Mobile’s Influence on IAM

- Abhinaw

Agenda

1. Mobility & IoT

2. Impact of Enterprise Mobility on IAM landscape

3. Use cases : Mobility & IAM

4. Industry Analysis

5. Future direction

6. Q & A

Internet of Things & MobilityThe computer industry is the only industry that is more fashion-driven than women’s fashion. – Larry Ellison. Source: Wikiquote.

Disruptive Technologies

What is Internet of Things ?

Mobile Internet – Economic Value.

Impacted Industries

Retail , Logistics , Healthcare , Insurance , Government etc.

Business Drivers (Enterprise Mobility)

1. Operational Efficiencies / Reduced time in Decision making

2. Increases Employees’ productivity

3. Bring-Your-Own-Device movement ( Nearly 70% of employers allow it. )

4. Employee Satisfaction

5. Increases Customer/Partner Engagement ( Brand Management )

6. Need to Innovate

7. Context aware marketing / Self-service / Removing field assets

Impact on IAMCan the corporation secure its most precious assets while boosting productivity and employee satisfaction?

Risks - Physical Devices , Network security and Data Security

[Access based attacks , Device loss, rogue malicious apps , SMS attacks]

Securing Corporate information is of top priority for CIOs – 41%

Enterprise Applications which are instigating urgency• CRM Applications • Social Collaborative tools • Cloud based document repositories• Enterprise Messengers• Workflows• Payroll and Enterprise Travel apps • MS Office on Mobile apps.

What needs to be done ?

1. Securing Data for Mobile Consumption

2. Optimizing app performance while accessing Enterprise information

3. Securing/Adapting Mobile access to Enterprise APIs

4. Device/User level authentication & authorization

5. Support disparate devices and Operating Systems

6. Risk based Control and investigation – Compliance.

7. Over all lower TCO

a. Mobile Device Management b. Mobile Identity Management c. Mobile App Management

Use cases (Mobility & IAM)

1. User and Device authentication/authorization

2. Fingerprinting of devices

3. Device Blacklisting / Whitelisting ( Incase device is stolen or lost)

4. Single-Sign On

5. Multi-factor authentication / KBA / Context aware

6. Fingerprint authentication ( Just like iPhone 5s feature )

7. Data management

• Encryption of data

• Local wipe initiated by remote admin – segregate personal data.

• Data can be shown on only browser or virtualized apps

• Snapshot capability – capture current config and backing up

Use cases (Mobility & IAM)

7. Directory integration

8. Support for ease of development and integration – more compelling proposition.

9. Respect Employee privacy – App Containerization

10. Fine grained policy based authorizations

11. Ability to generate comprehensive reports to meet compliance needs

Industry Analysis

Five Forces

Threat of substituents.

Threat of new Entrants

Bargaining power of Suppliers

Bargaining power of Buyers - High

Competitive rivalry with in Industry

Vendor AnalysisWeightage Oracle CA IBM Novell

Mobile SSO 0.15 Yes Yes

SDK – platform agnostic 0.15 Yes Yes Yes

Data at-rest encryption (wipe out) 0.08 Yes Yes

Device blacklisting & Device inventory Capabilities (Info of device ,user etc)

0.05 Yes Yes

User & Device authentication/authorization 0.05 Yes Yes Yes

Protection of APIs 0.15 Yes Yes Yes

Voice Recognition/Fingerprinting 0.02

Remote Management of Devices & Apps 0.08 Yes Yes

REST based Directory Interface 0.08 Yes

Mobile Application containerization 0.15 Yes

Identity 2.0 ( Social , Open ID etc ) 0.04 Yes Yes Yes

Future Direction

1. IoT market problems

2. Support for IPV6 ; (IPv4 and IPv6 are not interoperable)

3. Fingerprint / Voice Recognition or even stronger Authentication

4. Support for storing billions of Identities in stores which provide better performance

5. R&D around making these ID stores available on a CDN like network.

6. More segregation on Corporate and Personal data/access management.

Q & A