“This blog will look at the complete mobile user experience and how companies can now secure every aspect of their organisation – from the physical access (locks opened with mobiles) through to work PCs (tap to log-in with your mobile), through to home and on the road (secure encryption for mobile users).”
Chris Harget, senior product marketing manager, ActivIdentity.
Mobile is everywhere. The trend of bring your own device (BYOD) is having a sweeping effect on corporate IT. But while it can save the IT department money, it often poses integration and security challenges not seen before.
Previously when an employee was issued a company device, it was typically locked down and tightly secured. As a result of the BYOD trend, IT departments can no longer do that, and have to learn to integrate, regulate and secure a wide variety of devices that they do not own, and cannot fully control.
Employees now behave more like consumers, adding personal applications from a variety of online sources — not all of them trustworthy.
They may also allow others (particularly their children) to use apps on their personal mobile device.
How then are organisations able to develop and enforce effective security policies to keep their networks and data secure in this new world?
The range of mobile security solutions now on offer to organisations is vast but alas patchy and quickly evolving.
The process of choosing a solution can pose a problem for many organisations.
Everyone wants technology that is secure, affordable, user-friendly, scalable, adaptable, easy to implement and simple to manage on a diverse range of devices. It’s a tall order.
Fortunately, there are several emerging technologies that could make things easier for IT departments.
For BYOD, many experts believe the most practical way to secure corporate data on a personal device is to create a ‘sand box’ area on that device, in which the corporation controls the security policy.
Recently ActivIdentity and Good Technology announced a partnership coupling strong authentication with mobile application suites used by government and business. This could work for almost any iOS or Android device a user might bring into the office.
Also of interest are developments to allow diverse mobile devices to take on the role of one-time-password (OTP) tokens, facilities access cards, smart cards or contactless cards used for rapid Windows login.
In such scenarios as a user you could ‘tap’ your phone to an iClass contactless reader to securely access your corporate PC or network.
The mobile device could be a second factor for strong authentication.
When working remotely, the mobile device could receive an access verification code via SMS, voice call or an app that works with regular passwords for more secure access to VPNs, cloud applications, or other mobile applications.
The potential upside is that users are typically more disciplined about carrying their mobile device than an OTP token, an ID badge, or a brass key to the building.
By consolidating smarter software onto mobile devices, an organisation can potentially save money, enhance user satisfaction and security policy adherence, and even be a bit greener.