I was talking to Dave Kearns last week about a survey on identity theft that we recently conducted, and Dave posed an interesting question: What is identity theft? What qualifies? Is it having your credit card stolen? Does that qualify? Or is it when a thief uses your identity information to gain assets?

As usual, it was an interesting conversation with Dave posing good questions.

If a data theft happens and no financial theft occurs, is it identity theft or not? I pose that anytime there is a data breach and your information that you own and that has value is stolen – that is the theft. Not when someone then goes and gets a mortgage with it. It’s like the “if a tree falls in the forest and no one is there to hear it does it still make a sound?” question. If someone steals your private data and does not use it for financial gain, has a theft occurred? I say yes. Because the risk exists. And the fear. And ultimately because the value is in the data.

As our laws strive to catch up with the identity theft issue, we must define the theft at the point of data breach, not at the point of financial gain.

In the survey we recently conducted with Harris Interactive, we tried to gain an understanding of what adults in the US are currently thinking as it relates to identity theft. Here are a couple of interesting things that I learned:
1. Consumers’ action to prevent identity theft is higher than we thought. Specifically, consumers know and are taking the basic steps like changing their online passwords more frequently. That’s good.
2. Consumers are willing to take action, even if it’s inconvenient, if they are notified that their private data has been compromised. Specifically, they are willing to stop doing business with a retailer or a financial institution if they are notified that their data has been compromised.

My take-away here is that the power is with the consumer. Consumers are savvy about the identity theft issue. Consumers are willing to vote with their wallets, even if it’s a pain in the neck, and take their business elsewhere. So, increasingly, individuals are doing their part.

Companies need to take the steps necessary (and maybe tell their consumers what they are doing?) to increase consumer confidence. My recommendations to them are secure your data, secure your buildings, secure your networks – all of which ultimately come down to know WHO you are letting in and WHO you are keeping out.

And – stop using SSN as an identifier! One reason identity theft has so much power is in its potential. You can search for and find, John Doe’s social security number if you hack into any of thousands of databases – alma maters, credit card companies, insurance companies. But what if we could – and I believe we can, (CAUTION: shameless plug ahead – using Sun’s identity management technology) – completely eradicate the use of social security numbers as a primary means of identifying people? What if we could use technology to go find everywhere you have this nine-digit number, with or without dashes, and take it out? After all, only the U.S. Social Security Administration really needs your social security number.

We have, in one of the identity products, the ability to randomly generate a number, so your number could be 123A7 and that would be your health-care number, for example – a number that will never be used again, is always associated with you, and is in no way, and in no place, tied to your social security number. Outside the context of your healthcare network, it is a meaningless number.

Less meaning = less risk.

We have made some progress here, my SSN for example is no longer on my healthcare card and I know many universities are no longer using SSN as the student number. I suspect, however, that SSNs are sitting in thousands of fields in thousands of databases and that is a problem. (A problem that the right Identity solution can help you solve…OK, I’ll stop).

I know I sound like a broken record, but once again that makes the point that security is changing – it is moving from a “lock it down” overhead function to a business driver. If Web 2.0 is to happen, if we are to enter the Participation Age in a meaningful way, then security will be a key driver behind the next wave of (networked, online) growth.

For those of you in Canada, Sun and Deloitte are hosting a breakfast seminar in Toronto and Ottawa, November 29th and 30th respectively. The seminar series is focused on increasing growth and decreasing risk with identity management: privacy and security compliance that's good for business.

I'll be presenting along with Andreas Faruki, a partner for Deloitte's Identity Management & Privacy practice in Canada. And, in Toronto, Dr. Ann Cavoukian, Ontario's Information and Privacy Commissioner will be joining us. She recently published a white paper on Identity Theft entitled "Identity Theft Revisited: Security is not Enough".

For the Ottawa event: Click here to get details and register.

For the Toronto event: Click here to get details and register.

The identity team recently returned from Europe where they met with our customers and also participated in Burton Group's Catalyst event.

Here’s the team celebrating another great show. Of course, I’m assuming this is AFTER the show and not just a working lunch!

Shown here: Andy Land, Julie Pastor, Eric Leach, Tamara Rezler, Bianca Botello, Don Bowen, Etienne Remillon, and Nick Crown.

Sun was one of several vendors hosting the famous hospitality suites where we demonstrated the products and had a fabulous time meeting our European customers and partners. It was a full house!

And, to keep in line with our space theme, we featured an Oxygen Bar which seemed to be as big a hit as our product demos - here it is with some very happy customers

In case you missed the show (and the suite), you can watch the demo on your own time on the website.

Normally, I stay out of promoting product-specific coverage but this is something I cannot keep to myself. Sun recently participated in an identity management “shootout” with InfoWorld and several vendors. Sun placed in the top 2 but was dinged on pricing (I won’t get into “value” just now…). After we had a few discussions on the pricing model they applied, InfoWorld revised the product review to include the accurate pricing to use in a vendor comparison. Although they will not revise the scores, I feel confident this change would have significantly changed Sun's place in the final order (you do the math—top two, etc., etc.).

My friend Pat Patterson blogs on this as well citing some great reviews that Sun identity management received. The revised article is now updated online and the specifics on the correction are listed at the end of the article as well.

For kicks, the Sun identity management marketing team participated in an internal competition driven by Sun’s CMO today. The challenge was to create a radio spot that explains the benefits of our technology in an easy-to-understand manner in the form of a radio spot. I just had to share the end product with you because 1) it's quite fun, and 2) the team was able to tell a simple story making it easy for the general public to understand what identity management can do for them. A task that is not always easy in this market.

