Earl PerkinsI had a recent conversation with a client regarding concerns on the impact of supporting an increasingly mobile worker for security and access to enterprise applications. This isn’t a new concern, but trends and events unfolding at an ever-increasing pace have highlighted the problem and potential complexity of solutions for it. Let’s take a look at a few of them.
1- Improving capabilities of different mobile client devices (e.g. smartphones, tablet PCs) are drawing them inevitably into use as entry points to enterprise applications and data. I remember riding on a train in England going 80 miles an hour responding to email on an HP95LX “palm” device in 1998, so as I said, this isn’t a new problem. But the sophistication of the devices, their flexibility, and their ease of use are pressuring IT shops to provide some form of IAM support for these devices, particularly for certain important customers (read executives). The ‘bring your own device’ (BYOD) phenomenon is characteristic also part of this, where more employees and contractors use their own purchased smart client devices (including PCs) to access enterprise applications. All of this just adds more pressure on IAM solutions to broaden their functionality to support such environments;
2- The evolution of applications and services in terms of how they are delivered is also demanding more of IAM in a mobile world. Where the ‘components’ of the application are executed, how they are protected and accessed, and how identity administration changes in such a world as a result are key concerns. A hybrid world of cloud computing applications, enterprise applications, hosted applications with outsourced services– all must be supported with a common look and feel to access, a common system for reporting for compliance, for applying a graduated scale of access based on risk and sensitivity– the list goes on. Classical IAM products are attempting to extend their functionality to include these different client types and scenarios, but it remains a major concern for enterprises with a heavy reliance on mobility;
3- Integrating IAM systems with systems such as mobile data management and mobile applications development are in the early stages and represent a positive (and needed) trend. Within enterprises, the asset management team that ensures the issuance of mobile phones, tablet PCs, and the like must talk to the IAM team that does provisioning and deprovisioning of access to make sure there is a convergence of process for these activities– and vice versa. Mobile application developers that seek to incorporate mobile client services into enterprise application environments must understand that requirements for authentication and authorization requirements may be different than that to which they are accustomed, resulting in changes to their methodology and approach to programming for security and access.
I really don’t like to use the phrase “this is in an early stage of evolution” for trends this volatile and dynamic, but it is what it is. This wave will roll over traditional environments like IAM, applications, and infrastructure and leave its mark– hopefully not like tsunami leaves its mark. Ignoring mobility in IAM, like ignoring tsunamis, is not an option.
Category: IAM Tags:
4 responses so far ↓
1 Identity and Access Management in a Mobile World | Pro Phone Cards May 3, 2012 at 6:59 pm
[...] the original here:Â Identity and Access Management in a Mobile World Posted by admin at 10:58 pm Tagged with: applications, capabilities, england, [...]
2 Enterprise tablets May 3, 2012 at 7:00 pm
One interesting trend in mobile IAM is being able to drop legacy server-in-the-middle vendors, whether they’re styled SaaS, Cloud, or whatever, they’re typically all about slowing traffic, exacting tolls and generally locking clients into their proprietary ecosystem and whatever limited functionality they’re offering. It worked for a while for RIM but it’s a hard thing to pull off the same trick a generation later with the same audiences.
What’s emerging from the ashes of 1990s concepts of MDMs/NOCs etc. are smart apps that authenticate web and email traffic right to the specific web and mail servers, able to support BYOD to full organizational rollouts without needing to re-architect the back-end. It’s great news for clients, although not necessarily for VCs who are hoping no one’s noticed that their server in the middle of the slide or web page isn’t actually necessary…
3 Identity and Access Management in a Mobile World « Management Fair May 4, 2012 at 12:01 am
[...] more from the original source: Identity and Access Management in a Mobile World Comments [...]
4 Earl Perkins May 4, 2012 at 5:39 am
Thank you for the comments. You’re right about MDMs, but one concern I have is that their IAM capabilities may not be adequate to provide the levels of secure access required by applications other than the web and mail servers in question. It does not mean they would remain permanently inadequate, jus that the mechanisms used as I understand them today are limited. I’m not an expert in MDMs, however, so would defer to those that are on this question.