Last updated: 22 February 2017
Everybody knows that the IT perimeter has been permanently warped by cloud-based resources, the consumerization of IT and the ever-agile work day. Information technology and information security decision makers are grappling with the tight-rope act of balancing the security of their organization’s data with their stakeholder’s usability expectations. Happily, the pervading need to bridge the identity-mobility-access gap has given rise to innovative identity and access management (IAM) solutions, of which this blog series provides an overview.
So what is the fundamental security problem with expanding enterprise mobility initiatives? First and foremost, by default, access to most corporate applications is only protected by a static password, which can easily be compromised and stolen through such methods as phishing attacks, brute-force attacks, and the hacking of user databases such as those used by organizations and cloud-service providers. The rise of cloud-based applications in the enterprise, such as Salesforce, AWS and Office 365 has led to the widespread practice of employees maintaining 10-25 username and password sets for work, resulting in what’s called “password fatigue.” Moreover, applications accessed outside the corporate firewall are exclusively protected by static passwords. Relying on static passwords clearly jeopardizes the confidentiality of organizations’ data and networks. And with employees often using two or more mobile devices for work purposes, concerns over secure access increase.
2FA for Mobile Access Security
In fact, according to the 2016 Verizon Data Breach Investigations Report, 63% of data breaches are perpetrated using hacked, stolen or recycled passwords, and could easily be prevented by using two-factor authentication (2FA).
Fortunately, organizations are starting to take heed and implement appropriate access controls, with a recent Gemalto survey finding that 40% of organizations globally currently deploy 2FA for securing access to their networks and applications. In this way, the “level of assurance” that an individual is in fact who they claim to be is significantly increased, whether they are accessing corporate resources outside the corporate firewall, or accessing resources from their mobile devices.
After security, the next most cited concern over increased mobility is IT management overheads, where professionals worry that increased flexibility will create additional workload on their staff. The third most-cited obstacle is cost.
IAM Solutions for Secure Mobility
So what are organizations to do, with business pressures on the one hand to increase mobility for productivity reasons, and concerns over security, IT management overheads and costs on the other?
Fortunately, various innovations in authentication technology have made increased mobility more secure, affordable and user- and management-friendly. These innovations include cloud-delivered services, such as authentication-as–a-service and identity-as-a-service, which lower the cost of stronger security in the form of multi-factor authentication and access management, by removing the day-to-day operational costs of maintaining a solution. By moving to the cloud administrative burdens such as software and hardware maintenance, security patching, backup and restore functionality, redundancy and high availability, the cost barrier for implementing better access security is considerably reduced.
In terms of improving usability for mobile employees, a technology aimed at eliminating password fatigue for users is single sign-on, or SSO, which simplifies user access by allowing employees to maintain a single username and password set for all their work applications—instead of 15, 20 or 25 password sets. SSO can be achieved through a broad range of protocols and technologies such as SAML 2.0, password vaulting, reverse proxies and Open ID Connect, among others.
Another innovation which enables secure and user-friendly mobility are PKI Bluetooth Smart readers. These Bluetooth Smart readers ‘read’ the PKI credentials present on smart cards and USB tokens and send them over the Bluetooth Smart protocol to mobile devices, essentially enabling PKI authentication over Bluetooth connections. PKI Bluetooth Smart readers enable advanced PKI use cases to be performed on mobile devices—PKI use cases that until today were only available and possible to carry out on laptops and desktops. Advanced PKI use cases include digital signatures, for example when signing electronic prescriptions, tax files, etc., email encryption and decryption, and PKI-based two factor authentication to online applications or even mobile enterprise containers. PKI Bluetooth Smart readers read the PKI credentials of a smart card for example, send them to middleware installed on the user’s tablet or smartphone, and in this way enable the breadth of PKI certificate-based use cases heretofore limited to desktops and laptops—enabling greater mobility for numerous verticals.
More on these technologies in our next articles, so stay tuned.
In the meantime, if you missed it, check out the first in this series, IAM Trends: A snapshot of enterprise mobility (Part 1). And, the next in our series is IAM Trends: Enterprise security technology essentials (Part 3). For the latest trends in mobility and access management, visit our Authentication and Identity Management Index website, or watch our on-demand webinar “What’s Next in Securing Identities? Key Identity & Access Management Trends.”