As the enterprise continues to open and perimeters disappear, the CIO has an opportunity to play an increasingly strategic role in enterprise growth. The ability to deliver secure, frictionless and fluid access to services across the cloud, mobile and social will open new revenue opportunities.
Modern identity holds the key to delivering the convenient access users demand, and the security necessary to protect critical data and infrastructure. Here, we explore five key trends facing CIOs today, and how your ability to respond with the right identity infrastructure will make or break your business.
Identity is the New Perimeter
5 Trends Facing CIOs Today
Long gone are the days of all on-premises software, where proprietary applications were accessed from within the confines of the corporate firewall over computers issued by the organization, or by consumers from a single web access point. Yet, many enterprises continue employing a traditional security model; assuming a firewall is enough to shield their important assets from outside threats.
However, because cloud and mobile are now everywhere in today’s enterprises, the concepts of ‘inside’ and ‘outside’ have become considerably blurred. With employees, partners and customers accessing sensitive data from insecure networks and mobile devices, the new security paradigm must protect users and data regardless of their location or device.
The intersection of mobile, social and cloud offers unprecedented visibility and opportunities for the enterprise, but has also created an environment with multiple (and increasing), disparate user identities across touch points—placing additional barriers between your users and the applications they need to access. Security that specifically targets endpoints, cloud, networks and email is not equipped to cope with the array of devices, systems and workflows that even the most progressive enterprises wouldn’t have dreamed of a few years ago. Identity is emerging as a silver bullet for CIOs looking to keep their corporate data safe, drive business agility and improve end users’ experiences across their ecosystem.
Warning: Your Business Has Left the Building
The adoption of cloud-based applications has been explosive within enterprises over the past few years. This move to the cloud forces enterprises to rethink their identity and access management (IAM) strategy as security perimeters move beyond the firewall.
The growth in cloud-based apps and SaaS architectures is driven both by organizations seeking more efficient and effective ways to run their business while improving workforce productivity, as well as by well-meaning employees looking for better task proficiency via SaaS apps. But the trend cuts even deeper. According to the Forrester Research® 2014 predictions, “A great digital experience is no longer a nice-to-have; it’s a make-or-break point for your business as we more fully enter the digital age”.1
This fundamental shift of business to the cloud has many repercussions for security and compliance, such as:
The bottom line? In a borderless enterprise, identity is the strategic enabler ensuring the access users want with the security you need.
Serve Your Employees and Customers — Wherever They May Go
Get ready for diversity because there won’t be a dominant mobile platform or vendor, but there will be a flood of new devices and applications. By 2016, each user will have three to five devices covering all shapes, sizes and abilities, with interfaces that range from touch/voice to keyboard/mouse to gestures. The enterprise mobile platform will be cloud-delivered, social-enabled, multi-channel, device-aware and device-agnostic. Distinct markets for mobile device management, security containers, file sync/share and other tools may fade into suites.
Many enterprises have invested heavily in a security regime that works for web applications (typically a web access management [WAM] solution). While WAM solutions make internal web applications more secure, they don’t extend easily to secure APIs needed for native mobile applications and other web applications. Why does this matter? APIs represent a huge market opportunity for many companies and can drive significant revenue. But in a world where many sensitive and critical functions are increasingly deployed as services, and are exposed through web APIs, security posture around those APIs becomes mission critical. The best solution for managing access to APIs should have several key characteristics. They should:
“Salesforce.com, for example, generates nearly 50 percent of its annual $3 billion in revenue through APIs; for Expedia, that figure is closer to 90 percent of $2 billion”. – Forbes2
PSSST! Your Customers Hate Passwords Too
Many still argue about the difference between multichannel and omnichannel. So what’s in a name? At it’s simplest, multichannel has us embracing many different channels (such as mobile, web, etc.) to engage with customers. But if you’re just focused on the individual channel, you’re missing an opportunity. Enterprises initially got to multichannel by ‘bolting on' each new channel as the need arose, but omnichannel isn’t about which individual channel you engage your customer through. It’s about delivering a single, unified experience for your customer across every channel. An activity that begins in one channel should fluidly move to another, and another, until the customer’s business transaction is complete.
