User Identity in a Mobile Ecosystem

For many of us in the enterprise our network identity is currently very limited in scope. Our userID is most likely comprised of just a user name and a password. This is all that is required and used to authenticate us to access the company network and information. But this concept of identity, which reaches back many years into a different era of computing, is too simple for the complexities of a mature enterprise mobile ecosystem. It is functional, but there are many aspects of security and services that are limited due to its relative lack of information. The use of identity in a mobile ecosystem needs to evolve beyond simply who (username/password) to an ecosystem identity of who, what, when, where, and how.

As enterprises move more towards a mobile enabled workforce, many of an organization’s resources, such as devices, data, and applications are not located solely on-premise. They may not even be connected via the corporate network and are therefore, not even behind the firewall.  As well, users are able to sync directly to cloud services to access vital corporate information. This exposure increases security risks that can be mitigated by leveraging solutions such as MDM, Single-Sign-On Services, Application Management, etc. Unfortunately, the notion of username/password is just one factor in this new reality of a mobile ecosystem. So, how can enterprises be assured that information is safe?

A mature mobile ecosystem will require that identity be able to address not only username and password, but attributes such as location, user devices, apps, and time zones. These additional attributes allow advanced systems further capabilities to ensure ‘network’, i.e. ecosystem, security.  For example, a highly-evolved mobile ecosystem shouldn’t allow a ‘user’ to login if they are not doing so using an expected device or from an unusual location. The additional information can also be tied into application functionality. For example, a company with a globally distributed workforce could leverage time-zone information for productivity and collaboration apps.

In order to evolve identity for an enterprise mobile ecosystem, standard identity attributes need to expand beyond the norms of just username/password. This mostly likely will be driven by pressure from management platforms, such as MDM solutions, as they are a natural location to want to leverage this data. These platforms also intrinsically understand the notion of a mobile ecosystem and can therefore, put this information to better use than directory services. This will differ from current thinking about identity. Presently, the idea of network and identity, form a corporate perspective, is very directory and on-premise based. In a mobile ecosystem, Active Directory will continue to play a central role, but management of that ecosystem, will place pressure to expand its boundaries. The advantages are too great to ignore.

Management of this ecosystem identity doesn’t need to be a chore either. There is no reason that it can’t be part of a self-service portal, or part of the on-boarding process with the enrollment of new mobile devices on your network. This co-ownership of your identity increases accuracy as well lessens the management load on IT staff.

In much how Microsoft SharePoint helped enterprises realize the limitations of the attributes available to use with files stored on a network share, mobile ecosystems are pushing enterprise to see limitations with simple user identity.  SharePoint demonstrated that organizations can collect information beyond just file name and date and use it powerfully in company processes. An expanded notion of identity will provide additional functionality and enhanced security options. It will also allow enterprises to effectively secure and manage a mobile ecosystem. What challenges do you see with the current notion of identity? How would you envision its evolution? Post a comment and let me know!

Enterprise Mobility – Data in the Driver’s Seat – Part II

This is the second half of a two part series examining data’s central driving role in enterprise mobility. Part Iexamined the aspects of data management. Today we’ll look at how a robust enterprise app ecosystem is derived from the data requirements.

There are many apps and services available that target enterprise users – almost too many. In assessing if an app or service is the right fit for your organization what do you use to inform your judgment? How do you go about assembling your enterprise mobile app ecosystem? What steers your strategy? Data is the cornerstone of a robust enterprise mobile ecosystem. If you have a robust data management process in your organization it will provide the clarity required to select the right apps and services, as well as understand the boundaries for your ecosystem.

Required Capabilities

Once you have done the legwork to develop a data inventory and management practice, you will have a sense of not only the data itself, but also the process that drives this data. This is invaluable in developing an enterprise mobility strategy and ecosystem because you are able to eliminate the noise and distraction of that ‘shiny new functionality’ in any given app. You will be able to zero in on capabilities that support those data processes. App/Service evaluation is less about cool and more about capable. It is important to ask – does this app have the flexibility to fit within my current and future processes?  Knowing how data moves about in your organization will allow you to tightly focus your ecosystem to provide just the right level of functionality to your users. The apps you chose for your enterprise ecosystem need to fit your data processes.

Access & Control – Getting at the Data

When evaluating apps or services, the insights you gain from your data management process will also drive the access and control questions. What sort of data access privileges do you require as an administrator; a power user; a common user? Does an app or service even provide the level of granular access control? It is also important to understand how easy or difficult it is to control data access. An app or service may allow you to fine-tune access permissions, but if it is clunky you could end up wasting a lot of time.

As well, are you able to access the entire data set easily? Are you able to import and export the data? This is particularly important for several reasons. First, if you want to use a service but have existing data you want to leverage, without being able to import it you are DOA .Next, if you are unhappy with an app or service and you want to change, you will need to export the data.  If you can’t export the entire data set you could be stuck or have to start over and heads may roll. Lastly, don’t underestimate the power of manipulating data, especially sales data, in applications like Microsoft Excel. I have seen companies select cloud services with poor import/export capabilities and pay dearly later when they need to access it in entirety.

Data Sensitivity

Data is also in the driver’s seat because many organizations are wanting to mobile-enable existing data sets. Many of these data sets are considered sensitive. This alone is often the deciding factor of leveraging a public cloud service or app vs needing to build a custom one that is on-premise. Data sensitivity often determines an organization’s appetite for risk.

These are just a few of the key high-level considerations that data influences in the assembly of an enterprise app ecosystem. Data is the understated driver in a sound enterprise mobility strategy. Data will determine a number of key directions.  Apps may possess the ‘coolness’ factor, but it is in the data that enterprises will find a ROI with mobility. How else do you see data driving the ecosystem? Post a comment and let me know!

Benjamin Robbins is a Principal at Palador, a consulting firm that focuses on providing strategic guidance to enterprises in the areas of mobile strategy, policy, apps, and data. You can follow him on Twitter or connect on LinkedIn.