I D C T E C H N O L O G Y S P O T L I G H T



Similar documents
I D C V E N D O R S P O T L I G H T

I D C M A R K E T S P O T L I G H T. T h e I m p a c t of the Consumerization of IT

E l i m i n a t i n g Au t hentication Silos and Passw or d F a t i g u e w i t h Federated Identity a n d Ac c e s s

I D C S P O T L I G H T. Ac c e l e r a t i n g Cloud Ad o p t i o n w i t h Standard S e c u r i t y M e a s u r e s

I D C V E N D O R S P O T L I G H T. H yb r i d C l o u d Solutions for ERP

I D C T E C H N O L O G Y S P O T L I G H T

I D C T E C H N O L O G Y S P O T L I G H T. S e r ve r S e c u rity: N o t W h a t It U s e d t o Be!

I D C A N A L Y S T C O N N E C T I O N

I D C T E C H N O L O G Y S P O T L I G H T. W i n d ow s Serve r E n d o f L i f e : An Opportunity t o E va l u a t e I T S tr a t e gy

5 Must-Haves for an Enterprise Mobility Management (EMM) Solution

I D C T E C H N O L O G Y S P O T L I G H T

I D C T E C H N O L O G Y S P O T L I G H T. E n a b l i n g Quality I n n o va t i o n w i t h Servi c e

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

Global Headquarters: 5 Speen Street Framingham, MA USA P F

The State of Mobility in the Enterprise in 2014: An IDC Survey of Devices, Platforms, Decisions, and Deployments

Executive s Guide to Cloud Access Security Brokers

I D C V E N D O R S P O T L I G H T

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

API-Security Gateway Dirk Krafzig

I D C T E C H N O L O G Y S P O T L I G H T

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

An Overview of Samsung KNOX Active Directory and Group Policy Features

I D C T E C H N O L O G Y S P O T L I G H T. C a n S e c u rity M a k e IT More Productive?

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

AirWatch Solution Overview

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

I D C V E N D O R S P O T L I G H T

I D C M A R K E T S P O T L I G H T. T h e E vo l u t i o n of Enterprise Mobility

Mobilize your Enterprise in 60 Minutes!

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

Solve BYOD with! Workspace as a Service!

Comprehensive Enterprise Mobile Management for ios 8

WHITE PAPER Secure Enterprise Data in a BYOD World IDC OPINION IN THIS WHITE PAPER. Sponsored by: Excitor. Jason Andersson January 2013

P e r va s i ve M o bile Computing i n H e a l thcare R e q u i r e s R obust Infrastructure

Guide to Evaluating Multi-Factor Authentication Solutions

Microsoft Enterprise Mobility Suite

I D C M A R K E T S P O T L I G H T. C l o u d D e f i n itions and Opportunity

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

SOLUTION BRIEF MOBILE SECURITY. Securely Accelerate Your Mobile Business

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

Mobile App Containers: Product Or Feature?

Transformative Technology in Document Security

HARDENED MULTI-FACTOR AUTHENTICATION INCREASES ENTERPRISE PC SECURITY

The ForeScout Difference

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

I D C S P O T L I G H T. S e r vi c e T r a n s p a r e n c y: Adopting a Standard Ap p r o a c h f o r E va l u a t i n g C l o u d S e r vi c e s

I D C V E N D O R S P O T L I G H T

I D C A N A L Y S T C O N N E C T I O N

On-Demand vs. On-Premise Customer Relationship Management: A New Hybrid Emerges

SUPERVALU Successfully Leverages Tablet Technology and Identity and Access Management Infrastructure for Increased Security and Business Productivity

I D C M A R K E T S P O T L I G H T. P r i va t e a n d H yb r i d C l o u d s E n a b l e New L e ve l s o f B u s i n e s s and IT Collaboration

I D C M A R K E T S P O T L I G H T. B u i l d i n g a Cloud Practice: Reselling C l o u d S o l u t ions

Speeding Office 365 Implementation Using Identity-as-a-Service

I D C T E C H N O L O G Y S P O T L I G H T T r e n d s : Why C I Os Should Rethink E n d p o i n t D a t a P r o t e c tion in the Ag e o f

WHITEPAPER. NAPPS: A Game-Changer for Mobile Single Sign-On (SSO)

ForeScout MDM Enterprise

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

TALLAN INC. MDM STRATEGY GUIDE 4/10/2014 WE BUILD SOFTWARE THAT HELPS OUR CLIENTS GROW DOCUMENT CREATED BY: Matt Kruczek Mobile Practice Lead

