WHITEPAPER. Mobile SSO & the Rise of Mobile Authentication

Similar documents
STREAMLINING USER PROVISIONING WITHIN JIVE USING ACTIVE DIRECTORY

INTEGRATING PING IDENTITY SOLUTIONS WITH GOOGLE IDENTITY SERVICES

Executive Summary. Office 365 Adoption Accelerating Through the Roof. White paper

Office365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA

Building Online Portals for Your Customers & Partners with Okta. An Architectural Overview OKTA WHITE PAPER

TOP 20 QUESTIONS TO ASK BEFORE SELECTING AN ENTERPRISE IAM VENDOR

BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions

SECURE SSO TO OFFICE 365 & OTHER CLOUD APPLICATIONS WITH A CLOUD-BASED AUTHENTICATION SOLUTION

The Case for Cloud- Based IAM. OneLogin s Meyer on Identity and Access Management for the Modern Enterprise

UNIVERSAL IDENTITY ENFORCEMENT

Office 365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA 94107

Fairfax Media Adopts SaaS Apps Quickly While Enhancing Security

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

Workspace ONE. Insert Presenter Name. Empowering a Digital Workspace. Insert Presenter Title

Identity and Access Managementas-a-Service: Protecting Digital Relationships

Delivering the Unified Workspace. Automate: Deliver: Manage. October 2017 Peter von Oven End User Computing SME

Sean P. McDonough National Office 365 Solution Manager Cardinal Solutions Group

Case Study: Broadcom Limited

CUSTOMER ENGAGEMENT STARTS WITH SINGLE SIGN-ON

SaaS løsninger reintroduserer siloene, hvordan utvide og utvikle løsningene på tvers av og i samspill med, SaaS løsningene?

A UNIFIED APPROACH TO DELIVERING EXCEPTIONAL CUSTOMER EXPERIENCES

4 PILLARS BEHIND THE EVOLUTION OF END-USER COMPUTING

Identity Management Services

BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and getting started with modern MFA solutions

BUYER S GUIDE: MFA BUYER S GUIDE. Evaluating and Getting Started with Multi-factor Authentication Solutions

Doing More with Less Bringing Shared Services into Reality

Do More with Complete Mobile-Cloud Security from MobileIron Access

GO BEYOND MOBILE DEVICE MANAGEMENT WITH A DIGITAL WORKSPACE WHITE PAPER

Thru. Secure File Sync And Share - For The Enterprise

Recommendation: Directory Services Architecture and Future IAM Governance Model

Identity is the Center of Omnichannel

Secure information access is critical & more complex than ever

The business owner s guide for replacing accounting software

SafeNet Authentication Service:

Your Business. The Cloud. Business Cloud.

VMWARE WORKSPACE ONE + MICROSOFT OFFICE 365 : ENABLING MORE SECURE COLLABORATION. A Solution for Balancing Productivity with Protection

IDENTITY IS THE CENTER OF OMNICHANNEL SUCCESSFUL BRANDS KNOW THEIR CUSTOMERS AND OPTIMIZE THEIR EXPERIENCE. WHITE PAPER

INTEGRATING HORIZON AND CITRIX APPS IN A DIGITAL WORKSPACE

The 7 Tenets of Successful Identity & Access Management

Microsoft 365 Migration

Identity and Access Management

JourneyApps. Platform. The Competitive Edge In Industrial Digitalization. Copyright of JourneyApps 2018 All Rights Reserved

BUS 516. IT Infrastructure and Emerging Technologies

<Insert Picture Here> Externalizing Identity

Building and Selling Software in a Declining Market:

CHOOSE THE RIGHT IDENTITY & ACCESS MANAGEMENT SOLUTION

Business Transformation Using The BlackBerry Enterprise Platform

The Roadmap to a Digital Enterprise through Mobility

Business Innovation Through Mobility

MANAGE BUDGET AND SPEND IN A MULTI-CLOUD ENVIRONMENT THE CLOUD IS VAST, YOUR BUDGET IS LIMITED WHAT IS YOUR PLAN?

Enterprise Mobility Suite

CTERA Enterprise File Sync and Share (EFSS) - CTERA Overview

Active Directory Integration with Microsoft Dynamics. 5 Steps to Create Dynamic Identity Management. Elevate HR, Inc. Published: January 2018

AN EMM CHECKLIST FOR CIOs. Factors to Consider When Choosing an EMM Solution. Whitepaper

SAP BI Roadmap and Convergence Frequently Asked Questions (FAQs)

Doing More with Less Bringing Shared Identity Services into Reality

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted

Webalo for Mobile IT (MobileIron)

THE ENTERPRISE MOBILITY MATURITY MODEL

HYBRID CLOUD MANAGEMENT WITH. ServiceNow. Research Paper

Fujitsu End User Services Delivering a service as mobile as your people need to be

RSA Identity Management & Governance

SOLUTION BRIEF CA MANAGEMENT CLOUD FOR MOBILITY. Overview of CA Management Cloud for Mobility

ACCENTURE INTRODUCTION

M A R K E T S P O T L I G H T. H ow M o b i le Can PLM Go? Sponsored by Aras. Introduction. Implications for Product Development and Innovation

Prepare for GDPR today with Microsoft 365

Equip your field teams and customers with the ability to do business from anywhere.

