Mobile’s other challenge: Securing data in a BYOD world
The mobile device is going to play more of a role in identification and authentication in the future, but the policies surrounding what an employer can do with the devices are still evolving. “Companies are embracing BYOD, but there are privacy concerns about tracking and wiping of data,” says Chris Taylor, senior product manager at Entrust.
Understandably, employees don’t want their bosses to be able to find their location at all times, and they certainly don’t want family pictures or personal apps deleted on a whim. Creating separate, secure containers is one way to deal with this issue, Taylor says. This solution places apps in a secure partition that the enterprise controls. If the partition is corrupted, the enterprise can then disable access for that specific area.
These solutions use mobile device managers to monitor the device to make sure it’s not corrupted as well as place the apps on the device, says Garret Grajeck, CTO at SecureAuth. “You’re bringing a device into the enterprise, doing a risk analysis and attaching a user’s identity to it,” he says.
But more needs to be done, he says; as mobile devices are becoming the prevalent way employees interact with enterprise systems. “App vendors don’t have a way to own a device so how do they establish an identity in the device?” Grajeck asks.
He proposes that the app redirect an identity request to an outside authentication server using the handset’s browser. This approach is already available in the business-to-consumer world as smart phones enable use of Facebook or Google+ identities on other apps. It’s just a matter of adding further assurance to that identity in the business-to-business world, Grajeck explains.
When it comes to BYOD, enterprises need to support multiple platforms, says Taylor.
Apple’s iOS had been the most prevalent option among employees and also popular with the enterprise. Apple does a good job of vetting apps and malware concerns are lower with iOS, Taylor says.
Enterprises have been a little more hesitant when it comes to Android. “Google had taken a more laid back posture when it comes to apps but that has changed in the last six to 12 months,” Taylor adds.
In the next couple of years, he believes Android will take over the enterprise market as the operating system becomes more stable and security of the apps improves.
Professional lacrosse team deploys BYOD security
Executives of the Toronto Rock professional lacrosse team had a problem and didn’t even know it. Running a professional sports franchise means being on the road a lot, and that necessitates easy and secure access to all relevant data and systems.
A salesmen in one of the offices floated the idea of being able to access work servers on the road or from home. Through a sponsorship deal, the franchise started using mobile security technology from Toronto-based Route1, says Terri Giberson, director of business operations at the team.
Only after Route1 installed the system for the team’s business office did executives realize what they had been missing. When at home or on the road, executives use the MobiKEY USB key fob and login to their work desktop computers. The key fob in inserted and a password is entered to begin the session. “I can access everything and have it laid out like it’s on my desktop,” Giberson says. “It’s seamless for me to work from anywhere.”
MobiKEY establishes an encrypted remote session and all data remains within the corporate network and its security controls. MobiKEY only sends encrypted keystrokes and mouse movements from the mobile access point and then updates on the screen. The data the user is accessing never leaves the network, alleviating concerns about it being stolen or copied.
The MobiKEY Classic2, a USB dongle with an integrated smart card, enables remote access from a Windows or Apple laptops. For iPads, iPad Minis and iPhones the goal is accomplished via the MobiKEY App.
The system has made a huge difference for the ticketing office, says Mike Forty, manager for ticket sales and services. The Rock uses Ticketmaster for its sales and software, but unless he was in the office Forty couldn’t access the data, he explains. The MobiKEY has enabled Forty to access sales data from anywhere at anytime.
Apple Watch as an identity token?
It’s also very possible the watch will have Bluetooth Low Energy. During the keynote announcing the device, there was mention of it being used to access rooms at Starwood Hotel Properties, which has previously announced its use of Bluetooth Low Energy for room access.
It’s likely that the Apple Watch’s NFC will be locked down, as it is with the iPhone. But could credentials be ported to the watch using Bluetooth? Physical and logical security providers are certainly looking at ways in which these new wearables can be used to enable additional factors of authentication.