Beyond the ill-intentioned use of credit card numbers collected through online shopping activities by some sites, identity theft can take many forms and cause a lot of harm to each one of us, to administrative services as well as to companies that employ us. For example, we all have been victims of spam, at least once, these advertisement letters sent to everybody that pollute our mailboxes and constitute more than 70% of messaging traffic on the Internet! Spam is the consequence of the redistribution of our e-mail address to third parties. On the other hand, strengthening password strategy within a company or for online administrative services could result in users forgetting their password and needing to call customer service. This creates congestion within this service, deteriorates its quality and harms the company's image. Then again, with the increasing mobility of employees and remote access to the information system, how can we ensure that an employee is given access only to applications that correspond to his job? Laws on financial security, such as Sarbanne-Oxley (SOX) in the United States or LSF in France obligate companies to comply with “ethical” rules related to the jobs of the employees and their computer access rights. For instance, the non-accumulation of roles, i.e. the purchasing function and the responsibility of selecting suppliers, should also be reflected in denied access to connected applications.

The solution is to develop tools for managing identities and access that would enhance the security procedure and streamline the process of account creation and attribution of rights while ensuring consistency of access rights in a heterogeneous IT environment. These tools have so far reached a sufficient level of maturity: they are constituted by several components, each with a specific role. Some will ensure the management of the life cycle of identities; others will facilitate the approval process of access rights, while others will provide the required services for the strengthening of passwords, the strong authentication via smart cards and the control of access to applications according to the security strategy of the company.

In order to be successfully implemented, these tools should be based on appropriate approaches and best practices that are specific to issues related to IT security. Consultancy and systems integration firms will consequently find new service opportunities. The required skills are, first and foremost, the control of underlying technologies such as LDAP directories, tools of unique authentication (Single Sign On), authorization servers, and so on. They also include the control of organizational impacts generated by the establishment of rigorous processes for creating a new user, modifying his profile and even approving his rights. And finally, it is also necessary to be sufficiently familiar with existing laws on individual freedoms and regulatory compliance (such as Basel II and SOX) including the impact of these laws on IT solutions and the limitations they impose in terms of usage.

What are the opportunities for Lebanon? IT services companies will find new high added value business opportunities requiring a highly-qualified workforce. Companies will sooner or later have to develop these types of tools to protect their data heritage and control access to their applications.

Management of identities and accesses is none other than the transposition of social ties between individuals into a digital world. It is in fact, managing who is who, who does what, who is entitled to what, and so on in an IT system… and who is better than the Lebanese at doing this job?