For many of us in the enterprise our network identity is currently very limited in scope. Our userID is most likely comprised of just a user name and a password. This is all that is required and used to authenticate us to access the company network and information. But this concept of identity, which reaches back many years into a different era of computing, is too simple for the complexities of a mature enterprise mobile ecosystem. It is functional, but there are many aspects of security and services that are limited due to its relative lack of information. The use of identity in a mobile ecosystem needs to evolve beyond simply who (username/password) to an ecosystem identity of who, what, when, where, and how.
As enterprises move more towards a mobile enabled workforce, many of an organization’s resources, such as devices, data, and applications are not located solely on-premise. They may not even be connected via the corporate network and are therefore, not even behind the firewall. As well, users are able to sync directly to cloud services to access vital corporate information. This exposure increases security risks that can be mitigated by leveraging solutions such as MDM, Single-Sign-On Services, Application Management, etc. Unfortunately, the notion of username/password is just one factor in this new reality of a mobile ecosystem. So, how can enterprises be assured that information is safe?
A mature mobile ecosystem will require that identity be able to address not only username and password, but attributes such as location, user devices, apps, and time zones. These additional attributes allow advanced systems further capabilities to ensure ‘network’, i.e. ecosystem, security. For example, a highly-evolved mobile ecosystem shouldn’t allow a ‘user’ to login if they are not doing so using an expected device or from an unusual location. The additional information can also be tied into application functionality. For example, a company with a globally distributed workforce could leverage time-zone information for productivity and collaboration apps.
In order to evolve identity for an enterprise mobile ecosystem, standard identity attributes need to expand beyond the norms of just username/password. This mostly likely will be driven by pressure from management platforms, such as MDM solutions, as they are a natural location to want to leverage this data. These platforms also intrinsically understand the notion of a mobile ecosystem and can therefore, put this information to better use than directory services. This will differ from current thinking about identity. Presently, the idea of network and identity, form a corporate perspective, is very directory and on-premise based. In a mobile ecosystem, Active Directory will continue to play a central role, but management of that ecosystem, will place pressure to expand its boundaries. The advantages are too great to ignore.
Management of this ecosystem identity doesn’t need to be a chore either. There is no reason that it can’t be part of a self-service portal, or part of the on-boarding process with the enrollment of new mobile devices on your network. This co-ownership of your identity increases accuracy as well lessens the management load on IT staff.
In much how Microsoft SharePoint helped enterprises realize the limitations of the attributes available to use with files stored on a network share, mobile ecosystems are pushing enterprise to see limitations with simple user identity. SharePoint demonstrated that organizations can collect information beyond just file name and date and use it powerfully in company processes. An expanded notion of identity will provide additional functionality and enhanced security options. It will also allow enterprises to effectively secure and manage a mobile ecosystem. What challenges do you see with the current notion of identity? How would you envision its evolution? Post a comment and let me know!