MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com



Similar documents
Connecting Users with Identity as a Service

EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

SAML 101. Executive Overview WHITE PAPER

A Standards-based Mobile Application IdM Architecture

CA Single Sign-On Migration Guide

pingidentity.com IDENTITY SECURITY TRENDS IN THE MOBILE ERA

The Primer: Nuts and Bolts of Federated Identity Management

How to Extend Identity Security to Your APIs

The increasing popularity of mobile devices is rapidly changing how and where we

Pick Your Identity Bridge

CA Technologies Empowers Employees with Better Access to Applications via OneAccess Mobile App

Customer Identity and Access Management (CIAM) Buyer s Guide

STRONGER AUTHENTICATION for CA SiteMinder

Adding Stronger Authentication to your Portal and Cloud Apps

Flexible Identity Federation

The Top 5 Federated Single Sign-On Scenarios

Google Identity Services for work

Introduction to SAML

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Identity. Provide. ...to Office 365 & Beyond

Cloud Computing. Chapter 5 Identity as a Service (IDaaS)

NCSU SSO. Case Study

Extend and Enhance AD FS

An Overview of Samsung KNOX Active Directory and Group Policy Features

OpenID Connect 1.0 for Enterprise

API-Security Gateway Dirk Krafzig

Simple Cloud Identity Management (SCIM)

HOL9449 Access Management: Secure web, mobile and cloud access

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

USING FEDERATED AUTHENTICATION WITH M-FILES

Enable Your Applications for CAC and PIV Smart Cards

The flexible workplace: Unlocking value in the bring your own device era

IBM Tivoli Federated Identity Manager

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

SECUREAUTH IDP AND OFFICE 365

white paper 5 Steps to Secure Internet SSO Overview

IBM MobileFirst Managed Mobility

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

Mobile Security. Policies, Standards, Frameworks, Guidelines

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

Device-Centric Authentication and WebCrypto

SAML 101 WHITE PAPER

Single Sign On. SSO & ID Management for Web and Mobile Applications

Secure Your Enterprise with Usher Mobile Identity

Vyom SSO-Edge: Single Sign-On for BMC Remedy

Enabling SSO for native applications

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

Administering Jive Mobile Apps

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

The Primer: Nuts and Bolts of Federated Identity Management

How To Use Salesforce Identity Features

White paper December Addressing single sign-on inside, outside, and between organizations

The Role of Identity Enabled Web Services in Cloud Computing

OPENIAM ACCESS MANAGER. Web Access Management made Easy

SAML-Based SSO Solution

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITE PAPER Usher Mobile Identity Platform

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper

TrustedX: eidas Platform

Identity in the Cloud

Top 5 Reasons to Choose User-Friendly Strong Authentication

Security Services. Benefits. The CA Advantage. Overview

BYOD: BRING YOUR OWN DEVICE.

Centrify Mobile Authentication Services

nexus Hybrid Access Gateway

How To Manage A Plethora Of Identities In A Cloud System (Saas)

The Convergence of IT Security and Physical Access Control

Improving Online Security with Strong, Personalized User Authentication

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

PingFederate. SSO Integration Overview

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

Security solutions Executive brief. Understand the varieties and business value of single sign-on.

A number of factors contribute to the diminished regard for security:

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

THE MOBlLE APP. REVOLUTlON. 8 STEPS TO BUlLDING MOBlLE APPS FAST ln THE CLOUD

Understanding Enterprise Cloud Governance

Securing Corporate on Personal Mobile Devices

Windows Phone 8.1 in the Enterprise

SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity

expanding web single sign-on to cloud and mobile environments agility made possible

Guide to Evaluating Multi-Factor Authentication Solutions

Transcription:

MOBILITY Transforming the mobile device from a security liability into a business asset. pingidentity.com

Table of Contents Introduction 3 Three Technologies That Securely Unleash Mobile and BYOD 4 Three Technology Pillars That Support Mobile and BYOD 5 1. Mobile-based Authentication 5 2. Single Sign-on 6 3. Application Programming Interfaces 7 The Critical Role of Standards for a Secure BYOD Architecture 8 Summary 9

