SecureAuth homes in on BYOD management and mobile app access



Similar documents
An Overview of Samsung KNOX Active Directory and Group Policy Features

The increasing popularity of mobile devices is rapidly changing how and where we

Symantec Mobile Management for Configuration Manager 7.2

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Symantec Mobile Management 7.2

STRONGER AUTHENTICATION for CA SiteMinder

How to Get to Single Sign-On

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Google Identity Services for work

Sophos Mobile Control Technical guide

Identity. Provide. ...to Office 365 & Beyond

SECUREAUTH IDP AND OFFICE 365

Symantec Mobile Management Suite

Moving Beyond User Names & Passwords

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

ADDING STRONGER AUTHENTICATION for VPN Access Control

Advanced Configuration Steps

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Direct Control for Mobile & Supporting Mac OS X in Windows Environments

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

Mobile Security. Policies, Standards, Frameworks, Guidelines

The Centrify Vision: Unified Access Management

Securing Office 365 with MobileIron

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Connecting Users with Identity as a Service

Mobile Security and Management Opportunities for Telcos and Service Providers

Speeding Office 365 Implementation Using Identity-as-a-Service

TrustedX - PKI Authentication. Whitepaper

Ben Hall Technical Pre-Sales Manager

Moving Beyond User Names & Passwords Okta Inc. info@okta.com

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

Dell World Software User Forum 2013

Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Symantec Mobile Security

Okta Mobility Management

Symantec Mobile Management 7.1

When enterprise mobility strategies are discussed, security is usually one of the first topics

How To Manage A Plethora Of Identities In A Cloud System (Saas)

PULSE SECURE FOR GOOGLE ANDROID

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

The ForeScout Difference

The Use of the Simple Certificate Enrollment Protocol (SCEP) and Untrusted Devices

Mobile App Containers: Product Or Feature?

Symantec Mobile Management 7.1

Guide to Evaluating Multi-Factor Authentication Solutions

White Paper. McAfee Cloud Single Sign On Reviewer s Guide

A Standards-based Mobile Application IdM Architecture

Feature List for Kaspersky Security for Mobile

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

ForeScout MDM Enterprise

Enterprise Mobility Services

Nubo Software's UX over IP brings network efficiency to virtual mobile infrastructure

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

nexus Hybrid Access Gateway

Cloud User and Access Management

Workday Mobile Security FAQ

Flyer 1. Meet evolving enterprise mobility challenges with Samsung KNOX

Infrastructure Deployment for Mobile Device Management with Microsoft System Center Configuration Manager and Windows Intune

Addressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA

Athena Mobile Device Management from Symantec

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Pick Your Identity Bridge

Flexible Identity Federation

The top five enterprise mobility management vendors: product focus and financials

Executive s Guide to Cloud Access Security Brokers

IBM United States Software Announcement , dated February 3, 2015

Apps. Devices. Users. Data. Deploying and managing applications across platforms is difficult.

Microsoft Windows Intune: Cloud-based solution

Enable Your Applications for CAC and PIV Smart Cards

IT Self Service and BYOD Markku A Suistola

Centrify Mobile Authentication Services for Samsung KNOX

Mobile Device Management and Security Glossary

Copyright 2013, 3CX Ltd.

expanding web single sign-on to cloud and mobile environments agility made possible

White paper Contents

Authentication Solutions VERSATILE AND INNOVATIVE AUTHENTICATION SOLUTIONS TO SECURE AND ENABLE YOUR BUSINESS

WHITEPAPER. 13 Questions You Must Ask When Integrating Office 365 With Active Directory

Ensuring the security of your mobile business intelligence

Smart Givaudan. From BYOD experience to new mobile opportunities

Integrating Single Sign-on Across the Cloud By David Strom

Secure Access Control for Mobile, Cloud, and Web Apps

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Two-Factor Authentication

The Maximum Security Marriage:

RFI Template for Enterprise MDM Solutions

Transcription:

SecureAuth homes in on BYOD management and mobile app access Analyst: Steve Coplan 16 Apr, 2012 Securing access to enterprise applications from smartphones and mobile tablets has percolated to the top of the average CISO's to-do list. And, with the new class of tablets (whether Android or Apple ios devices), it's become apparent that managing the device is only part of the story. The challenge is as much bringing the devices under enterprise management as it is contending with the topology created by a set of vectors including SaaS application adoption and the shifting composition of the user population. As we outlined in a recent spotlight, with the advent of shared endpoints, shared Internet use and multiple cloud and hosting services, the enterprise is becoming more of an idea rather than a concrete entity a verb rather than a noun. For the moment, the response by enterprises to the BYOD wave has largely been tactical even as larger vendors make investments through acquisitions to eventually address the trend strategically. Enterprises have looked to enroll employee devices within existing management frameworks, contending with certificate management challenges, as well as providing a dedicated mobile access portal or app that isolates session with enterprise resources. Authentication in these scenarios is directed against an enterprise store, so that a set of internal credentials can be used for sessions initiated from a mobile device. A longtime player in the integrated authentication, federated identity and SSO market, SecureAuth like its peers views the disruption to traditional topologies as an opportunity to introduce a new access management model. SecureAuth is, however, one of the few vendors in the space that combines authentication mapping with native certificate management, allowing it to deal with both certificate management and securing access to what is sure to be the most prevalent use case for mobile tablets: Microsoft Exchange email. Still small but growing at a rapid clip, mobile access management for cloud-based applications could set SecureAuth on a steeper trajectory. Copyright 2013 - The 451 Group 1

