The importance of context

Context is important. I know I say that a lot, but I'll keep saying it until you all agree. That is to say, you're entitled to your own opinion but if your opinion is that context isn't important then your opinion is just wrong. To clarify for those of you new to this argument, context refers to the who, what, when, where, why and how of a transaction, in particular an identity-based transaction. Knowing those things greatly reduces the chances of fraud, mitigating the risk involved in the transaction.

A few years ago my wife and I were in Helsinki, Finland, on vacation. Stepping out of a café (Café Kappeli -- highly recommended) we couldn't help overhearing an American on his cell phone (and why do Americans think they need to yell on cell phones?) evidently calling a friend back in the states. (It was about 10 a.m. in Finland, between 1 and 4 a.m. in the United States -- context is important!) His conversation went like this: "Hey, Joe! Oh, did I wake you? Guess where I'm calling from! No, we're in Helsinki, Sweden!"

I was reminded of this by a story told by David Lavenda, co-founder of Business Layers (arguably the first modern IdM vendor) and now vice president at WorkLight. He's been interviewing CEOs of start-ups lately, and has gathered a long list of "interesting" anecdotes. One goes like this:

"One company had a very small competitor in Norway. They got a customer request from a company in Finland, which I thought was pretty lucky, considering there was little outreach in that area.

Me: That sounds like a great opportunity -- I wonder how they heard about you. 

CEO:  Ignore them -- I'll bet it's that company in Norway trying to get information about us. 

Me:  How could that be? This a legitimate Finnish company; that company is in Norway. 

CEO:  Norway, Finland….What's the difference?' "

That CEO may have known the context (the "where") but failed to understand the context. The American tourist previously mentioned was simply clueless about the context (both the "where" and the "when"). Both are at risk -- one of losing sales the other of losing friends. What they will lose is less important than the risk of loss, though, because every time you fail to know and understand the context of the identity transaction you risk fraudulent access, data loss and severe monetary and legal problems.

Know the context. Understand the context. Sleep better.

Upcoming Webinar:

Nov.12: "The State of Federating User Account Provisioning and De-provisioning": Enterprise provisioning and de-provisioning are common objectives in identity management deployments, but the idea of federated provisioning and de-provisioning brings forth an entirely new set of problems that revolve around authentication events and authoritative sources. In this Webinar, Ping Identity CTO Patrick Harding will explore what it really takes to de-provision across boundaries.

Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.