INTRODUCTION Using personally-owned mobile devices for work is a fast-moving trend. IDC estimates that 55 percent of all phones used in business will be employeeowned by 2015, with other thought leaders stating that 81 percent of employees today use their mobile devices for work. Meeting these statistics, it is estimated that by 2017, two in three organizations will adopt a bring your own device (BYOD) policy. These above-mentioned trends are no surprise. Organizations realize that a highly mobile employee is likely to be highly productive. There is a tangible value in allowing employees to get work done during their commutes. However popular, the BYOD trend is not all roses. The inherent nature of employee-owned devices used within the workplace is a legitimate concern for IT. Where IT can implement tight control over company-owned devices, they are unable to do so with those that are employee-owned. Furthermore, employees demand ease and convenience. If they experience IT interfering with their ability to get work done, they will seek work-around options. For every functionality denied by IT, there is a shadow IT third-party application that employees can sign up for with a credit card and subsequently expense. It is therefore critical to find a way to support employee-owned devices with methods that secure organizational data and transactions and uninhibit getting work done. of employees use their of organizations will adopt movile devices for work a BYOD policy by 2017 3 MOBILITY IS A BUSINESS ASSET

THREE TECHNOLOGIES THAT SECURELY UNLEASH BYOD Mobile-based authentication Single sign-on APIs To support employee-owned devices, you must secure sensitive business data accessed and stored on mobile devices while enabling employees to easily do their job. An architecture capable of supporting mobile must therefore provide: Application and data security protecting the sensitive business information accessed by and stored on mobile devices. User enablement ensuring that employees can perform the duties of their role when and where they wish to, fundamentally allowing them to get things done. By utilizing the following three technology pillars, you can provide application and data security as well as support user enablement. Mobile-based authentication leveraging the capabilities of smartphones to provide secure and easy sign-on. Single sign-on across web and native applications giving employees a seamless user experience for both web and native mobile applications. Application Programming Interfaces (APIs) granting access for business data only to authorized applications and users. 4

THREE TECHNOLOGIES THAT SUPPORT BYOD 1. MOBILE-BASED AUTHENTICATION There is a trend moving away from authentication schemes relying on what you know, such as a password, to what you have, such as a key fob or fingerprint. With passwords being such a major culprit in hacking schemes, what you have authentication factors are fast becoming much more relevant. Due to their features, smartphones can provide a useful what you have authentication factor. They can be used for second-factor authentication, or can replace what you know factors (passwords) completely as a singlefactor authentication device. ARE ARE HAVE TREND HAVE KNOW KNOW What Makes Smartphones Great for Authentication Effectively, a smartphone is a powerful portable computer that can enable robust authentication models by leveraging the following features: Connected. Mobile phones are on the network and can therefore respond to many different prompts or challenges. Computative. Modern phones have computational and storage abilities, so they can support cryptographic operations. Storage. Smartphones allow the storage of identifiers, secrets and credentials used in authentication schemes. User Interface (UI). Smartphones have a user interface that can be used to involve the owner in authentication factors when relevant, such as entering a local pin, swiping the screen or, in the future, using their fingerprint. Inexpensive. Compared to tokens or other authentication devices, smartphones are much more costeffective and easily remembered by their owners. Using Mobile Phones for Authentication Different mobile-based authentication schemes leverage features in different combinations. For instance, PingID is a mobile based authentication scheme that authenticates users by sending a challenge to an application installed on the user s previously registered device through the Google Cloud Messaging for Android or Apple Push Notification Services. Upon receipt, the user simply swipes their screen to answer the challenge. Utilizing a smartphone for authentication is more dyanmic, cheaper and lower-mainentance than FOBs. 5

THREE TECHNOLOGIES THAT SUPPORT BYOD 2. SINGLE SIGN-ON SSO improves security for the enterprise as well as significantly improves the productivity and overall work enjoyment of employees. Nothing slows down and frustrates employees more than having to call the help desk to get a password reset. With single sign-on, you can maximize productivity by minimizing the number of explicit credentials (passwords) needed to access applications. SSO improves security for the enterprise as well as significantly improves the productivity and overall work enjoyment of employees. So, how does this tie in to BYOD and mobile phones? Mobile SSO enables users to sign-on once to a secure SSO application on their mobile device and have instant access to all of their enterprise applications. When a device is stolen, the credentials stored on it are stolen. That s a problem when 27% of adults mobile devices have been lost or stolen. This can be avoided with SSO. stolen, the credentials stored on it are stolen. With 27 percent of adults experiencing a lost or stolen device, it s crucial to keep corporate credentials off of devices. With SSO and mobile-based authentication, sign-on credentials are not stored on the device, and authentication and authorization is done via standardized mechanisms (standards). (See the standards section for detailed information on their role in single sign-on.) Another reason for SSO for mobile devices is that user credentials are typically stored on the device itself. Therefore, when a device is Single sign-on solutions, such as PingOne, provide standards-based SSO for mobile. 6

