Gartner Blog Network

Identity and Access Management in a Mobile World

by Earl Perkins  |  May 3, 2012  |  6 Comments

I had a recent conversation with a client regarding concerns on the impact of supporting an increasingly mobile worker for security and access to enterprise applications. This isn’t a new concern, but trends and events unfolding at an ever-increasing pace have highlighted the problem and potential complexity of solutions for it. Let’s take a look at a few of them.

1- Improving capabilities of different mobile client devices (e.g. smartphones, tablet PCs) are drawing them inevitably into use as entry points to enterprise applications and data. I remember riding on a train in England going 80 miles an hour responding to email on an HP95LX “palm” device in 1998, so as I said, this isn’t a new problem. But the sophistication of the devices, their flexibility, and their ease of use are pressuring IT shops to provide some form of IAM support for these devices, particularly for certain important customers (read executives). The ‘bring your own device’ (BYOD) phenomenon is characteristic also part of this, where more employees and contractors use their own purchased smart client devices (including PCs) to access enterprise applications. All of this just adds more pressure on IAM solutions to broaden their functionality to support such environments;

2- The evolution of applications and services in terms of how they are delivered is also demanding more of IAM in a mobile world. Where the ‘components’ of the application are executed, how they are protected and accessed, and how identity administration changes in such a world as a result are key concerns. A hybrid world of cloud computing applications, enterprise applications, hosted applications with outsourced services– all must be supported with a common look and feel to access, a common system for reporting for compliance, for applying a graduated scale of access based on risk and sensitivity– the list goes on. Classical IAM products are attempting to extend their functionality to include these different client types and scenarios, but it remains a major concern for enterprises with a heavy reliance on mobility;

3- Integrating IAM systems with systems such as mobile data management and mobile applications development are in the early stages and represent a positive (and needed) trend. Within enterprises, the asset management team that ensures the issuance of mobile phones, tablet PCs, and the like must talk to the IAM team that does provisioning and deprovisioning of access to make sure there is a convergence of process for these activities– and vice versa. Mobile application developers that seek to incorporate mobile client services into enterprise application environments must understand that requirements for authentication and authorization requirements may be different than that to which they are accustomed, resulting in changes to their methodology and approach to programming for security and access.

I really don’t like to use the phrase “this is in an early stage of evolution” for trends this volatile and dynamic, but it is what it is. This wave will roll over traditional environments like IAM, applications, and infrastructure and leave its mark– hopefully not like tsunami leaves its mark. Ignoring mobility in IAM, like ignoring tsunamis, is not an option.

Category: iam  

Earl Perkins
Research VP
5 years at Gartner
32 years IT industry

Earl Perkins is a research vice president in the Security and Privacy team at Gartner. His focus areas include identity and access management (IAM), including user provisioning, role life cycle management… Read Full Bio

Thoughts on Identity and Access Management in a Mobile World

  1. […] the original here:  Identity and Access Management in a Mobile World  Posted by admin at 10:58 pm  Tagged with: applications, capabilities, england, […]

  2. Enterprise tablets says:

    One interesting trend in mobile IAM is being able to drop legacy server-in-the-middle vendors, whether they’re styled SaaS, Cloud, or whatever, they’re typically all about slowing traffic, exacting tolls and generally locking clients into their proprietary ecosystem and whatever limited functionality they’re offering. It worked for a while for RIM but it’s a hard thing to pull off the same trick a generation later with the same audiences.

    What’s emerging from the ashes of 1990s concepts of MDMs/NOCs etc. are smart apps that authenticate web and email traffic right to the specific web and mail servers, able to support BYOD to full organizational rollouts without needing to re-architect the back-end. It’s great news for clients, although not necessarily for VCs who are hoping no one’s noticed that their server in the middle of the slide or web page isn’t actually necessary…

  3. […] more from the original source: Identity and Access Management in a Mobile World Comments […]

  4. Earl Perkins says:

    Thank you for the comments. You’re right about MDMs, but one concern I have is that their IAM capabilities may not be adequate to provide the levels of secure access required by applications other than the web and mail servers in question. It does not mean they would remain permanently inadequate, jus that the mechanisms used as I understand them today are limited. I’m not an expert in MDMs, however, so would defer to those that are on this question.

  5. Eric Tse says:

    I have similar thoughts too.
    My friend is porting Siebel on ipod platform these days.

    BTW, for now, many of the IAM application are web based application. Meaning that you do not need to install any software on your mobile device.

    You may need a VPN client on your mobile device sometimes.

    Also should there be another IAM web interface specific for mobile device? Like some websites like facebook, they provide different (simplified) user interfaces to user using mobile device.

    Another factor is the securtity level of the mobile device itself. It may violate corporate security policy if a user use a mobile device to logon security applications while their device does not meet corporate security standards.

    Think about a laptop. Now the IAM administrators are using company Labtop to access IAM applications through VPN if they are working from home. I think mobile device would follow similar route although interface would get even lighter.

    Eric Tse, Richmond Hill, Toronto
    Tse and Tse Consulting -Security, Identity Access Management, Solution Architect, Consulting
    Linkedin ID:
    company email:
    My Company Web Site
    Company Blog
    Company Blog 1
    Facebook Company Page

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.