Tag Archives: mobile security

User Identity in a Mobile Ecosystem

For many of us in the enterprise our network identity is currently very limited in scope. Our userID is most likely comprised of just a user name and a password. This is all that is required and used to authenticate us to access the company network and information. But this concept of identity, which reaches back many years into a different era of computing, is too simple for the complexities of a mature enterprise mobile ecosystem. It is functional, but there are many aspects of security and services that are limited due to its relative lack of information. The use of identity in a mobile ecosystem needs to evolve beyond simply who (username/password) to an ecosystem identity of who, what, when, where, and how.

As enterprises move more towards a mobile enabled workforce, many of an organization’s resources, such as devices, data, and applications are not located solely on-premise. They may not even be connected via the corporate network and are therefore, not even behind the firewall.  As well, users are able to sync directly to cloud services to access vital corporate information. This exposure increases security risks that can be mitigated by leveraging solutions such as MDM, Single-Sign-On Services, Application Management, etc. Unfortunately, the notion of username/password is just one factor in this new reality of a mobile ecosystem. So, how can enterprises be assured that information is safe?

A mature mobile ecosystem will require that identity be able to address not only username and password, but attributes such as location, user devices, apps, and time zones. These additional attributes allow advanced systems further capabilities to ensure ‘network’, i.e. ecosystem, security.  For example, a highly-evolved mobile ecosystem shouldn’t allow a ‘user’ to login if they are not doing so using an expected device or from an unusual location. The additional information can also be tied into application functionality. For example, a company with a globally distributed workforce could leverage time-zone information for productivity and collaboration apps.

In order to evolve identity for an enterprise mobile ecosystem, standard identity attributes need to expand beyond the norms of just username/password. This mostly likely will be driven by pressure from management platforms, such as MDM solutions, as they are a natural location to want to leverage this data. These platforms also intrinsically understand the notion of a mobile ecosystem and can therefore, put this information to better use than directory services. This will differ from current thinking about identity. Presently, the idea of network and identity, form a corporate perspective, is very directory and on-premise based. In a mobile ecosystem, Active Directory will continue to play a central role, but management of that ecosystem, will place pressure to expand its boundaries. The advantages are too great to ignore.

Management of this ecosystem identity doesn’t need to be a chore either. There is no reason that it can’t be part of a self-service portal, or part of the on-boarding process with the enrollment of new mobile devices on your network. This co-ownership of your identity increases accuracy as well lessens the management load on IT staff.

In much how Microsoft SharePoint helped enterprises realize the limitations of the attributes available to use with files stored on a network share, mobile ecosystems are pushing enterprise to see limitations with simple user identity.  SharePoint demonstrated that organizations can collect information beyond just file name and date and use it powerfully in company processes. An expanded notion of identity will provide additional functionality and enhanced security options. It will also allow enterprises to effectively secure and manage a mobile ecosystem. What challenges do you see with the current notion of identity? How would you envision its evolution? Post a comment and let me know!

Leave a comment

Filed under Ecosystem, Management, Mobile, Productivity, Strategy

Good Technology – Securing the Enterprise App Ecosystem

Suzanne DicksonWhat can an enterprise do once there is the realization that mobile security is more than just managing devices? This was the topic at hand in my discussion with Suzanne Dickson, VP of Product Marketing, of Good Technology at Mobile World Congress in Barcelona. Dickson and the people at Good Technology know a thing or two about enterprise mobile security. Good Technology’s services are used by major organizations, including 50 of the Fortune 100 as well as enterprise customers in 90+ countries operating on over 200 carriers. This has provided them the opportunity to gain a lot of insight into enterprise mobile requirements.

“The market is still very early in understanding the potential security threats,” Dickson stated. “A lot of security issues are done by users losing data inadvertently,” she continued. Dickson acknowledged that this can happen simply because users share data from the device that they are not supposed to. Dickson went on to state that “there is a misconception out there that if I have device management then my data is safe.” Enterprises are slowly moving away from this line-of-thinking and Good Technology believes it is positioned well to be able to help them respond to the much broader threat landscape.

So what does this broader threat landscape look like; where are the additional security gaps that need to be plugged? Dickson believes that part of their job is educating customers about these threats. One area is through the applications itself. “With application development, you could develop an app and rely on traditional VPN for data security,” Dickson said. But she doesn’t view that as a robust solution. “Companies may think they are safe until an [security] event happens – this is a big disconnect.”

But Good Technology is working closely with customers and partners to stay ahead of this event. One particular area, Information Management, is where Dickson feels they are on solid ground is with their Good Dynamics product. Good Dynamics is a mobile application platform for developing secure applications. Good Dynamics-enabled mobile applications are wrapped in a secure container. This enables clean separation between enterprise data and employees’ data on their mobile devices.  Managing the information is a key component to the future of enterprise mobility for Dickson.  “Information management is where it gets exciting. It doesn’t matter where the data is, whether your phone or desktop,” she said. “How you secure the data regardless is what gives you the flexibility to have that data located anywhere.”

With Good Dynamics securing enterprise data is done through partnerships. By partnering with apps and services such as Box, Quickoffice, and Roambi, Good Technology is able to assure customers end-to-end control of their valuable assets. And as with many trends in mobility this is being driven by the consumer. “We are hearing from partners that clients are telling them they can’t use their app until it is secure,” she recounted. This consumer/client driven approach is also pushing Good’s product roadmap as well. As Dickson said “part of the benefit that we have of working with early adopters is that they are pushing us to new directions and capabilities, especially on a global level.”  This insight is a key strategic advantage not only for Good Technology but also as something that is passed on to their clients. “Our fundamental promise and focus is on security. We believe a lot of the growth [in the enterprise] is in the number of applications and we want to allow people to build those applications securely and cost effectively.”

About Good Technology

Good Technology combines award-winning enterprise-grade mobile security and control with an exceptional user experience, allowing enterprise and government employees to connect, communicate, and collaborate on iPads™, iPhones®, Android™, Windows Phone and other leading smartphone platforms. Good opens new possibilities for maximizing business and personal productivity by providing secure, easy-to-use, and instant mobile access to email, collaboration, application, document editing and device management capabilities on iOS and Android devices. Good also enables secure mobile application and secure, custom social media platform development. Discover more at www.good.com.

Leave a comment

Filed under Management, Mobile, MWC12, Security