Strong authentication is just one layer in what should be a defense in depth approach. Additional risk mitigation techniques should include verification of the underlying operating system where these collaboration tools are installed on. In addition, there should be a verification of the actual applications themselves to ensure that these applications are providing the necessary security, policy management, and compliance controls as advertised.
Open ecosystems
Having flexibility around what authentication method to use or what mobile application to deploy to solve a particular use case is a major benefit and piece of mind to IA personnel and IT managers running the mobile deployment. It also provides a sense of agility in this fast-moving space where mobile deployments provide significant ROI when it comes to increased productivity. An open ecosystem should not only include a plethora of authentication providers and the ability to seamlessly migrate from one to another if the time comes, but also a variety of collaboration and productivity applications. Equally important are abstracted app-independent services that can solve various and often times specific needs for a particular enterprise.
For an open ecosystem to succeed, independent software vendors (ISV’s) need to be able to quickly jump on to a particular platform so they can take advantages of all that it offers instead of trying to figure it out themselves. This applies to things like encryption, overall security, authentication, and many other platform capabilities/offerings. The key to a broad open ecosystem is the underlying platform which should create a “If you build it they will come” phenomenon. By leveraging a robust mobile security platform, enterprises can truly crowd-source to solve their needs, whether they build something from scratch or more likely leverage a popular ISV and just have them integrate the underlying platform. As a result of leveraging an open ecosystem, with partners at every turn to help for any category of things a company might want to do, business gets further enabled by increasing productivity and user satisfaction all while reducing overall costs.
An ecosystem, where every application shares the same underlying security methodologies, enables interoperability and unified enterprise policy management, helping meet compliance needs. The ecosystem of ISV’s can focus on making user experience terrific, resulting in a happy end user community. In the past, companies were burdened with incomplete capabilities from one vendor’s offerings, or from non-integrated components sourced from multiple vendors. This was a management nightmare for IT, a laundry list of potential risks for IA and a horrible user experience.
Today, we have the luxury of open ecosystems, which give more choice, flexibility and streamlined and simplified methods to protect data. With 70% of enterprises claiming mobile support to employees will take high priority over the next 12 months, IT managers should be exploring new ways to leverage collaboration tools, strong authentication methods and open ecosystems.
The enterprise mobility industry is refocusing its attention on applications and the mobile data that resides within them. As a result, information assurance personnel in partnership with IT managers must decide how best to protect sensitive corporate data and applications regardless of device type.
- Eugene Liderman is director of public sector technology at Good Technology