BEST PRACTICES IN BYOD

Key Requirements of Enterprise Mobility Management Solutions

Total Enterprise Mobility

Brief History of Enterprise Mobility. Existing Stuff

I D C T E C H N O L O G Y S P O T L I G H T. T h e I d e n t i t y I m p e r a t i ve i n t h e C l o u d

If you can't beat them - secure them

Strong Authentication. Securing Identities and Enabling Business

Security Challenges. in Moving to Externalized Datacenters. (Focusing on SaaS) Eran Birk, Spring Business. Intelligence

CHOOSING AN MDM PLATFORM

Securing Mobile App Data - Comparing Containers and App Wrappers

I D C V E N D O R S P O T L I G H T

F i g u r e 1. Worldwide Business Use of Smartphones

I D C M A R K E T S P O T L I G H T

W H I T E P A P E R E m b r a c i n g C o n s u m e r i z a t i o n w i t h C o n f i d e n c e

Enterprise Mobility: Promise and Pitfalls

"Secure insight, anytime, anywhere."

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Aragon Research RESEARCH NOTE. Workplace Service. Mobile Security in a BYOD World

IT Resource Management & Mobile Data Protection vs. User Empowerment

I D C A N A L Y S T C O N N E C T I O N

Enterprise Mobility Security Solution. Date: 20 th November 2014 Presented By: Ng Yaw Choo Product Management Security & End User Computing

The Cloud, Mobile and BYOD Security Opportunity with SurePassID

Introducing AirWatch by VMware: Enterprise Mobility Simplified. Menny Tsarfaty EUC Business Specialist MEDI

Choosing an MDM Platform

Microsoft Enterprise Mobility Suite

I D C A N A L Y S T C O N N E C T I O N. T h e C r i t i cal Role of I/O in Public Cloud S e r vi c e P r o vi d e r E n vi r o n m e n t s

Samsung KNOX: An Overview for Business Customers

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

WHITE PAPER THE 7 KEY FACTORS IN CHOOSING A MOBILE DEVICE MANAGEMENT SOLUTION

I D C V E N D O R S P O T L I G H T. S e c u r i n g Cloud and Mobile W h i le Keeping E m p l o ye e s H a ppy

A CIO s Guide To Mobility Management

CompTIA Security+ Certification SY0-301

U s i n g S D N - and NFV-based Servi c e s to M a x i m iz e C SP Reve n u e s a n d I n c r e ase

Ensuring the security of your mobile business intelligence

Building Secure Mobile Applications Using MaaS360 SDK and IBM Worklight

White Paper. The Value Add of Citrix Enterprise Mobility Management over App Configuration for the Enterprise. citrix.com

I D C V E N D O R S P O T L I G H T

nexus Hybrid Access Gateway

BYOD & Virtualization: Managing Mobile

PULSE APPCONNECT. A Micro VPN That Allows Specific Applications on Mobile Devices to Independently Leverage the Connect Secure Gateway.

Transcription:

I D C T E C H N O L O G Y S P O T L I G H T H ow M o b i le Au thentication C a n B o o s t P r o d u c t i vi t y f o r M o b i le Ap p l i c a t i o n s December 2013 Adapted from Worldwide Mobile Enterprise Security Software 2013 2017 Forecast and Analysis by Charles Kolodgy, Sally Hudson, and Ben Hoffman, IDC #240014 Sponsored by AirWatch The mobile landscape is rapidly changing, making the decision process around everything mobility-related extremely challenging. Besides the obvious need to address costs through various mobility strategies, IT teams also must closely examine the impact on employee productivity and satisfaction, whether there is the necessary bandwidth to implement these strategies, and whether it will be feasible to integrate any new implementations with the enterprise's existing back-end infrastructure. Perhaps of greatest significance is effectively implementing a BYOD strategy for company employees. Questions will abound as to whether a BYOD strategy will truly create cost savings for the enterprise and whether it will create security gaps because it enables employees to carry corporate data outside the confines of the office. Currently, there are many different flavors for addressing enterprise concerns around security. For BYOD devices, the conversation has expanded from securing and managing the device to an increased concern around the data that resides on it. One piece of this puzzle that is gaining more traction within the enterprise is mobile authentication, which addresses many of these security concerns. This Technology Spotlight examines the current trends around mobile authentication and discusses how AirWatch is working to address the challenges of user authentication in the mobile ecosystem. Challenges of Mobile Apps in the Enterprise Ecosystem It is no surprise that mobile apps are more important than ever for enterprise employees. As the number of employees who work remotely has increased, so has the need to be able to use applications for business purposes when outside the office. Certainly, the BYOD paradigm has exacerbated this need by enabling more employees to engage in work-related activities on their own devices. At the same time, it has presented a sizable set of challenges for enterprise IT teams with respect to which applications are accessible for business use and what method the organization needs to take to secure approved apps. These challenges are as follows: Which app type? Enterprises need to consider that they may very likely have a mix of native, hybrid, HTML5, Web, SaaS, or other flavored app. Often, different security approaches are needed for these different app types. Indeed, this is a key factor in creating an advanced approach around authentication. Integration with the back end? Integration with back-end policy engines, security infrastructure, and app servers is a key consideration for enterprises because it means being able to outfit employees with existing corporate data necessary to effectively execute business processes. It also provides the enterprise with critical employee insights into productivity and work processes. What policies to set? Before rolling out a BYOD and mobile authentication strategy, enterprises need to establish smart policies around mobile app access and utilization. IDC 1619

