Identity Management Solution needed for The Metropolitan Police Service
The Metropolitan Police Service (MPS) is the UK's largest police force, serving the needs of more than seven million residents over an area of 620 square miles. To do this, it employs more than 30,000 officers and 15,000 Police Staff including Police Community Support Officers. An organisation of this size also needs to call on the services of a large number of external contractors. For the MPS this can amount to 5,000 additional staff on their books at any one time.
• The challenge
Just keeping phone and fax lists up-to-date for 45,000 employees is a colossal task. In addition, all of these people need some level of access to internal systems and databases, whether it's using email or logging on to the crime reporting systems. And, of course, a workforce of this size is constantly evolving, as staff leave and join, or move to new posts that mean they need access to different systems. Clearly, much of the information that Police Officers and Police Staff work with is highly sensitive, and it's vital that only authorised users have access to it. The MPS needs to ensure that personnel can only access data that they are authorised to view and that these permissions are kept up to date. Managing all this data was not only causing the Metropolitan Police an administrative headache, it was also costly and time consuming. Because access to all its various internal systems was controlled independently by different departments, staff would frequently find themselves having to use different user names and passwords to access different assets on the network. As Vince Freeman, Technical Security Manager, explained: "Before the start of the project, any single employee would most likely have had a minimum of four separate electronic identities. For our users this was cumbersome, but from a management point of view it was a very serious issue. Obviously, we need to ensure that only authenticated and authorised members of staff are able to access information and with four or more identities per user, keeping track of who had access to what had become a major issue."
• The solution?
Recognising it needed a better way to manage all these identities, the Metropolitan Police ran a competitive tender. Work started on creating a single identity repository, using Siemens leadingLDAP/X.500 Directory server DirX. Once this was in place the MPS was then able to add further elements of the DirX identity management suite and synchronise data held in various databases across a number of departments. Initially, for the MPS, information from three distinct databases has been incorporated - the human resources database, the contractors' database, and the Microsoft Active directory that manages network log-ins.
The technology creates a single, unique, effectively managed, identity for each individual by synchronising the users' identities for the disparate systems. Once a single identity has been established, the DirX solution allows administrators to create a globally unique electronic identity for joiners, remove permissions for leavers and make changes to access levels when staff either move posts within the MPS or take on additional responsibilities. They can manage account provisioning and de-provisioning centrally and easily, whilst knowing that updates will be automatically and immediately reflected throughout all the different target systems.
For support staff, the amount of time spent keeping on top of staff records and electronic identities for a 45,000-strong workforce will be massively reduced. As a senior Police security was quoted as saying: "The most important thing, as far as I'm concerned, will be the much greater control we have over security and legitimate access to data. In the light of today's issues this is of the utmost priority. We should also experience considerable savings on software licensing, which at the moment we're not able to control as closely as we would wish, given all the problems with multiple identities."
The dangers of getting the balance right as between security, easy access and reduction of risk are to be the main focus of your response to the following tasks. All arguments presented are expected to be supported by evidence. You should answer each question in the order given below. Full citations (referencing) are needed for any information sources you identify.
- MPS staff frequently have multiple identities associated with their different job roles. Why is a dedicated "solution" needed?
- Wut is identity management
- you need reasons for instances of multiple ID
- what solutions there are
- summary of characteristics
- I guess you could also mention the problems with MdI's
- thats why they need a solution after all
b) Assume that the MPS which to strengthen user authentication at the workstation level. What role might biometric techniques play? Critically review the role of TWO named biometric techniques.
c) Distinguish between a biological identity and multiple digital identities. Illustrate your answer with specific reference to: a member of the Police Computer Crime Unit who, when not engaged in such work, engages in normal police duties.
d) Secure messaging within the Metropolitan Police Service is critical. As an exemplar, client-server messaging involves the secure transmission of encrypted information between sender and receiver. Critically review the use of PKI (Public Key Infrastructures) in this context. Is PKI unbreakable if properly installed and operated? Should the Police "trust" cryptographic techniques (such as RSA) that are used as an integral part of PKI?
PKI allows use of insecure public network to privately and securely exchange information through the use of cryptographic key that is obtain and share through a trusted authority.
If public key interface is properly used by MPS is securing a communication between client server, receiver and sender. It will be difficult or information to be difficult over the transmission channel.