Access Management In A Cloudy, Mobile World
Lately, I’ve noticed that user access management is a recurring topic of discussion with customers and partners. Two major trends transforming industries today – mobile and cloud – are acting as catalysts for a renewed focus on this critical area of security.
As mobile devices proliferate at a staggering pace, enterprises see a rich new channel through which to reach customers. Enterprises are also realizing that a much larger set of employees want to use mobile devices – which can enhance individual productivity as well as generate business value.
We’re in the BYOD era, where secure access to enterprise resources is key for all mobile deployments. Secure mobile access has some unique requirements:
- Since mobile devices are shared more often it’s important to authenticate both the user and the device before granting access.
- To mitigate the threat of man-in-the-middle attacks, emphasis must be placed on strong session management capabilities.
- The risk of granting access to the user based on their context (time, network, location, device characteristics, role etc) needs to be determined so appropriate counter measures can be taken. This risk calculation can help select the appropriate authentication scheme(s), identify corresponding authorization policies to enforce, and provide the user with information on security best practices. Additionally, threat protection from access requests needs to identified and countered to protect against mobile-borne attacks.
In the past few years, organizations have had growing economic incentives to source their technology services from cloud based providers – from software, to platforms, to infrastructure.
Cloud deployments help organizations improve time to value for delivering new services or content, while also avoiding capital expenses. As an organization employs cloud-based solutions, or launches its own cloud offerings, secure access needs to be a top security consideration.
To improve user experience, a robust single sign-on solution that enables secure federation of identities across domains becomes critical. Some organizations are beginning to employ third-party identity providers (i.e. Google, Facebook, LinkedIn) to authenticate the user. However, first consider if the identity provider has been compromised.
A cloud access management solution needs be able to assess the risk of a specific access attempt based on security events related to the user. In cloud environments a flexible policy management and enforcement infrastructure (for authorizing access) grows in significance in order to adapt to dynamic interactions with cloud services for cost management and compliance.
Over a year ago, IBM leadership began a concentrated effort to address these new requirements in the IBM Security Access Manager (ISAM) solution for cloud and mobile, which now enables context-aware access control to help organizations assess the risk of each interaction and adapt accordingly.
The risk of an interaction may motivate the use of different forms of authentication schemes or provide the user with differentiated authorization to data or services. To compute the risk the user’s device and the application can be taken into consideration. Expect to hear more about the needs of a mobile enterprise with cloud ambitions in 2013!
By Vijay Dheap, Product Manager and Master Inventor, IBM Security Systems
Vijay currently leads Mobile Security Solutions for IBM. He started off his career as a researcher in the field of Pervasive Computing, and then evolved his technical expertise as a developer on IBM’s mobile portal product. He transitioned to an analyst role gaining experience formulating IBM’s technical and business strategy for emerging technologies such as Web 2.0, Big Data and Mobile as a member of IBM’s Emerging Technologies Team. He joined IBM’s newly formed Security Division as a Product/Solution Manager. He has significant international experience having led several customer engagements on four continents. Vijay earned his Master’s in Computer Engineering from University of Waterloo, Canada and his International MBA from Duke Fuqua School of Business.