Show me my account activity!

Security pros know that there's no perfect defense against a determined attacker. So when an identity thief strikes, it's vital to detect the theft. But who's going to be the detective?

As applications migrate into the network cloud, the presumption is that IT administrators will be the detectives, vigilantly looking for clues that might spell trouble. But such vigilance will never suffice, because nobody can care as much about my own interests as me, or as much about yours as you. [Full story at InfoWorld.com]

This column aired a longstanding gripe that I think of as The Myth of the Managed Network, which explains why this never happens:

"Mr. Udell, there's been a routing glitch that affects your subnet. We're aware of the problem and we're working on it. You'll hear back from us as soon as it's fixed."
But it also proposes a best practice for web applications: Show me when I -- or more precisely, my account -- was active on the system. If there's been account activity that wasn't mine, nobody will care about that more than me, and nobody is in a better position to detect it than me.

Think about it. If somebody were using your bank or webmail credentials, how the hell would you know?

Visualizing account activity in ways that make it easy for people to see anomalies at a glance is an interesting second-order problem. But the first order of business is just to show us that data.


Former URL: http://weblog.infoworld.com/udell/2006/09/26.html#a1531