Cloud Security Challenge – Apply by 3/15/2010 and win $10,000

Cloud Security Challenge – Apply by 3/15/2010 and win $10,000:

http://www.globalsecuritychallenge.com/user_home.php

Even with all the benefits of cloud computing, consider the risks of protecting identity, proper authentication, and security. Global Security Challenge has stepped up “launching the first Cloud Security Challenge competition to explore radical new ideas and game-changing solutions from around the world, in order to make cloud computing more secure.” Great! But let’s spend a moment to consider some of the underlying issues that keep us concerned, regardless of service, platform or OS…

How do you prove you are who you say you are (identity)? How do you know that someone is legitimate in his or her dealings with you (authentication)? How do you deal with that someone in privacy (security)? This is the problem of identity, authentication and security.. As part of a society, we try to prove identity, that we are someone, by having credentials as a “person”, who has measurable qualities, such as fingerprints, unique DNA, unique Irises, etc. There are many potential ambiguities when creating and establishing an identity, but what happens if we need to verify an identity. It is difficult enough to verify someone’s identity in the face to face world with forgery, impersonation and fraud, to name just a few of the potential problems of identity. In the world of computing and cloud computing, there are even more difficulties of identification and verification due to the virtual, remote and electronic nature of the environment.

Basically, you just never know who you are dealing with, or if the goods or services you are attempting to buy even exist. That being true, one still wants it to work. What is needed? The first step is having an identity. The next step is a way to verify that identity. This is why authentication systems are being developed in order to alleviate the paradoxical problems of having an identity, but needing a way to verify or authenticate it. Identity is not only important between individuals and organizations, and from person to person, but also to promote trust in public and private clouds and verify a person’s legitimacy.

While the need for identity and authentication to promote commerce, especially services and intangible trading is necessary, the needs of business and governments in streamlining identity and authentication must be carefully considered in light of individual privacy concerns and the increasing requirement that individuals reveal more and more details about their personal lives. Are we in danger of becoming so authenticated to security solutions that the privacy of the individual no longer exists? The amount of unique data that will be required to create and authenticate identity will need to be carefully protected to ensure that such potentially sensitive personal information does not enter into the public domain.

Before the digital age, the physical act of signing a document to guarantee its legitimacy is made as a basis of identity and authentication. In the digital world, assuming you have a legitimate identity that can be authenticated, a unique password that only you know can potentially serve the same purpose. Of course, this is ideal, as so many people write their passwords down, get hacked, or have some utility learn them for convenience. In addition, in the light of fears of tampering and eavesdropping, when financial transactions are made electronically, there are always questions how legitimate passwords are. The use of cryptography and key signing is perhaps one way that password security can protect, but the recent moves attempting to limit its use or at least to control it by having “back door access”, means that privacy and civil liberties may be undermined at every juncture. In any event, keep in mind that security is for protection, verification and ease, but does not address the fundamental problem of identity and authentication.

Good illustrative points are credit cards. Because your name and unique card number is stamped on the plastic and the plastic has a little holographic image and branding information, , it represents the idea that some business has proven your identity and with your signature, you are authenticating it as your own. As consumers, we need to be assured that our credit card details do not go astray, and that only those transactions with our authorization and verification will be acted upon. The idea that someone may use our identity for their own means, or that third parties may access sensitive information is of concern to many, yet, how many of us have credit cards with passwords? Not too many. About 1% of all credit card transactions have a legitimate authentication and authorization problem

My point is that the problems associated with establishing identity, authentication, and security are not just related to some very large concept. This is especially truein times of change where we are trying to harness disruption and create value. It also involves greater public policy issues, including the amount and kind of data required to legitimately claim to have the identity of a person.. The use, misuse and access to such data are also an issue of major importance. This is due to its potential for abuse by organizations seeking to maximize profits by using the data for fraudulent means or even to examine and predict behaviors. . So, the confirmation of individual identity, something that is not all that precise, remains ambiguous. We use authentication as a tool to help prove identity, and security to allow us to protect our privacy. But there are large implementation issues that need to identify the potential use made of information, beyond its initial purpose.

So, enter the contest and good luck! Let us know about your entry.