As users have added business apps to access secure data within the workplace, the need to link and manage the appropriate identity has led to an important new trend: BYOI or Bring Your Own Identity.
The past few years have witnessed a significant increase in the mobility of employees, starting the “Consumerization of IT” trend that has led to the growing adoption of “Bring Your Own Device” or “BYOD” trend for tablets and smartphones.
This has increased productivity, as mobile users have access to more information and better communication using the devices that they are most comfortable with.
One device, multiple identities
A modern tablet likely will be used for both personal and work activities; therefore, it’s essential to associate each activity with the appropriate digital identity. The IT department needs to ensure that the digital identity used to enable access to these resources is securely linked to the correct person, as well as ensure they can disable that access when appropriate.
Organizations now realize that users also need a place on the mobile device for personal apps and data that can function concurrently with the work activities.
It is becoming increasingly apparent that a user’s name and password is no longer an acceptable level of authentication. Fortunately, the mobile device presents a robust platform for two (or even three) factor authentication. Virtually every mobile device has one or more secure elements, such as the Universal Integrated Circuit Card (UICC,) that can be used to securely store keys and perform cryptographic operations.
So here’s my recommendation on implementing BYOI in three steps:
Ensure that the mobile devices are manageable, either by selecting devices with management capabilities or by using third-party products.
Implement a mobile identity and credential management solution.
Select applications that leverage the credentials.
Provisioning and managing identity for BYOI requires a link into the tablet for provisioning and lifecycle management. At the same time, the tablet needs a connection to the appropriate directory, identity and credential management software in the enterprise.
A number of existing identity and credential management products have been extended to provide Over-the-Air (OTA) provisioning and lifecycle management. An identity solution for mobile must implement and manage the specific policies of the organization.
Looking to the Future
Modern operating systems have support for device, application and identity management. Looking forward, I see the industry continually providing functionality in operating systems that will deliver enhanced features and better security.
While the focus this year is on managing two identities securely on one device, as the market matures, there will be a trend to support additional identities, each with its own perimeter. Why? Well, for example, a person might have a second job, or want to use a suite of healthcare apps that link securely to their healthcare provider.
In each of these cases, the device holder will want to enable a set of apps to use a strongly authenticated identity that is separate from others.