Where does identity fit in? What began as simple single sign-on (SSO) technology (easy access to all your internal and third-party applications through your web portal) has grown rapidly over the past decade. And it continues to accelerate with mass consumer adoption of mobile and the API economy. We used to just be concerned with how a customer moved through the web experience, but we now have to deliver to a fluid experience across all existing and future channels and consider how the authentication experience impacts the larger experience. The goal? Customers will be able to maintain states as they shift across different channels.
Internet of Everything
Everything's Connected. Is Your Business Ready?
If you’re still struggling to address the identities in your organization for cloud, mobile or social, you better brace yourself as another 30 billion ‘things’ come online in the next five to ten years. The Internet of Things (IoT) is basking in its nirvana stage. Thanks to the mobile Internet, adoption rates of IoT will soon accelerate. Industry pundits are predicting a multi-billion dollar industry fueled by billions of connected devices that will support better business and make life more efficient and pleasurable for individuals.
The possibilities for positive business impact are monumental, as are the challenges associated with building such an interconnected world, including security architectures, bandwidth, IP addressing, standardized communication protocols, management consoles, certificate management, power consumption, privacy and identity. Why identity? In order to query or connect to any ‘thing,’ that thing will have to possess an identity of some sort. A smartphone has relevance as a device, but its value skyrockets when it's identified as a particular user, and gets even better when it can be associated with their other things. An HVAC provides an even indoor temperature, but it needs to identify itself to participate in an ecosystem of things. Identity forms the bedrock for the relationships between things, such as pieces of equipment on a shop floor, a sensor or a device.
Expanded Access in a Federated World
In Today's World, You Don't Win by Working Alone
Today’s connected enterprises rely upon partners across their supply chain to integrate services for customer-level interaction, or to take advantage of an extended workforce that's not exclusively composed of full-time employees. The economy is global and partners are on the critical path to sustainable and profitable growth.
Partners expect seamless, anytime-anywhere access to critical, internal applications and data. This leaves the enterprise with an exorbitant number of users (external identities for every partner or customer) that must be provisioned (and de-provisioned) with the right access, despite the enterprise’s lack of ownership or influence over those partner identities. Managing external identities and partner access not only places a significant burden on IT, it often opens the enterprise up to security breaches.
A federated approach to IAM ensures that you can provide the access partners need without assuming the complexity, cost and risk associated with managing those identities locally.
Your security is only as strong as your weakest link. Focus on these four elements for securing partner access:
Unified management in a central identity authority
Self-service with user driven onboarding experience
Control and visibility through zero-day provisioning
Strong access policies that employ strong MFA
"The Target breach was initiated through the compromise of one of the retailer’s service providers, a small HVAC company in PA... the notion of a network perimeter is ancient history." – Network World7
1 Forrester Research®: Predictions 2014: Mobility And Computing Technologies In The Age Of The Customer, January 15, 2014 By J.P. Gownder with Christopher Voce, Katherine Williamson
2 Forbes, CIO Network, Ready for APIs? Three Steps to unlock the fata economy’s most promising channel, by contributor McKinsey & Company, January 2014
3 CSIDTM , Consumer Survey: Password Habits, September 2012
4 Ponemon Institute, Moving Beyond Passwords: Consumer Attitudes on Online Authentication, April 2013
5 Nuance, Surveys Show: Consumers Ready to Say Goodbye to PINs, Passwords, and Probing, May 2013
6 Stratecast, Frost and Sullivan, The Hidden Truth Behind Shadow IT: Six trends impacting your security posture, an executive brief sponsored by McAfee, November 2013
7 NetworkWorld, Lessons Learned from the Target Breach, by Jon Oltsik, March 2014