The 451 Take We have seen the view that mobile is not simply an incremental management and security use case, but a fundamental shift in enterprise IT, swiftly take hold. The BYOD wave certainly strains the limits of mobile device management, and quickly shifts the focus to securing the user and the application. But as IT managers struggle to come to terms to with it, will they take a tactical path to incorporate mobile device access, wait for incumbents to assimilate their acquisitions or revisit their access management assumptions in tandem with SaaS adoption? SecureAuth needs to be able to play all these angles to make the most of the opportunity. Context SecureAuth IdP is deployed as an appliance that effectively acts as a front end for the enterprise directory and validates both user credentials and software tokens against a directory entry in an encrypted three-step process. Rather than use cookies or an embedded agent to serve as the mechanism for software-based authentication, SecureAuth uses managed code based on client-side SSL encryption, which also serves to limit the man-in-the-middle attacks on the end-user side, and limit phishing of user credentials from the server side. The enrollment is user-initiated, based on a one-time activation with no administrative privileges required for registration of the client. SecureAuth describes its architecture as a 'funnel' that takes in a range of authentication inputs whether it's a SAML assertion, an OAUTH token, a Kerberos ticket associated with a set of Active Directory credentials or a RADIUS login and then maps that authentication artifact to a set of application authorizations. While a not-insubstantial proportion of its business is generated with straightforward replacement of hardware tokens used for well-established use cases like remote access through SSL VPNs based on cost and administrative overhead, taking the next step toward SaaS access management is increasingly featuring as a driver for technology acquisition. Typically, organizations are looking to manage access to Saas applications as well as propagate identities and synchronize policies across third-party services based on internal logic. We have described this as an 'enterprise out' approach. The question that mobile raises is how to bring mobile devices that are not resident on the network, or directly associated with a specific user profile, into existing access management frameworks especially authoritative stores like Microsoft Active Directory. Technology Although mobile and mobile computing ultimately combine to undermine the assumptions that underlie existing security and management approaches (as we have outlined in a recent spotlight), this process will play out over time. Instead, enterprises are wrestling with ways to enable access from tablets and mobile devices while meeting security, access controls, visibility and compliance reporting requirements. For vendors providing authentication, federated identity and SSO, this presents an opportunity, but one that requires deeper hooks into the mobile environment to exploit. The fundamental issue that IT departments and security teams face with BYOD (bring your own device) is that they cannot stand in the way of mobile adoption both because of user preferences, and because there are obvious productivity gains for the organizations. However, mobile adoption generates two major issues: there is no direct control over the device by IT or security, and traditional enforcement of on-device data use and applications can't be readily extended to employee devices accessing corporate resources. One approach is, of course, to implement mobile device management which is certainly the direction that many Copyright 2013 - The 451 Group 3

large organizations have already moved in. But even as mobile proliferation (especially of Apple ios and Google Android devices) has lifted the fortunes of MDM vendors, and drawn in larger IT vendors like HP, IBM and Symantec, the scope is still largely around the device itself, rather than the applications or the user profile. And even as many vendors look to create self-contained execution environments to run enterprise applications, there is still the need to authenticate mobile users against an authoritative enterprise user store and associate the device with a particular user. Some enterprises have gone down the path of creating a portal specifically for access to mobile applications, which serves the purpose of segmenting out a set of applications that can be accessed from mobile devices, but can err on the side of being overly prescriptive, and still creates the need to systematically manage access requests, authorizations as well as authentication. Email is of course the most widely used productivity application and expanding accessibility generates clear productivity gains. This makes email access from mobile devices probably the most pressing issue for IT security and managers. And since Microsoft Exchange is the most prevalent email platform, that means coming to terms with Exchange Active Sync. Exchange ActiveSync (EAS) is an XML-based protocol that has been extant for several years for synchronization from a messaging server to a mobile device. The issue that enterprises immediately encounter with ActiveSync is that the protocol makes use of a Microsoft Kerberos token for authentication, and synchronization hinges off a set of Microsoft AD Group Policies. This is clearly an integration challenge for Apple ios or Google Android devices. SecureAuth had already launched a set of capabilities for supporting SSO from Apple ios and Google Android mobile devices (building on existing mobile OS support), as well as automated enrollment and management of X.509 device-side certificates. Now the company has looked to extend those capabilities to bridge ios device-side certificates with Microsoft infrastructure through its 'funnel.' In this scenario, SecureAuth serves to broker the ios profiles, and the Microsoft Kerberos tokens that govern ActiveSync. The value proposition is that enterprises can maintain a user profile on the device, while users get the benefit of access from the mobile device of their choice. The use case is significant not just because it illustrates the strengths of SecureAuth's platform. It also allows the company to position itself as a substitute for mobile device management for smartphones and mobile tablets, as well as establish a strategic footprint as enterprises migrate from Exchange to GoogleApps. SecureAuth already has partnerships in place with GoogleApps specialist systems integrator Agusto Systems for implementing access management to the set of SaaS applications. With the ActiveSync capability in place, SecureAuth can also facilitate the migration from Exchange to GoogleApps, and maintain the user experience even as it expands coverage to BYOD devices. However, the market is a hotly contested one, and functionality is only one element in the equation. Competition SecureAuth's competitive landscape can be segmented into the new breed of authentication vendors (especially those integrating SSO and authentication), incumbent authentication vendors it is looking to replace hardware tokens for use cases like remote access, and players in the identity-in-the-cloud arena looking toward SaaS access management. To that list we would add companies making a move to subsume some mobile device management functionality where we have already seen incumbent players like IBM, Symantec and SAP make their moves. SecureAuth would not necessarily compete with out-of-bound authentication providers like PhoneFactor or SMS PASSCODE, and in fact would argue that its platform is designed to integrate with third-party authentication methods. However, the company would consider hardware tokens from EMC security division RSA to be a primary replacement target. Symantec has certainly made its strategic goals explicit in the mobile security realm with the recent acquisitions of Odyssey Software and Nukona. For Symantec, the strategic goal is to bring together device management (which was bolstered by the Odyssey acquisition), mobile anti-malware, application management (where Nukona fits in) and management of Web-based mobile apps. Also, where the opportunity is replacement of hardware tokens in the first instance, we would frame CA Technologies' CloudMinder and Symantec's VIP service as significant players (Symantec's O3 initiative and Copyright 2013 - The 451 Group 4

parallel mobile acquisitions could point to the vendor becoming a significant presence in mobile access management). Both vendors have seen significant growth over the past 12 months. We would certainly position Intel-McAfee's Cloud SSO service that integrates on-demand one-time password authentication, federation and SSO to SaaS applications. Equally, we see Okta, and Ping Identity with its newly launched CloudDesktop portal capabilities, as significant competitors for SaaS access management. SecureAuth argues that it encounters Okta and its platform-native authentication options including a branded mobile endpoint soft token mostly in smaller accounts. Okta counters that it sees SecureAuth in prospects where the primary requirement is replacement of hardware tokens. Ping, on the other hand, has only recently made its presence felt in the market, but does have a strong brand and integrated mobile and OAuth services. In the area of mobile certificate management, we have already seen Centrify weigh in with its DirectControl for Mobile. DirectControl for Mobile is designed to authenticate, control and manage smartphones and tablets (principally Apple ios, Google Android) through a set of Microsoft Active Directory extensions. Joining the devices to internal policies through authentication to Microsoft AD allows organizations through AD Group Policy and AD Users and Computers policies to centrally define which devices are assigned to a user, the properties of each device, which corporate applications can run on mobile devices, and how those devices can access corporate networks and resources, and remotely lock and wipe mobile devices. The distinction here is the point of departure. Centrify is still primarily a management company, rather than an identity management player. But as Centrify moves into SaaS access management, more direct competition could ensue. We also see mobile device management vendors coming at the market requirement in conjunction with partners for credential management, specifically Echoworx in order to associate a device with a digital certificate, and manage certificates within their framework. However, SecureAuth has long been able to demonstrate how its platform overcomes the limitations of PKI infrastructure. Microsoft security software specialist Certified Security Solutions has also launched a product to enroll ios devices and centrally manage device-side certificates. SWOT Analysis Strengths Weaknesses SecureAuth has a specific value proposition for a mobile application use case that is large and prevalent and one that builds on its platform's strengths. The company is still fighting a perception problem as an authentication specialist. Opportunities Threats Mobile is both a tactical sales opportunity and a strategic play. Still, the transformation of an identity from within the four walls of an enterprise to a portable, logical entity encapsulated in a trust model presents a broad and horizontal opportunity. Even as SecureAuth sees its revenue expand, the window of opportunity is being compressed by new market entrants incumbents and insurgents alike. Copyright 2013 - The 451 Group 5

Reproduced by permission of The 451 Group; 2013. This report was originally published within 451 Research s Market Insight Service. For additional information on 451 Research or to apply for trial access, go to: www.451research.com Copyright 2013 - The 451 Group 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information