Access Management in a Cloudy Mobile World
Vijay Dheap 100000S29E firstname.lastname@example.org | | Tags:  mobility isam security mobile ibmsecurity ibminterconnect ibmmobile interconnect
0 Comments | 2,557 Visits
On my flight back from Singapore after attending the IBM Interconnect conference last week, I came to a realization that one of the important recurring topics of discussion with customers and partners centered on the evolving role of user access management. Two major trends transforming industries today – mobile and cloud – are catalysts for a renewed organizational focus on this foundational security infrastructure.
As mobile devices proliferate at staggering pace, enterprises recognize a rich new channel with which they can reach their customers. Enterprises are also realizing that a much larger set of their employees want to employ mobile devices to enhance their productivity and user experience which the organization can tap for generating business value. Secure access to enterprise resources is a central security requirement for all mobile deployments regardless of whether the primary focus is managing new devices on the corporate network or new mobile apps to enrich consumer experience. Now secure mobile access has some unique requirements. First, since mobile devices are shared more often it is important to authenticate both the user and the device before granting access. Second, to mitigate the threat of man-in-the-middle attacks, an emphasis is placed on strong session management capabilities. Third, the risk of granting access to the user based on their context (time, network, location, device characteristics, role etc) needs to be determined so appropriate counter measures can be taken. This risk calculation can help select the appropriate the authentication scheme(s) to employ, identify corresponding authorization policies to enforce and provide the user with information on security best practices. Additionally, moving forward threat protection from access requests need to identified and countered to protect the organization from mobile-borne attacks.
In the past few years, organizations have growing economic incentives to source their technology services from cloud based providers – from software to platforms to even infrastructure. Cloud deployments help organizations improve time to value for delivering new services or content while also avoiding capital expenses. As an organization begins employing cloud based solutions or launches its own cloud offerings secure access needs to be among the top security considerations. To improve user experience, a robust single sign-on solution that enables secure federation of identities across domains becomes critical. Some organizations are beginning to employ third party identity providers (i.e. Google, Facebook, LinkedIn) to authenticate the user however they need to consider if the identity provider has been compromised. A cloud access management solution needs be intelligent enough to assess the risk of a specific access attempt based on security events related to the user. In cloud environments a flexible policy management and enforcement infrastructure for authorizing access grows in significance in order to adapt to dynamic interactions with cloud services for cost management and compliance.
Over a year ago, our technical leadership had the foresight to begin taking a concentrated effort to addressing these new requirements in the IBM Security Access Manager (ISAM) solution for Cloud and mobile. I was quite excited when Robert LeBlanc, the Senior Vice President for IBM Middleware Software, highlighted their work in his keynote. ISAM now enables context-aware access control to help organizations assess the risk of each interaction and adapt accordingly. The risk of an interaction may motivate the use of different forms of authentication schemes or provide the user with differentiated authorization to data or services. To compute the risk, attributes about the user, their device and the application can be taken into consideration. This new capability complements ISAM’s traditional strength in session management and flexibility in integrating with custom authentication schemes. By enabling a policy-based approach external to individual applications ISAM delivers consistency of practice in delivering context aware user access control and helps an organization simplify the application development demands. Recent support for mobile and cloud friendly standards such as OAuth coupled with ISAM’s highly scalable and dependable Single Sign-On capabilities enable the use of Cloud based identity providers to reduce access management overhead and maintain user experience. But a security infrastructure is only valuable when it is effective in securing the application runtime environment so ISAM now has documented seamless integration with IBM’s mobile application platform – WorkLight.
I will say…this is just the beginning, the IBM Security research and development teams are actively pursuing initiatives that hold a lot of promise in delivering greater confidence for the evolving needs of a mobile enterprise with cloud ambitions…stays tuned! Look forward to hearing your thoughts and recommendations. Please feel free to comment here or drop me a line on twitter @dheap.