How much security is necessary? While there is no doubt that ensuring a secure mobile experience is a top priority for the vast majority of enterprises, each enterprise has different needs around security levels and policies. For example, different groups and users within an organization will often have different needs around mobile app utilization and may therefore require different levels of app authentication. Is everything being protected? While the topic at hand primarily concerns device-, app-, and data-level security, it is also important to note the significance of mobile browser-based security to prevent malicious Web applications. Further, there may be cases where data from one application may need to flow into another application, so this flow of information must remain secure. What standard should be followed? The market offers many SDK and application wrapper technologies, and enterprises are frustrated by the inability to follow one standard security method across applications. They are seeking a consistent approach, but finding one can be a challenge. Ultimately, mobile authentication can be used as a method for addressing the specifics around each of these different challenges because it offers versatility and varying degrees of complexity depending on the enterprise's needs. As described, authentication needs will vary by group and user, business function, vertical or industry, app type, and level of back-end integration. Enterprises need to take the time to consider all of these challenges and decide the best set of strategies to tackle them. Another consideration is how mobility creates the need to move from broad device-based authentication to more granular app-based authentication. Traditional forms of authorization are issued based on identifying the user, which is not enough in the mobile era. To be securely authenticated, the apps must be managed by a mobile enterprise management (MEM) system. Further, the MEM system must have integrations built with the app provider, meaning it should issue a unique management ID for the application so that requests for applications can be uniquely identified and not spoofed. What Is Mobile Authentication? Mobile authentication is included in the context of IDC's definition of mobile identity and access management (MIAM), which is as follows: MIAM solutions provide authentication and authorization technologies (such as PKI certificates, SSL certificates, and password management) for transactions conducted from mobile devices and that support network access for mobile devices. Single sign-on (SSO) and provisioning of mobile devices are included. Mobile authentication is important because it is used as a means to prevent data breaches, which can result in millions or even billions of lost revenue, not to mention media embarrassment, legal headaches, and competitive disadvantage. There are a number of different types of mobile authentication, such as single-factor and multifactor authentication. Single-factor authentication, as one might expect, requires only one form, or layer, of authentication for access, whereas multifactor requires two or more forms, or layers. Beyond these approaches, there are a number of methods by which authentication can be enabled on a mobile device. These include: Passwords. Passwords are the most universal form of mobile authentication. Passwords can vary immensely in effectiveness depending on the number and type of characters used. Nontext passwords. Nontext passwords are an alternative to traditional text-based passwords. They can involve swiping a pattern on a screen, tapping an arrangement of symbols, and so on. 2 2013 IDC

