December 9, 2014, Box announced that Ping Identity is one of its valued partners for their comprehensive security initiative called Box Trust that supports their new mobile application Box for Enterprise Mobility Management (EMM). Box Trust provides customers with "a unified network of security partners and solutions to ensure the best security, visibility and accessibility for their critical business content".
To be selected and certified as a Box Trust partner, a security vendor must pass a rigorous evaluation based on "market leadership, the value and quality of its integration with Box and a demonstrated commitment towards joint customer success". With such high standards, we at Ping Identity are proud to be part of Box's new initiative.
Box's move to develop and offer EMM and Box Trust is further evidence of the shift in enterprise business practices--namely the move to the cloud and the now rampant use of mobile and BYOD by employees, partners and customers. Of course, with these shifts come the requirements for a new type of security. Box is doing good work to both provide a needed, mobile-focused solution and deliver targeted, relevant security for it through it's Box Trust partners.
Of course, today, CEOs everywhere have security top-of-mind. The countless news stories of hacking and stolen identities are endless reminders of what a breach in security can do to an organization, such as the average $3.5M price tag in 2013. However, even with these in-your-face reminders, there is often reluctance to implement new types of security technologies such as what Box Trust is offering through its partners--despite these technologies being built specifically for today's and tomorrow's business practices.
As Box understands with its own internal use of our product PingFederate, identity-centered security built on standards and utilizing federation is the security technology for today's and tomorrow's business practices, such as the adoption of cloud and mobile. In a recent InformationWeek blog post, Patrick Harding, CTO of Ping Identity, listed "five truths" of enterprise security to help the wider community of IT execs to also understand this imperative and how identity-based security works. Here is a summary of the five truths:
Truth 1: Identity is the new perimeter The traditional approach to enterprise security has focused on keeping users out by employing firewalls as security perimeters. Today, businesses inundated with mobile, cloud, and SaaS, along with access demands from partners and customers, can no longer survive on that approach. Trusted and federated identities are shaping a new security perimeter.
Truth 2: Cloud makes identity management easier CIOs can use modern identity tools to add the word "anywhere" to their authentication vocabulary. They can take users from any repository anywhere and attach them to any authentication/security infrastructure anywhere, then connect them to any application anywhere. Features such as multi-factor authentication are now add-ons that sit in the cloud, making them convenient and inexpensive to add.
Truth 3: The identity experience needs to be consistent across all channels Many businesses invest heavily in a security regime that works for web applications, but it doesn't necessarily extend to mobile apps. New identity standards such as OpenID Connect and OAuth 2.0 offer a consistent experience for user authentication across web and mobile applications. As a result, users get a consistent experience everywhere. In addition, the same standards can be used to secure identity-based API access to applications.
Truth 4: Deep subject matter experience is no longer a requirement It used to be that if you wanted Internet Single Sign-On (SSO), you had to understand the Security Assertion Markup Language (SAML), or hire somebody who does. These days, wizard-based options let anyone on staff quickly make an industry-best practice connection in a very short period of time.
Truth 5: Compliance and usability go hand-in-hand When you use Internet-grade security to connect your user community to their apps, your compliance story becomes very easy to tell. Your users spend less time remembering and resetting passwords, and their application access "just works."
Securing trust amongst customers, partners and users is our business and our passion. We continue to be a security front-runner and have been named a leader by the top industry analysts for what we call Next Gen Identity™, a comprehensive identity-centered security platform. Again, we are proud to be named one of Box's Box Trust partners and will continue striving to exceed the expectations of both our partners and customers.