IT Internal Affairs

Policing the Power of Identity is the metaphorical equivalent to an Internal Affairs Bureau in a police department.  In IT we are handing authentication credentials (tokens of authority) and the ability to see sensitive data, modify critical data, conduct transactions, etc (ability to do the business of the corporation or to harm it).  In a police scenario we are handing out badges (tokens of authority) and guns (ability to enforce the will of society or to do harm).  Once authority is granted, in certain scenarios, it is possible for it to be misused.  An Internal Affairs capability for IT needs to be present to assert and implement security against such scenarios.   Fortunately in the case of IT, this can be automated so we are not talking about a Bureau as much as a capability.

%d bloggers like this: