In Part I of this blog, we talked about the benefits and risks associated with new trends in enterprise IT.Today, forward-looking organizations are already embracing BYOD, mobility and cloud. But balancing convenience with security is no easy task. Fortunately, the same vey trends are also giving birth to a new set of tools which combine terrific user experience for employees with security and peace of mind for IT.
One example of such a tool is the mobile container technology (such as FixMo SafeZone, Sencha Space and Divide). A container is a virtual environment on a mobile device that separates personal data from work-related files and applications. IT can manage the container and the applications in it but has no access to employees’ social media accounts, email or pictures. Samsung took this concept to new a new level with its KNOX Workspace product. Not only does Workspace include a managed container built into a highly secure version of the Android OS (based on Android SE developed by the NSA) but it also includes a set of tools called KNOX EMM (Enterprise Mobility Management) that enables this container to be managed by either existing enterprise infrastructure (such as the Active Directory) or through a cloud-based management system. This makes Samsung KNOX one of the most secure and employee-friendly solutions for enterprise mobility on the market today.
But problems introduced by BYOD cannot be addressed by a single device. The key result of BYOD and Consumerization of IT is a heterogeneous IT landscape. Indeed, what good is a secured device or container when the same files and applications can be accessed from another smartphone, tablet or a laptop? CIOs often have no idea what applications are used by employees, what information is shared through these applications, and what devices are accessing the network and other corporate resource. So how do CIOs get the visibility and control they need without sacrificing employee efficiency and satisfaction? The right solution needs to work across all types of devices / endpoints, operating systems and types of applications. And this is where services like Samsung KNOX EMM and Centrify User Suite really shine. They work on smartphones, tablets, laptops and desktops; support Windows, MacOS, Android, iOS; and can be used with websites, mobile web apps, hybrid apps and even native mobile apps (with support for more than 2500 applications). No matter what employees bring into the enterprise, these services can support it.
The key to services such as KNOX EMM and Centrify User Suite lies in the Identity and Access Management (IAM) module. Identity Management has been a long recognized issue on the data center side and Centrify has been successfully addressing it for many years. But rapid adoption of cloud services and employee mobility introduced a new set of challenges in Identity Management. Consider this: All of us have dozens of sets of work-related credentials. We all have logins and passwords for laptops, our proprietary enterprise apps (such as knowledge bases, internal web sites, HR tools), a long list of cloud-based application (such as Box, Dropbox, Office365, Netsuite, Concur), an email account, and on and on and on. As end users, we often reuse our credentials from one application to another – which is a real security risk, if one of these systems were breached (just ask Evernote, Adobe, LinkedIn, etc…). If these credentials fall into the wrong hands, multiple systems can be compromised since the user ID is typically your email address. And in cases when we cannot use the same set of credentials (such as when an application requires a particular format for the login name and password), we often forget which combination we used – resulting in passwords being written down (another major security no no) or frequent password resets which hamper productivity. Worse yet, since IT rarely has visibility into the use of such tools, employees often maintain their credentials after they leave the company. Can you imagine a fired employee with admin level credentials to the corporate SalesForce account?! It happens…
So how does IAM help solve this problem? IAM replaces all of these disparate credentials and ties them to a single identity in a corporate directory (be it on-prem AD or a cloud directory). Users never need to type in another set of credentials again! Meanwhile, IT can not only see which applications and devices each identity has access to, but also apply policies and grant privileges to individuals or even classes / groups of employees (by department, job function, or employee vs contractor for example). This approach not only solves the BYOD problem with mobile devices, but also addresses the data leakage problem across all types of devices and applications. IAM is a tool that helps eliminate Shadow IT. Using IAM, the CIO can enable LoBs to decide what applications and services they want to use while maintaining visibility and control needed to insure security. With a system like this, when an employee leaves the company, simple deactivation of that employee in the corporate directory results in removing secured containers, business applications and data, as well as any policies from the user’s mobile devices and revocation of his access and privileges to all corporate services and applications across alldevices and operating systems. The CIO never needs to worry about disgruntled (or simply careless) former employees with access to key corporate resources again.
Finally, an post like this would not be complete without mentioning some of the new challenges that are just over the horizon. One trend that we are watching very closely is the Internet of Things, and specifically wearable computing devices. And if you are thinking that’s not going to happen or it’s too far away – think again. Google Glass-like devices have endless use cases in industries as diverse as medicine, oil and gas, and real estate; sensor-filled clothes for mining, oil refineries; Fitbit-like devices for health insurance and military, and on and on. And these devices will present us with a new set of challenges. Many of them will not have interfaces where a login and password could be typed even if we wanted to, yet these devices will have access to a lot of highly sensitive information and will communicate it through cloud-based systems. How can we prevent data leakage in this situation? Fortunately, Centrify is already working on solutions to these problems. Stay tuned.
Yes, business environment changes more rapidly than ever and adapting to these changes is painful… but also absolutely necessary. The good news is that the tools that are available to today’s CIOs are evolving rapidly, too. These tools enable CIOs to embrace the change and continuously transform their companies to become more efficient, more agile, and yes – more secure.