Have a listen, it’ll only take a minute or so, and it’ll get you in the holiday spirit.

I was in Australia recently and I bought a necklace. The next morning I was asleep in my hotel room and my cell phone rang (it was early Australia time). My husband was calling because Visa had called him with a “very suspicious transaction” and he wanted to let me know and see if I knew anything about it. At first, I thought that was just really funny – I hadn’t even had time to break the news to him before Visa got to him (fortunately, he’s a great guy and supports my forays into the unnecessary). Then I started thinking about how this type of activity could be applied to identity management. We need to set our sights on moving from a era in which we have views of identity that are historical and/or current-state focused, i.e., “who-has-access-to-what” and “who-did-access-what”, to an era where we make more sophisticated decisions in real time about who-IS-doing what and if that appropriate or “normal.”

We have a lot to learn in cross-enterprise identity management from the behavioral modeling technologies with which the credit card companies are so advanced. This is where we’re headed – to real-time behavioral decision making on identity-based transactions. So if something is happening on the network that is out of pattern for an identity’s usual or expected behaviors – we can automate the process for session close, notification, instant message, etc. based on the value of the transaction in order to make better decisions and keep things safe. Going back to an earlier posting – this will let us accelerate without fear (and for those among us who love to shop, purchase without question).

I just published an article featured in the Identity Insights newsletter on another one of my favorite car-related analogies where I compare seatbelt laws to compliance demands. I think you'll enjoy (and perhaps even relate) to it.

Lately I've been traveling around the globe talking about how businesses can accelerate without fear. Moving past the fear, both in business and in our personal lives, is what lets us move on to explore new opportunities and grow. It’s a topic I care about as it’s the only way we will thrive – as enterprises and as individuals. Today, I'm going to stay focused on businesses and how they can get beyond the fear that is driving us today to grow to new heights, but from time to time, I’ll write about this topic from a personal point of view as well.

I heard a song this morning with the line: "The weight of our fears are the shackles that keep us enslaved." That’s a heavy line, but appropriate given the topic. So, what are the fears that are keeping businesses enslaved today and how do we move past them? Well, it's security, it's privacy, and it's compliance (not necessarily in this order). My sense is that in the battle between fear and opportunity - fear is winning. These business concerns have been top of mind for most everyone the last few years and have taken precedence over growth.

So let me ask you this (I love to ask this question) – why do cars have brakes? It’s not to stop, it’s so they can go fast. A race car has more powerful brakes than a Buick. All of us want our companies running in the race car category. I look at identity management as the brakes. As our networks are evolving into more complex and more interesting arrays of people doing business together in new ways (which they are), knowing WHO you are letting in is critical. WHO = identity. We have reached an era where everyone is an insider on our networks and the goal with insiders is to let them in, right? Right. But only so far. When I have a party at my house, there are certain doors that remain closed except to my closest friends from whom nothing is off limits. Other people are friends but I don’t want them in my closet. Our networks are that way - with some insiders getting into our most critical information (like employees who work in finance) and some insiders are welcome in only certain parts of the network (like an outsourcer seeing only the part of the network appropriate for their role).

That’s how we operate today and it’s only going to grow. If we are to pursue the growth opportunities, then we need the security that identity provides.

The question is, are we ready? Do we have the controls in place that act as the brakes on the car? Of course, here's where I have to unabashedly plug the very technology I live to develop, market and deploy. I argue that we can get enterprises prepared and that identity management can help. Just as companies are using identity management to address their fears and reduce their risk, they can also use it to relinquish those fears and embrace new opportunities for growth.

An identity infrastructure gives you the control of and visibility into who you are doing business with on your network by letting the right people in and keeping the wrong people out and auditing everything. It also helps to accelerate growth by establishing trusted relationships with partners, customers and employees - relationships that provide better service, more offerings, faster.

Success in this era in which we live demands both open access and secure control, at the same time it requires protection against unnecessary risk. Knowledge and control of identity strikes this balance perfectly.

If you are no longer afraid, you're free to do so much more. To help you get there, my mission with this blog is to inspire and challenge you to shift your views to new ways of thinking and seeing the world around you so you (and your company) can freely participate and thrive.

Welcome and thanks for visiting! Yes, the day is finally here...I’ve got my very own blog. I have begun to realize just how powerful blogs can be at sharing ideas and that they are an excellent method of facilitating discussions with customers, industry followers and employees around the world (hey I'm nothing if not slow...). So, I decided I simply could not sit this out, I have too much to say about the power of the identity network. It’s time for me to jump in with both feet, so here I am.

To start, I’d like to share a bit on why I’m getting into the blogosphere and what you can expect from me in this blog. First, I want to facilitate discussions on identity management that are more focused on today's customer issues. Second, I want to help educate the world about the technology and its power to change the way we do business (for the better). Don't get me wrong, I am as mercenary as the next vendor and care about having a successful business for Sun. I just recognize that this is a two-way street between the vendors and the people we serve - so let's talk.

And, I know that all work and no play makes for a very dull blog, so I’ll definitely take time to comment and offer insights on things outside of the identity bubble. I’ll be sharing some ideas I have on how we can run businesses better (and, yes, I might even have suggestions for Jonathan Schwartz and John Loiacono about how we can run software business more effectively here at Sun), how we can be inspirational leaders and build high-performing teams.

Please join me as I embark on my journey into the blogosphere! My hope is that this blog can help us all to get real, get focused, get to work and start realizing some tangible successes with true results. Stay tuned.