Digital certificates. Digital certificates are provided through a public key infrastructure (PKI) request, which issues, distributes, and revokes certificates for access control and network authentication. With a digital certificate, data can be encrypted using a public key and unencrypted using a private key. Hardware tokens. Hardware tokens are small physical devices that generate unique passwords for single-time use. The token is often available for only a very short period of time (along the lines of a minute) and can be used as part of a multifactor authentication scheme involving a traditional password as a more robust means of preventing crackers and/or keyloggers. Biometrics. Biometrics is a form of multifactor authentication that traditionally combines either a password or a hardware token with some form of physical authentication, such as an iris scan, fingerprint scan, voiceprint, or handwriting sample. Proximity. Proximity-based authentication is a newer form of mobile authentication that enables or disables a user's ability to access a device based on the physical position of that user to the "approved" area. Also worth mentioning is single sign-on, a method of access control where the user needs to input a form of authentication only once to enable access to that user's entire host of approved systems, mobile applications, and data. Common configurations for SSO include those that are Kerberos based, SAML based, and smart card based. Why Are Enterprises Considering the Need for Mobile Authentication? Today, mobile security within the enterprise is absolutely critical. The constant, looming concern over privacy, data loss protection, data integrity, and mobile app and data accessibility can be incredibly stressful for a business and can hinder business processes. Implementing a centralized mobile authentication strategy can provide a more secure approach for accessing mobile applications and data, accessing the network, and integrating with back-end infrastructure. These capabilities, in turn, create benefits, including: Greater productivity for employees. Because employees can now securely access their approved apps, whether personal or business, they can be more productive when working on their mobile devices. Secure integration for employees and business. A secure integration with an enterprise's existing back-end infrastructure via mobile authentication helps employees stay productive by providing key data, contacts, and company processes they otherwise would not be able to securely have access to. Further, integration with the back end allows the business to capture valuable data and insights into employee activity and productivity. A secure integration also facilitates streamlined work processes, meaning employees can receive enterprise information directly on their smartphone or tablet without having to physically be in the office. Mobile applications that store sensitive company data. Most mobile applications are native and store sensitive company information, which must be secured and managed. IAM systems provide access control and authorization but fail to ensure that applications accessing these systems are actually being managed by the company. Management ensures applications can be protected and wiped from the mobile device based on policy guidelines. Secure access to on-premise and cloud apps/services. Because not all apps are internal, enterprises must consider a means of enabling secure access to apps available through the cloud. Mobile authentication enables this type of broad-reaching and secure access. 2013 IDC 3

Intuitive, easy to use, and low impact on employees. Employing SSO mobile authentication reduces the pain for employees. It means they have to enter their credentials only once to have full access to all their mobile apps and helps maintain productivity. Better reputation and trust among customers. Being able to combat privacy concerns and maintain data integrity builds trust among an enterprise's customer base. It is a sign that the enterprise can keep the customer's data secure and signals that the enterprise understands the importance of mobile security. In terms of authentication, a lackluster experience can quickly create doubts with potential customers because this piece of the security puzzle is sometimes a customer's first exposure and interaction with the enterprise. Advantage over competitors. Customers that view a company as particularly savvy from the standpoint of maintaining data integrity and preventing loss of critical information already have a leg up on their competition. Takes mobile app security to the next level. Combined with a MEM solution, mobile authentication can verify that the application is approved to access enterprise data while ensuring the enterprise can effectively manage the application and take action when the application is not compliant. Considering AirWatch for Mobile Authentication AirWatch was founded in 2003 with the mission of enabling companies to focus on the power of mobile technology rather than the challenges of managing it. AirWatch has been one of the fastestgrowing companies in the MEM space. Since its inception, the company has developed its portfolio well beyond mobile device management (MDM), the area in which the company established a reputable and recognizable brand. The company now offers a comprehensive portfolio of solutions that includes MAM, MCM, mobile email management, secure mobile browser, and mobile authentication. Single Sign-On A key feature of AirWatch's mobile authentication offerings is their ability for SSO. AirWatch enables the SSO experience for mobile applications through its MDM offerings and MAM APIs. Most operating systems provide an OS-level SSO engine to centrally and securely store the identity of the corporate user and authenticate to remote services. These SSO features require that MDM be enabled and configured on the device before an organization can take advantage of such features. Once MDM is enabled, a streamlined autoauthentication experience is created across the work container on the device and can work across built-in applications, native third-party apps, and Web apps without interfering with the personal side of the device. AirWatch's MAM capabilities allow organizations to easily build or enable existing applications to leverage SSO capabilities by using application development tools and wrapping technologies that integrate with existing IAM tools. The company's tools allow organizations to leverage SSO with various authentication methods, including NTLM, Basic Auth, Kerberos, SAML, and certificates. The company's mobile authentication tools include a number of other notable SSO features, such as customizable passcode settings to meet the specific security regulations and compliance protocols in the enterprise. AirWatch's integrated authentication incorporates a two-factor authentication approach. When leveraging digital certificates for SSO authentication, AirWatch provides an integrated life-cycle management capability to issue, automatically renew, and revoke digital certificates across users and mobile devices. 4 2013 IDC

