I sat in on talk by Dr. Peter Tippett this morning at RSA. Tippett is Vice President Industry Solutions and Security Practices at Verizon Business.
Verizon Business is getting into the business of identity management as a service, and Tippett’s remarks outlined how the company intends to accomplish this. Leaving aside my privacy concerns (Verizon owns a lot of Internet infrastructure and thus sees a lot of traffic, which when combined with what they also know about their phone customers adds up to a scary large amount of data) the offer sounds compelling.
Verizon is creating a service that, for a set cost will handle the onboarding, maintenance and offboarding of employee identity. The service uses authentication tools the enterprise already uses including a wide variety of two-factor tokens and standard security protocols. The secret sauce is in an online service the provides identity services to the enterprise.
I first saw Tippet speak at a Ziff Davis security summit several years ago in Seattle. I was impressed then because of this scientific approach, in-depth knowledge and no-nonsense use of diminishing return on investment when it comes to security spending. As anyone who has heard him speak will know, the difference in cost and strength between a seat belt made of titanium versus nylon is quite large, but the effectiveness of either is about the same when it comes to crash protection.
In his remarks today, Tippet used the extensive knowledge held by Verizon Business about what went wrong in the real, damaging security breaches over the last year and made the case that effective identity management can be effective, less costly when offered as a service compared to on premise and fronted with a good user experience.
It will be interesting to see how the service offering works in the field.