MOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK

Similar documents
EXTENDING SINGLE SIGN-ON TO AMAZON WEB SERVICES BEST PRACTICES FOR IDENTITY FEDERATION IN AWS E-BOOK

THE SECURITY LEADER S GUIDE TO SSO

PSD2 & OPEN BANKING Transform Challenge into Opportunity with Identity & Access Management E-BOOK

FIVE REASONS IT S TIME FOR FEDERATED SINGLE SIGN-ON

Five Reasons It s Time For Secure Single Sign-On

Best Practices for Augmenting IDaaS in a Cloud IAM Architecture PAM DINGLE, PING IDENTITY OFFICE OF THE CTO

OPENID CONNECT 101 WHITE PAPER

THE ESSENTIAL OAUTH PRIMER: UNDERSTANDING OAUTH FOR SECURING CLOUD APIS

Authlogics for Azure and Office 365

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Google Identity Services for work

SSO Integration Overview

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Using Biometric Authentication to Elevate Enterprise Security

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

Streamline IT with Secure Remote Connection and Password Management

Access Management Handbook

Managing Devices and Corporate Data on ios

Secure single sign-on for cloud applications

The security challenge in a mobile world

Dissecting NIST Digital Identity Guidelines

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Integrated Access Management Solutions. Access Televentures

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

THE TRUTH ABOUT CLOUD SECURITY. It s More Secure Than You Think

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

IT professionals are grappling with

Two-Factor Authentication over Mobile: Simplifying Security and Authentication

The Device Has Left the Building

Security Solutions for Mobile Users in the Workplace

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

Enterprise Mobility Management

AirWatch Container. VMware Workspace ONE UEM

The benefits of synchronizing G Suite and Active Directory passwords

SAML-Based SSO Solution

SafeNet MobilePASS+ for Android. User Guide

MOBILIZE YOUR ENTERPRISE WITH TELERIK SOLUTIONS

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

Administering Jive Mobile Apps

Survey Guide: Businesses Should Begin Preparing for the Death of the Password

BYOD: BRING YOUR OWN DEVICE.

5 OAuth Essentials for API Access Control

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Make security part of your client systems refresh

Multi-Platform Enterprise Mobility Management. Perfectly balancing end-user and corporate needs

white paper SMS Authentication: 10 Things to Know Before You Buy

Safelayer's Adaptive Authentication: Increased security through context information

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management

BlackBerry 2FA. Datasheet. BlackBerry 2FA

Integrating Password Management with Enterprise Single Sign-On

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Cisco Collaborative Knowledge

HOW A CLOUD COMMUNICATIONS SYSTEM UNIQUELY SUPPORTS YOUR MOBILE WORKFORCE

Udemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal

Standards-based Secure Signon for Cloud and Native Mobile Agents

The Quick-Start Guide to Print Security. How to maximize your print environment and minimize security threats

Maximize your move to Microsoft in the cloud

Identity-Enabled Web Services

Overview. Premium Data Sheet. DigitalPersona. DigitalPersona s Composite Authentication transforms the way IT

Centrify for Dropbox Deployment Guide

Single Sign-On Best Practices

Yubico with Centrify for Mac - Deployment Guide

Bluetooth Lock Boxes User Guide

5 OAuth EssEntiAls for APi AccEss control layer7.com

Administrator IT Guide. Samsung Knox Configure Shared Device

WHITE PAPER. Good Mobile Intranet Technical Overview

Relativity's mobile app Guide

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Cisco Start. IT solutions designed to propel your business

Single Sign-On for PCF. User's Guide

Six steps to control the uncontrollable

Warm Up to Identity Protocol Soup

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Overview of PBI-blockchain cooperation technology

Mobility best practice. Tiered Access at Google

penelope case management software AUTHENTICATION GUIDE v4.4 and higher

Administering Jive Mobile Apps for ios and Android

IBM Security Access Manager

THE FUTURE OF COMMUNICATIONS IN FINANCIAL SERVICES

Evolution For Enterprises In A Cloud World

Improve your Defenses: Building Bulletproof Security

Exostar Identity Access Platform (SAM) User Guide September 2018

Enhanced OpenID Protocol in Identity Management

Mailbox Management with Symantec Enterprise Vault.cloud

The Password Authentication Paradigm In today s business world, security in general - and user authentication in particular - are critical components

Mozy. Administrator Guide

SAML-Based SSO Solution

Securing Today s Mobile Workforce

Identity & Access Management

White Paper Securing and protecting enterprise data on mobile devices

Solution. Imagine... a New World of Authentication.