THREE TECHNOLOGIES THAT SUPPORT BYOD 3. APPLICATION PROGRAMMING INTERFACES MOBILE SERVER API / WEB KIOSK BROWSER The primary way that native mobile applications gain access to corporate data is through application programming interfaces (APIs). By securing APIs, you can be confident that the user is allowed access to the application data, no matter where they are or what application or device they are using. Securing APIs using a standards-based approach is critical to scalability and development productivity. Many organizations build authentication into each mobile application, which creates significant overhead for developers and generally is not as secure. The best practice for mobile security is to utilize the standardized OAuth 2.0 protocol, which uses access tokens on API calls. By validating the token, the API is able to determine which employee is requesting access to the native application, and then determine authorization based on that employee s access rights. (See the standards section for more information on their role in API security.) Modern access management solutions, like PingAccess and PingFederate, provide both web and API access management with both proxy- and agent-based implementation options. 7

THE CRITICAL ROLE OF STANDARDS FOR A SECURE BYOD ARCHITECTURE OAUTH CONNECT NAPPS SAML WEB SSO YOUR NATIVE APP Standards are the critical role-players in mobile security (and identity security). They support mobile-based authentication, single sign-on from any device and any location and simple API authorization by enabling secure, encrypted authentication, authorization and access across web and mobile platforms. Support of standards brings security to any device, browser or client that is accessing information from applications. Additionally, support reduces the integration efforts between multiple organizations when sharing applications or information. Standards, such as SAML, OAuth 2.0, OpenID Connect, and standard models such as FIDO and NAPPS, have been and are independently reviewed and developed by leading security professionals to provide the strongest levels of security. All Ping Identity products and solutions are built on standards. Security Assertion Markup Language (SAML) is the standard that powers web single sign-on and allows businesses to safely share identity information across domains for authentication and authorization. OAuth 2.0 is the industry standard for controlling access to APIs using secure access tokens instead of usernames and passwords. OpenID Connect (Connect) is a new standard that provides a best of breed approach to both web SSO and API access, building on SAML and OAuth. The FIDO (Fast Identity Online) Alliance is defining an alternative mobile-based authentication model one that can leverage the emerging biometric capabilities of devices. The OpenID Foundation s Native Applications (NAPPS) working group is defining an architecture that will enable the single sign-on experience across native applications and, critically, for mobile web apps as well. 8

SUMMARY Leading organizations are embracing the mobile and BYOD phenomenon and intelligently securing corporate data and applications while empowering their mobile employees to be more productive than ever. The pillars below have been found to be critical success factors to get the most out of your mobile initiatives: Mobile-based authentication leveraging the capabilities of smartphones to provide secure and easy sign-on, such as provided by PingID. Single sign-on across web and native applications giving employees a seamless user experience for both web and native mobile applications, such as provided by PingOne. Application Programming Interfaces (APIs) granting access for business data only to authorized applications and users, such as provided by PingAccess and PingFederate. Using these standards-based technology pillars, you can unlock the potential of BYOD. Visit pingidentity.com to find out more about how Ping Identity solutions can help you transform mobile into a business asset. About Ping Identity The Identity Security Company Ping Identity believes secure professional and personal identities underlie human progress in a connected world. Our identity and access management platform gives enterprise customers and employees one-click access to any application from any device. Over 1,200 companies, including 45 of the Fortune 100, rely on our award-winning products to make the digital world a better experience for hundreds of millions of people. For more information, dial U.S. toll-free 877.898.2905 or +1.303.468.2882, email sales@pingidentity.com or visit pingidentity.com. 2014 Ping Identity Corporation. All rights reserved. Ping Identity, PingFederate, PingOne, PingAccess, PingID, the respective product marks, the Ping Identity trademark logo, and Cloud Identity Summit are trademarks, or servicemarks of Ping Identity Corporation. All other product and service names mentioned are the trademarks of their respective companies. 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information