The fusion of mobile and cloud computing is spawning a productivity boon for businesses, especially for sales professionals, field personnel and remote workers. With access to corporate applications and data hosted in the cloud from smartphones and tablets, employees can work from anywhere. These benefits, however, introduce some new security and IT management challenges.
Chief among these is BYOD, which makes it difficult for IT departments to enforce security policies on private and public cloud applications accessed from personal devices that are not owned by the company. Nevertheless, there are practical ways to address this problem. One of them is using single sign-on (SSO) to deliver convenience while reducing data security risks.
The Multiple Identity Problem
One way for maintaining security in the mobile world is to keep data off the device in the first place by using mobile web apps. However, as the number of apps that users access from their devices multiply, so do the number of identities and passwords.
This complexity is driving the need for SSO to reduce the number of passwords and credentials that employees need to manage, as well as simplify access to third-party services. From an enterprise perspective, SSO decreases IT costs and administrative burdens.
By bringing access management under a common system of record like Active Directory, or a cloud directory, enterprises can tie SSO for mobile Web, SaaS and enterprise Web apps together. One way to bridge the access management divide between on-premises IT systems and mobile devices is by deploying a cloud SSO system that is integrated with backend enterprise directories and identity infrastructures.
Deploying Cloud SSO for BYOD
Here are four strategies for helping secure BYOD and mobile endpoints with SSO.
In most enterprises the BYOD horse has left the barn. IT departments are being forced to find a way to extend security policies to devices that are physically out of their control. Using identity-based security to maintain data in apps and control access to them is one of the most effective ways to protect corporate information in a mobile, BYOD world.
- Research your environment and develop a mobile plan. Start by surveying executives, sales and field personnel to learn what apps and devices each group uses. Define basic policies governing acceptable use and how company data may be accessed.
- Work to keep your data in the cloud, not on the device. Analyze and classify your apps and data and work to keep local copies off the mobile device in the first place. Be sure you have a way to perform a remote wipe of the device.
- Deploy mobile portals. Much like native app stores, mobile portals enable apps to be securely delivered to users dynamically and offer a big advantage by delivering access to company apps and data without installing native apps or storing local copies of data. Mobile portals also centrally enforce session time outs, reducing the risk of casual access or cached local credentials.
- Deploy mobile-aware cloud identity management. With identity management you can scale quickly without compromising security.
Meanwhile, cloud SSO provides a low cost and low infrastructure approach to implement access control rules and authentication, leverage internal systems like Active Directory and achieve a balance of convenience and security.