SECURE MOBILE USERS PLANNING - MOBILE DEVICE MANAGEMENT (MDM) SCENARIOS COMPARISON

SOLUTION BRIEF MOBILE SECURITY. Securely Accelerate Your Mobile Business

IT S TIME TO RETHINK VDI:

The Fastest, Easiest Way to Integrate Oracle Systems with Salesforce. Real-Time Integration, Not Data Duplication WHITEPAPER

Retail s Complexity: The Information Technology Solution

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

Modernizing Cyber Defense: Embracing CDM. Okta Inc. 301 Brannan Street, Suite 300 San Francisco, CA

WHITE PAPER. Mobile Identity. Catalyzing Digital Transformation, Increasing Productivity

Driving Greater ROI From ITSM with The Future of SAM. Martin Prendergast, CEO Concorde

Enterprise Mobility Suite

FUJITSU Transformational Application Managed Services

Digital business processes

Identity is Everything

#mstrworld. A Deep Dive Into Self-Service Data Discovery In MicroStrategy. Vijay Anand Gianthomas Tewksbury Volpe. #mstrworld

ADOBE EXPERIENCE MANAGER MOBILE. for Media and Entertainment

Optimizing Active Directory to Better Suit a Hybrid Environment. Gary Savarino Solution Consultant Active Directory Subject Matter Expert

Omnichannel for Microsoft Dynamics 365: 6 mission-critical questions to ask. March CaféX Page 1

Thinking ERP? Important factors to keep in mind while considering an investment in enterprise business software.

Preparing for Multi-Cloud Management Success

An Enterprise Architect s Guide to API Integration for ESB and SOA

Service Catalog ATTOSOL TECHNOLOGIES.

Solicitation # Account Provisioning and SSO Solutions Addendum #1 dated 2/14/2017

IMD Gives Students Easy Access to Executive Education with ForgeRock Access Management

ENTERPRISE OPERATIONS SERVICES

Reengineering your core processes and service layer A critical digital ecosystem enabler

WHITE PAPER GOOGLE AND SALESFORCE

FIVE IMPORTANT BUYING CRITERIA TO ENABLE A TOTALLY MOBILE WORKFORCE WHITE PAPER APRIL 2018

2 BRAXTON WAY, SUITE 105, GLEN MILLS, PA P: F:

Architecting a Digital Supply Chain with Birst. How Citrix unified hundreds of data sources and increased inventory turns 5X.

ForgeRock Identity Management

Microsoft Enterprise Services. Modernizing IT to enable the Digital Workplace

How to Build an Omni-Channel Strategy HOW TO BUILD AN OMNI-CHANNEL STRATEGY.

Administering System Center Configuration Manager and Intune (NI114) 40 Hours

Transcription:

WHITEPAPER Mobile SSO & the Rise of Mobile Authentication

MOBILE SSO & THE RISE OF MOBILE AUTHENTICATION Top Four Considerations In Defining Your Mobile Identity Strategy OVERVIEW Cloud and mobile adoption continue to drive Identity & Access Management (IAM) -as-a-service (IDaaS), a new category within the larger, traditionally on-premises IAM security market. As businesses move from on-premises computing to the cloud, and from desktops to mobile devices to better connect their global network of employees, partners, customers and vendors, information needs to move securely between people, applications and devices in accordance with policy. Mobile applications themselves are an increasingly important tool for driving business outcomes. Subsequently, the focus is shifting to managing the user behind the device and application. New security models are emerging that put the user at the center of security design. Nearly every security service, including identity and access management, is being re-architected for this new paradigm. As the number of apps and services increase for the average user, managing app access represents a significant security and convenience issue. Two major issues emerge with the increasing reliance upon the hundreds of available cloud services. First, it is cumbersome for users to constantly re-enter their credentials, particularly in email and strong password format. This inconvenience may wear particularly on mobile users who will seek alternatives likely to be less secure. Second, and more importantly, it is a security and governance issue for IT and the organization. A recent cloud report identified that 15% of corporate users have had their account credentials compromised 1, thereby increasing the risk of unauthorized access and highlighting the need for additional authentication factors. Ultimately, business leaders need to maintain the full picture of what is being accessed by who and when, and periodically audit for compliance concerns.

