It's an Identity Thing

 The business landscape has changed dramatically within just the past five years. Mobile devices, which are effectively powerful personal computers, are everywhere and possess enormous business potential. I was interested in Gartner’s prediction which states that, “By year-end 2020, 80% of user access will be shaped by new mobile and non-PC architectures that service all identity types regardless of origin.” Additionally, IDC estimates that 55 percent of all smartphones used in business will be employee-owned in 2015. These and other statistics have most enterprises struggling with a host of issues surrounding the use and security of mobile devices for work.

Today’s traditional security model assumes that putting your company's important assets inside the firewall is enough to shield them from outside threats - ‘security through obscurity’. With employees now accessing sensitive data on insecure networks and mobile devices, the new security paradigm must protect users and data regardless of their location or device.

The fundamental challenge with BYOD, on premise and SAAS is reconciling business and personal usage on a single device. Lately, I’ve noticed a growing trend that more and more applications are allowing people to do everything themselves. They gain the ability to authenticate themselves, and download things by themselves, therefore losing the universal system put in place by IT and becoming a problem for IT departments as they struggle to monitor everyone’s activity and legitimise accounts.

In an ideal world, on an employee's first day of work, they would have single sign-on access to the relevant applications for their role and then achieve steady- state productivity for the remainder of their employment. When employees leave the company, revoking access to enterprise applications and data should be easy. Unfortunately, the reality is different.

Today’s cloud-connected, mobile world demands a new approach to business security, as shown in this infographic.

As BYOD and SAAS becomes increasingly popular, the IT department’s ability to manage and oversee security, privacy and standardisation of technology use quickly decreases. To address today’s security threats, most companies start with a single sign-on (SSO) solution. While single sign-on started out as a solution to boost productivity and decrease costs for IT teams, today’s leading SSO solutions provide a strong foundation for the enterprise to move beyond passwords and protect their business.

An example of a common issue is the good old username and password. Logging in with a username and password is fine until it has to be done about 3 million times in one work day (clearly an exaggeration but you understand my point). The use of passwords as a first line of defence is a faulty security posture. Statistics prove that relying on our ability to create unique, but easy to remember passwords for 10, 20 or even more applications is too difficult. Further, imposing password standards actually encourages insecure user behaviour and results in frustrated users and gaping security holes.

In my time at Fronde, I’ve seen countless occasions in which businesses see one of their highest priorities as monitoring downloads and identity management in terms of security and access, so that they can manage logins to various applications, manage onboarding and offboarding etc. I am quite surprised by this large gap in an IT department's current state and it is often a big pain point that is simply overlooked.

In a nutshell, here are my 4 key insights relevant to this topic:

1. Productivity and user experience trump everything else.
2. Security is both a leading driver and a challenge for mobile initiatives.
3. Executives see Mobile devices as key to the post-password era.
4. Enterprises are seeking a single identity and access management (IAM) system for Web, API and Mobile access.

If you have any questions or feedback about this topic I’d love to talk about it; feel free to send me a message and I’ll be happy to have a chat over the phone or catch up for a cup of coffee.