The BYOD trend has employees increasingly bringing their mobile devices to work and (shockingly!) expecting to be able to use those tablets, phones and phablets to do their jobs.
For some in IT it's a crazy notion, so I put together a webinar on how identity can give to IT the necessary degree of control. The audio recording is archived here. (customer or social log-in required)
I argue in the webinar that the owner of the device matters little in the final equation. The real question is how will it be used?
Angry Birds will be played, questionable apps will be downloaded, and business docs may be emailed to personal accounts. All behaviors that put business data at risk, and IT on edge.
The bottom line is how to separate the employee's personal usage (where activities are, at least, none of IT's business) with the business usage (where everything that happens is manifestly IT's concern).
In the webinar, I present an application architecture for mobile (BYOD or otherwise) that is built around the identity of the employee. When the employee uses the phone in this identity context, IT's policies and controls are in force and are authoritative. When the employee uses the phone for non-business applications, IT minds its own business and (happily) looks the other way.
The architecture uses pieces of multiple technologies. At the highest level, they are:
- Dual persona to split the device in two
- Mobile Application Management (MAM) to provision apps onto enterprise side
- ID Management (IdM) to control how those apps get access to APIs
- MAM/Mobile Information Management (MIM) to secure any data stored on device
- Mobile Device Management (MDM), for PIN, wipe, etc, but scoped to enterprise side
Critically, all the above ride off the employee's existing AD identity, and the enterprise uses standards like SAML, OAuth & SCIM to bridge between that corporate identity and the various security & application providers out in the cloud or local.
To learn more, listen to the Webinar and post questions in the comment section.