BUSINESS REQUIREMENTS IDENTITY REQUIREMENTS ARCHITECTURE REQUIREMENTS ROADMAP REQUIREMENTS FIGURE 1. FOUR CONSIDERATIONS IN EXECUTING A MOBILE IDENTITY STRATEGY 1. FORECAST YOUR BUSINESS APPLICATION REQUIREMENTS FOR THE NEXT 3 YEARS As SaaS (Software as a Service) adoption grows, business applications are moving outside the enterprise domain and being provided by third-parties in the cloud, i.e. SaaS providers. For example, new cloud-based services in areas such as human capital management, office productivity, service management, project management, content management, marketing automation, sales force automation, customer relationship management and expense reporting have entered mainstream adoption. Enterprises continue to capitalize on mobile devices to optimize the business by provisioning applications aimed at improving employee productivity and customer satisfaction. The harsh reality is that anywhere from 50% to 80% of cloud based applications used within the average enterprise are still provisioned without IT awareness, i.e. placed into service by end users, or shadow IT. Thus, it s important to benchmark your current reality, and evaluate approaches to deliver enterprise-grade security as you plan for the future. Mobile smartphones and tablets continue to change the way we do business, allowing people to access their enterprise cloud applications from almost anywhere. Subsequently, many SaaS providers are developing mobile-specific websites and native applications to optimize their customers experience. These devices are often outside the enterprise s physical and logical control, therefore it is crucial that mobile strategies assess the risk associated with the current mobile identity, authentication, and access management environment, and actions being pursued by the industry to address these mobile security scenarios.

Recommendations Assess your organization s current cloud application use, and whether these apps should be rolled into your IT service catalog which defines the approved apps available to users. Having these apps within the broader IT portfolio of supported services will ensure the business manages these resources programmatically, and can centralize policies and audit functions. Leveraging solutions from vendors like Netskope and Skyhigh Networks can jump start this process from a cloud app discovery perspective. Inventory your users mobile device platforms (Android, ios, Windows Phone) and evaluate the mobile authentication technologies that support these systems. Given BYOD (Bring Your Own Device) trends, over 80% of organizations are making changes to their policies and IT infrastructure to support the proliferation of personal devices 2. 2. DEFINE YOUR TRUST REQUIREMENTS FOR MOBILE USERS The level of trust required for an enterprise user versus that of an individual consumer can be dramatically different. Trust between a user and the services provisioned by the enterprise will be influenced by factors such as the user s authentication privileges, the context in which that user is accessing these services such as time and location, and the platform itself, as well as its capabilities. Additionally, as the federation of identities and centralization of authentication become more common to support Single Sign-On (SSO), risk is aggregated to a singular point serving multiple services. It becomes critical that additional credentialing or multi-factor authentication (MFA) technologies be implemented alongside your federation services to support the levels of assurance (LOA) required to meet trust requirements. An identity management solution must establish trust between the mobile user and the cloud application and maintain the credentialing services required.

Recommendations Take action today to secure mobile user access to your organization s cloud apps. OneLogin Mobile is available on Android, ios and Windows Phone, and downloadable from the corresponding platform stores. The mobile application offers secure web SSO via single portal to thousands of enterprise cloud apps. Evaluate vendors that provide a broad catalog of cloud applications with out-ofbox connectors. OneLogin for example has been a proponent of open standards, offering free SAML (Security Assertion Markup Language) toolkits beginning in 2011. Evaluate vendors that provide trusted data centers, certified by industry experts against standards for security, privacy and data protection. Certifications include ISO 27001, SOC 2, TRUSTe, Skyhigh Enterprise Ready and SafeHarbor. Require application developers and cloud vendors to support open standards, such as: OASIS s SAML standard for authentication. OAuth standard for a delegating authorization. OpenID Foundation s NAPPS working group efforts to enable SSO for native applications installed on mobile devices. FIDO (Fast IDentity Online) Alliance work on 2-factor authentication standards. IETF s SCIM (System for Cross Domain Identity Management) standard for provisioning and managing identities across domains. Implement bi-directional directory integrations that provide real-time synchronization to close gaps and RACE conditions between user stores. While most enterprises have existing on-premises authentication services such as Active Directory, these systems don t extend to the cloud well, if at all.