DXC Technology and VMware: Innovation that Transforms

Brother Mobility Solutions for Business

ALCATEL-LUCENT OPENTOUCH PERSONAL CLOUD A Revolution in Communications Applications for Enterprise End Users

Transcription:

E -BOOK MOBILITY TRANSFORMING THE MOBILE DEVICE FROM A SECURITY LIABILITY INTO A BUSINESS ASSET E-BOOK MOBILITY 1

04 INTRODUCTION 06 THREE TECHNOLOGIES THAT SECURELY UNLEASH MOBILE AND BYOD TABLE OF CONTENTS 07 12 THREE TECHNOLOGY PILLARS THAT SUPPORT MOBILE AND BYOD THE CRITICAL ROLE OF STANDARDS FOR A SECURE BYOD ARCHITECTURE 14 SUMMARY

MOBILITY IS A BUSINESS E-BOOK MOBILITY 3

INTRODUCTION Using personally owned mobile devices for work is a fast-moving trend. IDC estimates that 55 percent of all phones used in business will be employee-owned by 2015, with other thought leaders stating that 81 percent of employees today use their mobile devices for work. Meeting these statistics, it s estimated that by 2017, two in three organizations will adopt a bring your own device (BYOD) policy. These above-mentioned trends are no surprise. Organizations realize that a highly mobile employee is likely to be highly productive. There s a tangible value in allowing employees to get work done during their commutes. However popular, the BYOD trend is not all roses. The inherent nature of employee-owned devices used within the workplace is a legitimate concern for IT. Where IT can implement tight control over company-owned devices, they re unable to do so with those that are employee-owned. Furthermore, employees demand ease and convenience. If they experience IT interfering with their ability to get work done, they will seek work-around options. For every functionality denied by IT, there s a shadow IT third-party application that employees can sign up for with a credit card and subsequently expense. This is why it s critical to find a way to support employee-owned devices with methods that secure organizational data and transactions and uninhibit getting work done. of employees use their movile devices for work of organizations will adopt a BYOD policy by 2017 E-BOOK MOBILITY 4

THREE TECHNOLOGIES THAT SECURELY UNLEASH MOBILE AND BYOD E-BOOK MOBILITY 5

THREE TECHNOLOGIES THAT SECURELY UNLEASH MOBILE AND BYOD To support employee-owned devices, you must secure sensitive business data accessed and stored on mobile devices while enabling employees to easily do their job. An architecture capable of supporting mobile must therefore provide: Application and data security protecting the sensitive business information accessed by and stored on mobile devices. Mobile-based Authentication User enablement ensuring that employees can perform the duties of their role when and where they wish to, fundamentally allowing them to get things done. By utilizing the following three technology pillars, you can provide application and data security as well as support user enablement. Mobile-based authentication leveraging the capabilities of smartphones to provide secure and easy sign-on. Single Sign-on SSO across web and native applications giving employees a seamless user experience for both web and native mobile applications. Application Programming Interfaces (APIs) granting access for business data only to authorized applications and users. APIs E-BOOK MOBILITY 6

THREE TECHNOLOGY PILLARS THAT SUPPORT MOBILE AND BYOD E-BOOK MOBILITY 7

THREE TECHNOLOGY PILLARS THAT SUPPORT MOBILE AND BYOD WHAT MAKES SMARTPHONES GREAT FOR AUTHENTICATION Effectively, a smartphone is a powerful portable computer that can enable robust authentication models by leveraging the following features: Connected. Mobile phones are on the network and can therefore respond to many different prompts or challenges. Computative. Modern phones have computational and storage abilities, so they can support cryptographic operations. Storage. Smartphones allow the storage of identifiers, secrets and credentials used in authentication schemes. User Interface (UI). Smartphones have a user interface that can be used to involve the owner in authentication factors when relevant, such as entering a local pin, swiping the screen or, in the future, using their fingerprint. MOBILE-BASED AUTHENTICATION There s a trend moving away from authentication schemes relying on what you know, such as a password, to what you have, such as a key fob or fingerprint. With passwords being such a major culprit in hacking schemes, what you have authentication factors are fast becoming much more relevant. Inexpensive. Compared to tokens or other authentication devices, smartphones are much more cost effective and easily remembered by their owners. USING MOBILE PHONES FOR AUTHENTICATION Different mobile-based authentication schemes leverage features in different combinations. For instance, PingID is a mobile-based authentication scheme that authenticates users by sending a challenge to an application installed on the user s previously registered device through Google Cloud Messaging for Android or Apple Push Notification Services. Upon receipt, the user simply swipes their screen to answer the challenge. Due to their features, smartphones can provide a useful what you have authentication factor. They can be used for second-factor authentication, or can replace what you know factors (passwords) completely as a single-factor authentication device. Utilizing a smartphone for authentication is more dyanmic, cheaper and lower-mainentance than FOBs. E-BOOK MOBILITY 8

