Last week I was fortunate to catch an excellent presentation at GC 2008 by Martin Sadler, Director of HP Labs' Systems Security Lab, on the future of security and identity management.
If you haven't been tracking this topic then I suggest you check it out. For several years HP and others have doing some excellent research on how to develop a secure architecture to enable a client platform to run multiple applications of varying sensitivity and risk, whether business or personal.
The future solution, if it can be realised, is to maintain a single client platform with a secure firmware base that can switch between numerous operating system environments, each running a particular environment. This would enable you to separate your business, personal, banking and other operations, reducing the risks to business systems from personal devices and eliminating the phishing.
This approach also transforms the nature of identity management. You can have as many individual persona as you wish. It sounds perfect. But there is one further challenge. The firmware has to be bullet-proof. A single flaw can undermine the whole concept. Let's hope HP can get this right.
Comments (1)
Is the implication that multiple identities can eventually be a proxy or replacement for role based access controls as long as there is bullet proof domain separation enforcement at the firmware?
Posted by Rob Lewis | June 17, 2008 2:38 AM
Posted on June 17, 2008 02:38