, The Register 2005-04-28
ID theft is a misnomer which is hurting the fight against fraud, according to encryption guru Bruce Schneier. Instead of talking about ID theft it's better to talk about fraud due to impersonation, he claimed.
Schneier made his comments during a press conference at the Infosecurity Europe trade show in London on Tuesday. Identity and access management, along with the fight against spyware, were key themes of this year's show.
Tim Pickard, area VP international marketing of RSA Security, said firms need to move from a network centric approach to security towards implementing technologies that defined how an individual was allowed to use systems. Half (50 out of 100) IT directors quizzed in an RSA-sponsored survey cited identity theft, poor internal IT security practices, lost and stolen passwords and unauthorised access to data as the security issues of concern. Each of these potential threats can be addressed from a cohesive identity management strategy but firms often fall into the trap of implementing a piecemeal approach that may prove to be more expensive in the long term, according to Pickard.
RSA's survey found users tend to buy products on a tactical basis, rather than as part of a coherent strategy. Almost half (48 per cent) of respondents cited single sign-on as the most fully implemented element, with directory management second, web services third and strong authentication fourth. For 83 per cent of IT Directors, increased data security was viewed as a key driver for deploying an identity and access management solution, with 74 per cent citing regulatory compliance as an important goal. ®
