How Identity as a Service (IDaaS) can help enterprises solve their BYOD challenges
BYOD is growing in popularity around the world. Some companies believe it is making their workforce more productive, with others stating it helps morale or makes the company look flexible and attractive to new employees. All this is understandable, the use of mobile phones to access the internet and email is at an all-time high, and employees likely want the convenience and the flexibility they have in their personal lives to transfer to their work-life. But, there are some significant issues that need to be considered when implementing a BYOD (bring your own device) policy. We take a look at some of these and how Identity as a Service (IDaaS) may be the answer.
Security software & personal devices
Security software is an issue that a majority of your employees have probably never considered. It’s well known that personal mobile devices don’t tend to have the same security levels as desktops and laptops, even when compared against personal PCs. This was reinforced in a recent survey by the Office for National Statistics in the UK, which found that 50% of respondents didn’t have, or know, if they had security software installed on their personal device. A significant number for a region that is fairly well informed about cybersecurity issues.
This is even more concerning when you factor in the installation of untrusted mobile applications, which may contain malware or be vulnerable to attacks. Whether it’s downloading these applications or simply granting apps access to personal data (which when BYOD is considered, may well include company data - such as address book contacts), the security implications can be significant without the appropriate security software in place.
Passwords and Authentication
Not too far a leap from security software is access and authentication. Today, increasing numbers of devices have improved access security from passwords and PINs to biometrics (face & finger). But can an organisation be assured that its employees are using the functionality?
Even if it is used, it’s no secret that single-factor authentication methods aren’t necessarily the most secure. With passwords usually being something simple, memorable and used everywhere, it’s not too difficult for the bad-guys to find a way in.
With personal devices much more likely to be lost or stolen (simply due to the locations they are used) organisations are presented with a significant risk, meaning identity provisioning (the process of coordinating the creation of user accounts, e-mail authorisations in the form of rules and roles) has to be managed carefully. This is no different if employees update their devices or purchase a new one (such as a tablet). Keeping on top of this is a consistent battle and not necessarily one that teams can easy win.
Leavers & Joiners
It is inevitable that people who bring their own devices into work will eventually change jobs and companies – so how can enterprises ensure that data confidentiality and integrity are maintained and not compromised by employees when they leave or change their jobs. Again, provisioning is a crucial part of the problem.
Often, provisioning is done at the device level, granting access via passwords and security. However, on a personal device, this is much harder to manage. Provisioning identity in-house can also be costly, with software installations, data back-ups and headcount needed to manage it.
This is where Identity as Service (IDaaS) can really help, the reason being you are provisioning the identity of a person, rather than the device.
Identity as a Service
IDaaS helps maintain a holistic view of the individual and device security profile. Any changes, such as an employee leaving, changing their role or changing their device can be easily traced, tracked and updated. This has a significant impact on resources needed within the organization as password reset requests are reduced, and devices / accounts aren’t missed when closing down an employee’s access permissions.
By taking an identity-based approach, you can also defend against the wider security implications, such as preventing against the theft of a device, as the criminal will not be able to access confidential company information without having to go through a robust identification process. What’s great, is that this technology also helps stop the BOTs. By determining bot traffic, we can help protect against those devices that might not be the most secure.
