management Digital explosion that has brought in a paradigm shift to Information and Knowledge is in a State of Paradox. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  20. 20. Identity Management 5% of current 988 Exabytes data is considered useful 33% expected growth of useful data by 2020. • As more and more data gets converted to information, it is by default on account of the association with Identities. • Challenge that needs to be tackled and managed. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  21. 21. Personal and Digital Behaviour • Datasets in digital data left in transactions.. • Interactions sought to be analysed.. • Issues governing privacy.. patterns of digital interactions and individual behavior constructed www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  22. 22. Agenda • Introduction • Big Data and Privacy Concerns • Modern Identity Management Infrastructure • Concluding Remarks www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  23. 23. UAE National Identity Management Infrastructure • Role of Government Issued Personal Identity • Secure ID encourage users to be engaged • Reduce uncertainty www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  24. 24. Security Management www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  25. 25. Multi-factor Authentication Capabilities UAE National ID Card is designed to provide multi factor authentication. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  26. 26. Anonymous Identification Use of Zero-knowledge proofing for user authentication without disclosing its identifier. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  27. 27. Trusted Digital Operations Minimal disclosure Authentication without disclosing identifying information (digital credentials on web transactions). www.emiratesid.ae Ability to securely use online service while on an untrusted host © 2013 Emirates Identity Authority. All rights reserved and minimized risk of disclosure during communicati on between user and service provider (Man in the Middle, Side Channel and Correlation Attacks) (credential verification on web, without sharing data) Service Seekers remain anonymous on the web since only Digital Certificates or Biometrics would be used to establish credential verification. All data treated as personally identifiable and subjected to regulatory framework to ensure identity protection.
  28. 28. Digital Identity Profile Components Ability to verify users and further authenticated for access www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  29. 29. Federated Identity Management www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  30. 30. Agenda • Introduction • Big Data and Privacy Concerns • Modern Identity Management Infrastructure • Concluding Remarks www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  31. 31. Government-owned Modern Identity Management systems: Significant Potentials Enabling innovation and fostering new business and service models Enhanced trust in Internet economy www.emiratesid.ae Higher value services enabled by stronger authentication Cost reduction for public services © 2013 Emirates Identity Authority. All rights reserved Enhanced public participation & engagement
  32. 32. Conclusion Modern identity management infrastructures have a considerable potential to address the challenges of today’s digital world. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  33. 33. Identity Management and ISACA • Identity Management seems to be addressed in an obscure mannerhidden among the different control layers of COBIT. • Identity Management is addressed as a mere control objective – DS 5.3 in COBIT 5 ! • More holistic approach is needed. www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  34. 34. UAE Validation Gateway: Your opportunity to explore http://vg.emiratesid.ae www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved
  35. 35. Read our recent research from: http://www.emiratesid.gov.ae/ar/media-center/publications.aspx Thank you Dr. Ali M. Al-Khouri Director General | Emirates Identity Authority | UAE www.emiratesid.ae | ali.alkhouri@emiratesid.ae | @DrAliAlKhouri www.emiratesid.ae © 2013 Emirates Identity Authority. All rights reserved

×