3. DEFINE YOUR MOBILE IDENTITY AND ACCESS MANAGEMENT ARCHITECTURE In order to minimize an organization s liability should any data be compromised as a result of mobile access, new mobile and cloud security architectures are placing user identity and authentication at the center of the trust model. Many factors play a role in defining mobile trust, including: Federation factors Legacy on-premises systems such as Active Directory often represent the single source of truth for enterprise IT today (e.g. single domains like acme.com). However over their life they ve become heavily customized, difficult to maintain and inflexible to meet today s cloud initiatives. Organizations must now factor in the reality of cross-domain access from outside the network perimeter, and whether their legacy IAM solution is innovating at a pace to keep up with industry change. Outsourcing business applications and other digital services to various SaaS vendors has resulted in the proliferation of multiple user stores and subsequently multiple user data models. Managing user credentials and various access privileges for these services suggests federation capabilities must be added to rationalize this complexity. Federation technologies are becoming more central to IAM architectures, and are best situated in the cloud. FIGURE 2. FEDERATED SERVICES FOR MOBILE ACCESS TO CLOUD APPS

The acceptance of BYOD within the enterprise introduces several important considerations: BYOD is personal, and unknowns introduce risk IT has wrestled with the ever morphing mobile security frameworks which don t always address the fact that businesses don t own these devices. How can IT best manage risk given the traditional system management paradigm doesn t apply. Locking down resources specific to users personal phones is not practical. Consumer behaviors don t necessarily translate to the enterprise While leveraging social media logins is an inexpensive form of SSO for some websites, most social logins do not provide sufficient trust to meet enterprise requirements (e.g. lack password strength or refresh rates, where phones remain logged in for extended periods of time). With more than 50% of cloud apps accessed via mobile devices 3, the smaller mobile form factor and associated user experience specific to authentication is ripe for improvement. Recommendations Federate user stores to the cloud, which reflects the most appropriate point in the new mobile-saas application model. Leverage users mobile devices as a secondary factor for authentication to deliver time-based one-time passwords (OTP). Evaluate mobile security options beyond just mobile device management. New architectures suggest we shift focus from the device and put the user at the center of the security model. Thus, security practices should be prioritized to actually secure user access to cloud apps, and move beyond managing the mobile system configurations.

4. PLAN FOR THE NEXT-GENERATION OF USER AUTHENTICATION Despite users and lines of business demanding access to mobile apps today, you won t likely have time to develop a comprehensive architecture before being pressured to deliver. The best approach is to craft a lightweight architecture with the future vision in mind. It s important to have a 3-year planning horizon as you begin rearchitecting your next-gen IT service delivery model. Recommendations Understand the mobile ecosystem, and the role each partner plays in security. The ecosystem is like a chain; security is only as good as the weakest link. Require your service providers to support open standards as mandatory acceptance criteria. Many enterprises are actively implementing cloud vendor onboarding certification (CVOC) programs to help accelerate provisioning of new cloud-based apps and services by screening out vendors that don t support open standards. Educate yourself on emerging architectures and standards such as NAPPS, and monitor their developments. NAPPS is a game changer in the maturation of Mobile SSO, both from an end-user experience perspective and a cloud service provider s infrastructure perspective. Engage with your peers, and learn from their experiences such that the industry moves in the right direction. Organizations like IdentityFirst.org represent a community of identity and access management professionals who are engaged in shaping the future of IAM solutions and practices. Engage with your vendors to understand their vision for identity and authentication, as well as their roadmaps to address security, compliance, and governance risk. As appropriate, request periodic discussions on product direction to build your long term strategies and project plans.

CONCLUSION The industry is working to address security, compliance and governance challenges associated with cloud and mobile adoption in the enterprise. The industry has acknowledged that new security models must take user identity into consideration, and that federating directories in the cloud, centralizing authentication services and aggregating analytics reporting will be factors in a mobile security strategy. Whether you plan to pursue a hybrid model (a mix of on-premises and cloud), or a cloud-only IAM architecture, securing user access to your enterprise s SaaS or cloud apps from mobile devices will be required. Contact OneLogin at: sales@onelogin.com. REFERENCES 1. Netskope Cloud Report, January 2015 2. IDG Enterprise Consumerization of IT in the Enterprise Study 2014 3. Netskope Cloud Report, October 2014

ABOUT ONELOGIN OneLogin is the innovator in enterprise identity management and provides the industry s fastest, easiest and most secure solution for managing internal and external users across all devices and applications. The only Challenger in Gartner s IDaaS MQ, considered a Major Player in IAM by IDC, and Ranked #1 in Network World Magazine s review of SSO tools, OneLogin s cloud identity management platform provides secure single sign-on, multi-factor authentication, integration with common directory infrastructures such as Active Directory and LDAP, user provisioning and more. OneLogin is SAML-enabled and preintegrated with thousands of applications commonly used by today s enterprises, including Microsoft Office 365, Asure Software, BMC Remedyforce, Coupa, Box, Clarizen, DocuSign, Dropbox, Egnyte, EMC Syncplicity, EchoSign, Google Apps, Jive, Innotas, LotusLive, NetSuite, Oracle CRM On-Demand, Parature, Salesforce.com, SuccessFactors, WebEx, Workday, Yammer, ServiceNow, Zscaler and Zendesk. OneLogin, Inc. is backed by CRV and The Social+Capital Partnership.

GET ONELOGIN FREE FOREVER onelogin.com/signup/

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback