Balancing user experience with security

mobility and securityThe number one challenge I hear from IT professionals across the board is balancing security with user experience across multiple device types that employees use in the course of a day. If those IT pros turn the dial too far in one direction, they’re faced with security vulnerabilities. If they rotate the dial too far in the opposite direction, they faced user-experience hurdles.

This challenge is exacerbated for those companies that want to further embrace cloud consumption models, but are once again perplexed about where to set the dial.

Other top challenges I hear include:

  • How can we send employees directly to the cloud, and prove the device is owned by the organization?
  • The cloud provider and third party vendors I am working with do not support PKI.
  • The cloud providers are reliant upon a company changing its behavior, which includes IT process and business process modifications.
  • Active Directory (AD) is a mess. How can we get AD harmonized between sites as we embrace mobility and cloud consumption models?
  • Certain cloud applications do not support MFA (multi-factor authentication), and we’re trying to find a solution to deal with this.

The list goes on, confirming that while a number of businesses have made great strides creating enhanced mobile experiences for employees, there is still significant work ahead. I’ve found there are three IT priorities that consistently rise to the top of the list:

  1. Identity and access management (IAM). The simple goal here is to validate the user, set policies, and be able to apply these policies across different devices, networks, and data types. However, I am finding IT organizations that have made considerable investments in identity and access management solutions are discovering these solutions aren’t going to meet their ongoing mobility requirements as they grow. Solving identity and access management issues for the long-run must be a top priority.
  2. Data management. What happens if an employee wants to access a confidential company document on a mobile device—but the device is a personal device? In this scenario, I see companies trying to take corporate control of personal devices, and manage a fenced-in environment on the mobile devices. I’ve seen this done with organizations using a remoting protocol to access the application, stamping documents with watermarks, and then going even further by having granular document-level policy set by the creator.
  3. Organizational alignment. I rarely see the CISO, or Office of the CSO, involved in mobility strategies — this is a real problem. In fact, I have witnessed many cases where the email admin is delegated the role of the mobile device management (MDM) manager, without involving any of the security team. The security team should be involved — early and often — for companies to effectively advance their mobility efforts. This scenario has companies challenged from both an organizational boundaries perspective, and an IT budgeting allocation viewpoint. It’s definitely time to make changes.

So what can businesses do? Unfortunately, there isn’t a magic dial to set and forget — yet. I’m fortunate to be exposed to incredible innovation in the market, but also recognize that companies don’t change as fast. Although some companies would like to make rapid progress, they still must overcome people, process, and technology hurdles before achieving successful, long-term mobility strategies. The IT professionals that I speak with would like to advance, but need assistance and further education on the above topics, so they can understand how to apply what they learn to their unique environment.

It’s a great time to engage with customers, and show them a variety of ways to address their IAM, data management, and organizational alignment challenges. Building strong relationships with these folks now, will allow you to reap the dividends over time.

identity access management infographic

Topics: Identity and Access Management Enterprise Mobility