Access Management In A Cloudy, Mobile World

Access Management In A Cloudy, Mobile World

Lately, I’ve noticed that user access management is a recurring topic of discussion with customers and partners. Two major trends transforming industries today – mobile and cloud – are acting as catalysts for a renewed focus on this critical area of security.

As mobile devices proliferate at a staggering pace, enterprises see a rich new channel through which to reach customers. Enterprises are also realizing that a much larger set of employees want to use mobile devices – which can enhance individual productivity as well as generate business value.

We’re in the BYOD era, where secure access to enterprise resources is key for all mobile deployments. Secure mobile access has some unique requirements:

  1. Since mobile devices are shared more often it’s important to authenticate both the user and the device before granting access.
  2. To mitigate the threat of man-in-the-middle attacks, emphasis must be placed on strong session management capabilities.
  3. The risk of granting access to the user based on their context (time, network, location, device characteristics, role etc) needs to be determined so appropriate counter measures can be taken. This risk calculation can help select the appropriate authentication scheme(s), identify corresponding authorization policies to enforce, and provide the user with information on security best practices. Additionally, threat protection from access requests needs to identified and countered to protect against mobile-borne attacks.

In the past few years, organizations have had growing economic incentives to source their technology services from cloud based providers – from software, to platforms, to infrastructure.

Cloud deployments help organizations improve time to value for delivering new services or content, while also avoiding capital expenses. As an organization employs cloud-based solutions, or launches its own cloud offerings, secure access needs to be a top security consideration.

To improve user experience, a robust single sign-on solution that enables secure federation of identities across domains becomes critical. Some organizations are beginning to employ third-party identity providers (i.e. Google, Facebook, LinkedIn) to authenticate the user. However, first consider if the identity provider has been compromised.

A cloud access management solution needs be able to assess the risk of a specific access attempt based on security events related to the user. In cloud environments a flexible policy management and enforcement infrastructure (for authorizing access) grows in significance in order to adapt to dynamic interactions with cloud services for cost management and compliance.

Over a year ago, IBM leadership began a concentrated effort to address these new requirements in the IBM Security Access Manager (ISAM) solution for cloud and mobile, which now enables context-aware access control to help organizations assess the risk of each interaction and adapt accordingly.

The risk of an interaction may motivate the use of different forms of authentication schemes or provide the user with differentiated authorization to data or services. To compute the risk the user’s device and the application can be taken into consideration. Expect to hear more about the needs of a mobile enterprise with cloud ambitions in 2013!

By Vijay Dheap, Product Manager and Master Inventor, IBM Security Systems

Vijay currently leads Mobile Security Solutions for IBM.  He started off his career as a researcher in the field of Pervasive Computing, and then evolved his technical expertise as a developer on IBM’s mobile portal product.  He transitioned to an analyst role gaining experience formulating IBM’s technical and business strategy for emerging technologies such as Web 2.0, Big Data and Mobile as a member of IBM’s Emerging Technologies Team.  He joined IBM’s newly formed Security Division as a Product/Solution Manager.  He has significant international experience having led several customer engagements on four continents.  Vijay earned his Master’s in Computer Engineering from University of Waterloo, Canada and his International MBA from Duke Fuqua School of Business.

About CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as offer green/cleantech learning and consultive services around the world.

Our vision is to create awareness and to help find innovative ways to connect our planet in a positive eco-friendly manner.

In the meantime, you may connect with CloudTweaks by following and sharing our resources.

View All Articles

Sorry, comments are closed for this post.

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises: It’s About More Than Just Dollars

Cloud-Based Services vs. On-Premises The surface costs might give you pause, but the cost of diminishing your differentiators is far greater. Will a shift to the cloud save you money? Potential savings are historically the main business driver cited when companies move to the cloud, but it shouldn’t be viewed as a cost-saving exercise. There…

The Cancer Moonshot: Collaboration Is Key

The Cancer Moonshot: Collaboration Is Key

Cancer Moonshot In his final State of the Union address in January 2016, President Obama announced a new American “moonshot” effort: finding a cure for cancer. The term “moonshot” comes from one of America’s greatest achievements, the moon landing. If the scientific community can achieve that kind of feat, then surely it can rally around…

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) attacks that made popular Internet properties like Twitter, SoundCloud, Spotify and Box inaccessible to many users in the US. The DDoS attack happened in three waves targeting DNS service provider Dyn, resulting in a total of about…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

7 Common Cloud Security Missteps

7 Common Cloud Security Missteps

Cloud Security Missteps Cloud computing remains shrouded in mystery for the average American. The most common sentiment is, “It’s not secure.” Few realize how many cloud applications they access every day: Facebook, Gmail, Uber, Evernote, Venmo, and the list goes on and on… People flock to cloud services for convenient solutions to everyday tasks. They…

Using Private Cloud Architecture For Multi-Tier Applications

Using Private Cloud Architecture For Multi-Tier Applications

Cloud Architecture These days, Multi-Tier Applications are the norm. From SharePoint’s front-end/back-end configuration, to LAMP-based websites using multiple servers to handle different functions, a multitude of apps require public and private-facing components to work in tandem. Placing these apps in entirely public-facing platforms and networks simplifies the process, but at the cost of security vulnerabilities. Locating everything…

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Three Challenges of Network Deployment in Hyperconverged Infrastructure for Private Cloud

Hyperconverged Infrastructure In this article, we’ll explore three challenges that are associated with network deployment in a hyperconverged private cloud environment, and then we’ll consider several methods to overcome those challenges. The Main Challenge: Bring Your Own (Physical) Network Some of the main challenges of deploying a hyperconverged infrastructure software solution in a data center are the diverse physical…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…