By Allie Philpin
In days gone by, you arrived at work, logged in to a desktop computer which gave you access to the applications and data you needed to carry out your day’s work; simple, easy and familiar. Now, with new technologies and trends including BYOD, the cloud and mobile devices entering the workplace, it’s a very different environment that blurs the boundaries between business and personal, home and work. And progress has had a significant impact on identity and access management (IAM) technology, which is a little in the dark ages and isn’t sufficient to manage peoples identities across the cloud and multiple devices.
In order to find a way to cope with the transition prior to new and better solutions coming to the marketplace, IT departments are starting to enforce access policies on mobile devices and online/cloud platforms, and these policies are often met with resistance by employees for a number of reasons, such as not liking passcodes, fear of their personal information being deleted from their mobile devices, or allowing their personal cloud platform, i.e. Dropbox, to be used by an enterprise. But deciding the impact the use of BYOD and mobile devices, and cloud storage, is having on your business’s identity and management access plans is not an easy task; here is a place to start.
The advent of cloud and mobility has also brought with it a higher risk of exposure to threats and malware, particularly as applications, such as SharePoint, can be accessed via an independent storage platform, like Box, from a mobile device with just the use of a user name and password. Whilst it’s great to have instant access to corporate data, wherever you are, unless the password and subsequent encryption is sufficiently strong – many individual users create passwords that are relatively weak – there isn’t much that stands between your corporate data and a potential attack!
One way of overcoming this problem is the use of two-factor technology, which adds an additional element to the identity process in a range of formats including smart cards, phone callbacks, tokens and SMS messages. This technology delivers an OTP – a one-time password – that is active once an authentication request has been made to a system, such as an application or a web server. But OTPs have been around a long time, I hear you cry! And you’d be right; they have, and yes, they are open to DNS poisoning and other attacks, but combine them with an extra part in the process, like a smart card, they become far more effective.
Whether we like it or not, mobile and cloud technology is here to stay; now it’s time for identity access management technology to catch up. However, until it does, adopting two-factor technologies, such as Cyphercor’s LoginTC, to improve access management and security on mobile devices and via cloud platforms is a good alternative. But a bit of extra advice; if you want employee adoption, keep it simple!