Enterprise Connectivity and App Tunneling Options Another key consideration with SSO is for applications to have connectivity to back-end application servers hosting enterprise data. The flagship solution is AirWatch's Mobile Access Gateway, a tool to connect mobile apps and internal corporate systems via a dedicated per-app VPN. The Mobile Access Gateway keeps a connection with AirWatch EMM to provide a checkpoint for compliance policies and device configurations as additional authorization requests come in. AirWatch also enables mobile app integration with existing VPN infrastructure by leveraging SDKs and standard protocols for connectivity. Cloud Services Integration Because not all apps are internal, and many are managed by third parties via the cloud, it is important to be able to authenticate these types of apps as well. The AirWatch solution facilitates the authentication of apps such as Office 365, Salesforce, and Workday by tying the app into the back end to connect it with the company's IAM policies. AirWatch's solution can also tie apps into the organization's back-end PKI system to get certificates/oauth tokens. This process is enabled by using MEM integration through APIs. Open Enterprise App Management Program The Open Enterprise App Management (OEAM) program was built around the mission to provide a standard for creating enterprise-ready, third-party mobile apps by enabling developers to build a single app that is appropriate and usable from both a consumer standpoint and an enterprise standpoint. This helps reduce time and resources spent on creating an enterprise-appropriate app. Further, app developers have the ability to set their own standard for representing custom configurations, meaning they can conform to a set of policies and configurations that they are comfortable with. OEAM utilizes all standard mobile OS frameworks and functionalities, providing a familiar development approach. It also includes a mobile app reputation service to approve apps that have been developed for enterprise use and allows the organization to assess the security of mobile apps before any potential attacks or corruptions can occur. Challenges AirWatch faces a few key challenges. First, it is operating in a rather crowded space. Other security companies offer back-end authentication infrastructure and cloud identity services. Competitors sometimes focus more exclusively on mobile authentication and therefore may have greater brand recognition when viewed strictly through a mobile authentication lens. Another challenge is accommodating for end-user privacy, a piece of the puzzle that is often hazy or, worse, not even considered. For example, the "BYOX" policy that was implemented as a result of employee behavior may become highly unpopular for this same group of employees because the corporation's breaching of its employees' private data without consent. For AirWatch specifically, messaging around specific features that respect end-user privacy will build greater reputability and competitive differentiation for the company. 2013 IDC 5

Another key challenge for AirWatch is being able to meet the needs of specific industries and verticals. While the ability to address the broader needs of the enterprise market is important, certain industries and verticals have grown accustomed to offerings that are tailored to their specific needs. For instance, regulated industries, such as healthcare and financial services, have a unique set of security standards and compliance protocols that must be adhered to. AirWatch can make further inroads here by partnering with industry and vertical-specific ISVs. Conclusion Today, mobile security within the enterprise is absolutely critical. The constant, looming concern over privacy, data loss protection, data integrity, and mobile app and data accessibility can be incredibly stressful for a business and can hinder or severely alter business processes. Currently, there are many different approaches to addressing enterprise concerns around security. For BYOD devices, the conversation has shifted from securing and managing the device to an increased concern around the data that resides on it. Mobile authentication addresses many of these concerns. Mobile authentication is important because it is used as a means to prevent data breaches, which can result in millions, or even billions, in lost revenue, not to mention media embarrassment, legal problems, and competitive disadvantage. Implementing a mobile authentication solution can provide enterprises with a more secure approach for accessing mobile applications and data, accessing the network, and integrating with back-end infrastructure. These capabilities, in turn, offer benefits such as greater productivity for employees, secure access to on-premise and cloud applications, and competitive advantage. IAM systems provide access control and authorization but fail to ensure that applications accessing these systems are actually being managed by the company. To be securely authenticated, the apps must be managed by a MEM system. AirWatch offers a comprehensive portfolio of solutions that includes MAM, MCM, mobile email management, secure mobile browser, and mobile authentication. To the extent that AirWatch can address the challenges described in this paper, IDC believes the company is well positioned for success in this market. A B O U T T H I S P U B L I C A T I ON This publication was produced by IDC Custom Solutions. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Custom Solutions makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee. C O P Y R I G H T A N D R E S T R I C T I O N S Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the Custom Solutions information line at 508-988-7610 or gms@idc.com. Translation and/or localization of this document requires an additional license from IDC. For more information on IDC, visit www.idc.com. For more information on IDC Custom Solutions, visit www.idc.com/gms. Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com 6 2013 IDC

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information