Event Recording
Interview with Prof. Dr. Sachar Paulus, KuppingerCole
Day two of the European Identity Conference 2011
Video transcript
Professor Dr. Zaha PLO of Brandenburg university, a senior Analyst at KuppingerCole Zha. Tell me, how have you been enjoying EIC up to now and what are your main takeaways?
EIC? This year is very Crowdy. I see lots of end user customers, which I think is very valuable for the, for the, for the whole setup and discussions we have here. The main takeaway so far, I mean is only the second day. So to say for me, is that especially in the cloud, things are even get more breweries. So we started finding the cloud just here and now people start wondering what actually shall I do with this. So they understand users understand that they need to change their architecture, the enterprise architecture for their it, and need to better understand how to implement governance, including security for that.
Can you actually create a secure cloud?
Well, creating a secure cloud is probably the wrong question. So I would say, can you actually manage a secure cloud would be a better question from my point of view. And I would say, yes, you can. There's a number of protection mechanisms you have to implement. One of those of course is to have specific technology in place. Another is to have a good identity and access management in place information, data governance is an important topic, but also the choice of your cloud provider is an important thing to
Think about. Okay. What are the main questions that users customers are asking you?
Okay. I've probably the question I've heard most is how can I make sure that data protection isn't violated in the cloud? That's definitely the question number one.
Okay. So it's more about information security than the old fashioned identity management.
Well, we can't separate those identity management as it actually an important leverage for, for implementing information security, without knowing who accesses what it's not possible to actually make that show
Your thoughts on the Sony tobacco.
Yeah, I think Sony the, the important, most important learning about Sony from my point of view is that companies which are not primarily software manufacturers also need to take care of about secure software development, including security response mechanisms. So what, what I see is that they're that the major issue that Sony has from, from, from an organizational standpoint is that they have not been prepared to dealing with this, especially because there have been incidents beforehand, which they were not able to recover from in an adequate time. So this means they have a strong lack of organization expertise, how to handle software security issues. And it's very similar to the stocks thing we've seen in a completely different section, couple of months forth,
Okay. Here at EIC news broke that Facebook has been exposed as having incomplete security for user data. What are the implications of this? I mean, Facebook is increasingly being seen as an identity provider of choice. For many. It
Is, it is for, for many young people. It is actually because it's their main point of reference for connecting to other people. And it, it represents their social network, both online and offline. People are adequately treated in a network. So definitely yes it is. And identity provider, we have to be seriously taken care of the implications. I would, I would say that it's difficult to see at this point in time, because most of the people dealing with sales both or having a Facebook account are actually not so much taking the security of that data seriously themselves. So many people I know that are, are very cautious in terms of information security, concerning private, personal data. They're, they're very cautious, also putting information in Facebook themselves, especially because Facebook, as in us company processes, the data that has been entered there so they can do different. They can do anyway. They can do what they want with it.
They own the data,
They own the data.
EIC? This year is very Crowdy. I see lots of end user customers, which I think is very valuable for the, for the, for the whole setup and discussions we have here. The main takeaway so far, I mean is only the second day. So to say for me, is that especially in the cloud, things are even get more breweries. So we started finding the cloud just here and now people start wondering what actually shall I do with this. So they understand users understand that they need to change their architecture, the enterprise architecture for their it, and need to better understand how to implement governance, including security for that.
Can you actually create a secure cloud?
Well, creating a secure cloud is probably the wrong question. So I would say, can you actually manage a secure cloud would be a better question from my point of view. And I would say, yes, you can. There's a number of protection mechanisms you have to implement. One of those of course is to have specific technology in place. Another is to have a good identity and access management in place information, data governance is an important topic, but also the choice of your cloud provider is an important thing to
Think about. Okay. What are the main questions that users customers are asking you?
Okay. I've probably the question I've heard most is how can I make sure that data protection isn't violated in the cloud? That's definitely the question number one.
Okay. So it's more about information security than the old fashioned identity management.
Well, we can't separate those identity management as it actually an important leverage for, for implementing information security, without knowing who accesses what it's not possible to actually make that show
Your thoughts on the Sony tobacco.
Yeah, I think Sony the, the important, most important learning about Sony from my point of view is that companies which are not primarily software manufacturers also need to take care of about secure software development, including security response mechanisms. So what, what I see is that they're that the major issue that Sony has from, from, from an organizational standpoint is that they have not been prepared to dealing with this, especially because there have been incidents beforehand, which they were not able to recover from in an adequate time. So this means they have a strong lack of organization expertise, how to handle software security issues. And it's very similar to the stocks thing we've seen in a completely different section, couple of months forth,
Okay. Here at EIC news broke that Facebook has been exposed as having incomplete security for user data. What are the implications of this? I mean, Facebook is increasingly being seen as an identity provider of choice. For many. It
Is, it is for, for many young people. It is actually because it's their main point of reference for connecting to other people. And it, it represents their social network, both online and offline. People are adequately treated in a network. So definitely yes it is. And identity provider, we have to be seriously taken care of the implications. I would, I would say that it's difficult to see at this point in time, because most of the people dealing with sales both or having a Facebook account are actually not so much taking the security of that data seriously themselves. So many people I know that are, are very cautious in terms of information security, concerning private, personal data. They're, they're very cautious, also putting information in Facebook themselves, especially because Facebook, as in us company processes, the data that has been entered there so they can do different. They can do anyway. They can do what they want with it.
They own the data,
They own the data.
Stay Connected
How can we help you