THREE TECHNOLOGY PILLARS THAT SUPPORT MOBILE AND BYOD SINGLE SIGN-ON (SSO) Nothing slows down and frustrates employees more than having to call the help desk to get a password reset. With SSO, you can maximize productivity by minimizing the number of explicit credentials (passwords) needed to access applications. SSO improves security for the enterprise as well as significantly improves the productivity and overall work enjoyment of employees. So, how does this tie in to BYOD and mobile phones? Mobile SSO enables users to sign on once to a secure SSO application on their mobile device and have instant access to all of their enterprise applications. Another reason for SSO for mobile devices is that user credentials are typically stored on the device itself. Therefore, when a device is stolen, the credentials stored on it are stolen. With 27 percent of adults experiencing a lost or stolen device, it s crucial to keep corporate credentials off of devices. With SSO and mobile-based authentication, sign-on credentials are not stored on the device, and authentication and authorization is done via standardized mechanisms (standards). (See the standards section for detailed information on their role in SSO.) When a device is stolen, the credentials stored on it are stolen. That s a problem when 27% of adults mobile devices have been lost or stolen. This can be avoided with SSO. SSO solutions, such as PingOne, provide standards-based SSO for mobile. E-BOOK MOBILITY 9

THREE TECHNOLOGY PILLARS THAT SUPPORT MOBILE AND BYOD APPLICATION PROGRAMMING INTERFACES (API) The primary way that native mobile applications gain access to corporate data is through application programming interfaces (APIs). By securing APIs, you can be confident that the user is allowed access to the application data, no matter where they are or what application or device they re using. Securing APIs using a standards-based approach is critical to scalability and development productivity. Many organizations build authentication into each mobile application, which creates significant overhead for developers and generally isn t as secure. The best practice for mobile security is to utilize the standardized OAuth 2.0 protocol, which uses access tokens on API calls. By validating the token, the API is able to determine which employee is requesting access to the native application, and then determine authorization based on that employee s access rights. (See the standards section for more information on their role in API security.) Modern access management solutions, like PingAccess and PingFederate, provide both web and API access management with both proxy- and agent-based implementation options. E-BOOK MOBILITY 10

THE CRITICAL ROLE OF STANDARDS FOR A SECURE BYOD ARCHITECTURE

THE CRITICAL ROLE OF STANDARDS FOR A SECURE BYOD ARCHITECTURE Standards are the critical role-players in mobile security (and identity security). They support mobile-based authentication, SSO from any device and any location and simple API authorization by enabling secure, encrypted authentication, authorization and access across web and mobile platforms. Support of standards brings security to any device, browser or client that is accessing information from applications. Additionally, support reduces the integration efforts between multiple organizations when sharing applications or information. Standards, such as SAML, OAuth 2.0, OpenID Connect, and standard models such as FIDO and NAPPS, have been and are independently reviewed and developed by leading security professionals to provide the strongest levels of security. All Ping Identity products and solutions are built on standards. Security Assertion Markup Language (SAML) is the standard that powers web SSO and allows businesses to safely share identity information across domains for authentication and authorization. OAuth 2.0 is the industry standard for controlling access to APIs using secure access tokens instead of usernames and passwords. OpenID Connect (Connect) is a new standard that provides a best-of-breed approach to both web SSO and API access, building on SAML and OAuth. The FIDO (Fast Identity Online) Alliance is defining an alternative mobile-based authentication model one that can leverage the emerging biometric capabilities of devices. The OpenID Foundation s Native Applications (NAPPS) working group is defining an architecture that will enable the SSO experience across native applications and, critically, for mobile web apps as well. E-BOOK MOBILITY 12

SUMMARY

SUMMARY Leading organizations are embracing the mobile and BYOD phenomenon and intelligently securing corporate data and applications while empowering their mobile employees to be more productive than ever. The pillars below have been found to be critical success factors to getting the most out of your mobile initiatives: Mobile-based authentication leveraging the capabilities of smartphones to provide secure and easy sign-on, such as provided by PingID. SSO across web and native applications giving employees a seamless user experience for both web and native mobile applications, such as provided by PingOne. Application Programming Interfaces (APIs) granting access for business data only to authorized applications and users, such as provided by PingAccess and PingFederate. Using these standards-based technology pillars, you can unlock the potential of BYOD. Visit pingidentity.com to find out more about how Ping Identity solutions can help you transform mobile into a business asset. E-BOOK MOBILITY 14 Ping Identity is the leader in Identity Defined Security for the borderless enterprise, allowing employees, customers and partners access to the applications they need. Protecting over one billion identities worldwide, the company ensures the right people access the right things, securely and seamlessly. More than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods, TIAA-CREF and Walgreens, trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com. Copyright 2016 Ping Identity Corporation. All rights reserved. Ping Identity, PingFederate, PingOne, PingAccess, PingID, their respective product marks, the Ping Identity trademark logo, and IDENTIFY are trademarks, or servicemarks of Ping Identity Corporation. All other product and service names mentioned are the trademarks of their respective companies. 7/16 3053

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback