I had a recent conversation with a client regarding concerns on the impact of supporting an increasingly mobile worker for security and access to enterprise applications. This isn’t a new concern, but trends and events unfolding at an ever-increasing pace have highlighted the problem and potential complexity of solutions for it. Let’s take a look at a few of them.
1- Improving capabilities of different mobile client devices (e.g. smartphones, tablet PCs) are drawing them inevitably into use as entry points to enterprise applications and data. I remember riding on a train in England going 80 miles an hour responding to email on an HP95LX “palm” device in 1998, so as I said, this isn’t a new problem. But the sophistication of the devices, their flexibility, and their ease of use are pressuring IT shops to provide some form of IAM support for these devices, particularly for certain important customers (read executives). The ‘bring your own device’ (BYOD) phenomenon is characteristic also part of this, where more employees and contractors use their own purchased smart client devices (including PCs) to access enterprise applications. All of this just adds more pressure on IAM solutions to broaden their functionality to support such environments;
2- The evolution of applications and services in terms of how they are delivered is also demanding more of IAM in a mobile world. Where the ‘components’ of the application are executed, how they are protected and accessed, and how identity administration changes in such a world as a result are key concerns. A hybrid world of cloud computing applications, enterprise applications, hosted applications with outsourced services– all must be supported with a common look and feel to access, a common system for reporting for compliance, for applying a graduated scale of access based on risk and sensitivity– the list goes on. Classical IAM products are attempting to extend their functionality to include these different client types and scenarios, but it remains a major concern for enterprises with a heavy reliance on mobility;
3- Integrating IAM systems with systems such as mobile data management and mobile applications development are in the early stages and represent a positive (and needed) trend. Within enterprises, the asset management team that ensures the issuance of mobile phones, tablet PCs, and the like must talk to the IAM team that does provisioning and deprovisioning of access to make sure there is a convergence of process for these activities– and vice versa. Mobile application developers that seek to incorporate mobile client services into enterprise application environments must understand that requirements for authentication and authorization requirements may be different than that to which they are accustomed, resulting in changes to their methodology and approach to programming for security and access.
I really don’t like to use the phrase “this is in an early stage of evolution” for trends this volatile and dynamic, but it is what it is. This wave will roll over traditional environments like IAM, applications, and infrastructure and leave its mark– hopefully not like tsunami leaves its mark. Ignoring mobility in IAM, like ignoring tsunamis, is not an option.
Category: IAM Tags: