Data is only as secure as the endpoint it is on, and those endpoints are only as secure as each user’s authentication and sign-on process. The security threat landscape grows in complexity both because of an increased number of smart devices, IoT and connected assets accessing business data than ever before, and business data is increasingly being stored in a variety of cloud services. Businesses need to create a secure authentication process for employee endpoints that does not disrupt the workflow of the user, but is secure enough to stop any intruders and prevent data leakage.
The adoption of mobile devices complicated existing authentication frameworks because it brought new user expectations. Typing in a complex password is ten times more frustrating on a smartphone or tablet than on a laptop, and defeats the entire ease-of-use purpose of mobile devices, particularly in a consumer-first world built by the mobile tech giants themselves. Because of this, IT departments and CISOs had to step up their UX game. The proliferation of mobile business apps also meant more login screens, more taps, and more road blocks for end users to get their jobs done, and additional support costs when users are locked out for entering incorrect passwords after three tries.
CIOs and CSOs recognize that the traditional user authentication approach is flawed– passwords must strike an impossible balance between complex enough to slow down hackers, yet easily remembered by users, without causing a clunky input process each time the user signs in. The solution is the triple-S model for modern authentication: seamless, secure, and single.
CIOs want a solution that is seamless to deploy. It should work with their existing identity infrastructure through industry standards like SAML and not replace existing infrastructure.
End users want a solution that asks nothing of them. They don’t want to remember and type in PINS or passwords. They want security to be completely invisible and not get in the way of them doing their work – mobility in the workplace allows employees to join a call during their drive to the airport or while watching for their child to get out of school – complex passwords hinder the productivity of employees. Modern mobile operating systems provide this seamless experience using client-side certificates when using security platforms like MobileIron. This is a seamless experience to the user and also provides government grade security.
Identity via usernames and passwords are also not enough to secure data. Context such as device type, device posture, app type, location, time of day is all paramount to securing business data and preventing leakage. A trusted user on a compromised mobile device should not be allowed to authenticate and access business data. Secure authentication requires that only trusted users on trusted devices with trusted apps are able to get in – for example, if an employee reaches for their spouses personal iPad to check his email, that employee should not be able to access company data as they could take corporate data like email and attachments and save it to their personal applications like Dropbox on that iPad. Furthermore, the spouse may not have a pin on the iPad and if the iPad as misplaced or lost, anyone accessing that iPad can get access to the corporate data.
The average employee will use multiple business apps each day on his or her mobile device. That’s why single sign on is so important. Once the organization has established user and device trust, it is very annoying to the employee to have to login repeatedly to all their applications. For example, an employee goes into a meeting and presents from her iPad using a PowerPoint app. She then gets in a cab to the airport where she uses the Salesforce app to add notes about the meeting. She then brings up the Concur app to file expenses, and finally the TripIt app to check her flight details. She’s not going to want to sign in four times in that trip alone. With modern authentication, the employee, the device and the apps would all be authorized without the employee ever being prompted to enter a username or a password.
Putting it all together
The technology exists out there to provide a seamless, secure, single authentication experience to make employees productive while securing data. Furthermore, the app vendors do not have to change any code to make this work. However, some business app vendors, like Salesforce, have gone an extra step and leveraged the standards promoted by AppConfig Community to make the authentication process even easier. Their apps accept configuration variables passed to them by security platforms like MobileIron so the end user doesn’t even see an authentication screen.
Enterprise technology often causes frustration among employees who feel like their experience is compromised for the sake of security. Adopting the triple-S model of seamless, secure, and single as the mobile app authentication framework breaks this compromise by providing a great user experience for the employee, and best-of-breed security for the organization.
Enterprise technology, and particularly security, can often lag behind the innovations of other industries like ecommerce, causing frustration among users used to the efficiencies in other areas of their lives. With these three considerations of seamless, secure, and single, enterprises will be able to continue in their business operations securely, and with little to no tactical changes needed on the organization-wide front.
Vijay Pawar, Senior Director, Product Management at MobileIron
Image Credit: Wright Studio / Shutterstock