Identity Security Trends in the Mobile Era

pingidentity.com
IDENTITY SECURITY
TRENDS IN THE
MOBILE ERA
CONTENTS
TRENDS IN IDENTITY SECURITY
3
INSIGHT #1
4
PRODUCTIVITY AND USER EXPERIENCE TRUMP EVERYTHING ELSE
INSIGHT #2
5
SECURITY IS BOTH A LEADING DRIVER AND A CHALLENGE FOR MOBILE INITIATIVES
INSIGHT #3
7
EXECS SEE MOBILE DEVICES AS KEY TO THE POST-PASSWORD ERA
INSIGHT #4
8
ENTERPRISES ARE SEEKING A SINGLE IDENTITY AND ACCESS MANAGEMENT (IAM) SYSTEM FOR WEB, API AND MOBILE ACCESS
LET’S REVIEW
9
INSIGHTS POINT TO FEDERATED IDENTITY AND ACCESS MANAGEMENT
APPENDIX
PARTICIPANT PROFILE
Sources
Gartner, Predicts 2014: Identity and Access Management, 26 November 2013, Analyst(s): Ray Wagner, Earl Perkins, Gregg Kreizman,
1
Felix Gaehtgens, Ant Allan
10
years. Mobile devices, which are effectively powerful personal computers,
are everywhere and possess enormous business potential. Gartner®
states that, “By year-end 2020, 80% of user access will be shaped by new
mobile and non-PC architectures that service all identity types regardless
of origin1.” Additionally, IDC estimates that 55 percent of all smartphones
used in business will be employee-owned in 2015. These and other
statistics have most enterprises struggling with a host of issues surrounding
the use and security of mobile devices for work.
To better understand the mindset and priorities of those who make security
decisions for mobile devices in the workplace, Ping Identity conducted a
mobility survey in partnership with Gatepoint Research. The results shed
enterprise mobile initiatives.
TRENDS IN
light on four main insights into the top challenges and motivations for
IDENTITY
SECURITY
The business landscape has changed dramatically within just the past five
3
INSIGHT #1
PRODUCTIVITY AND USER EXPERIENCE
TRUMP EVERYTHING ELSE
WHAT ARE YOUR DEVELOPMENT GOALS FOR MOBILE APPLICATIONS?
Improved user experience
regarding access/login
89%
Improved user productivity
88%
Secure, auditable and
compliant access to data
83%
Faster time to value
82%
Reduce current and future
costs of securing mobile apps
79%
Faster time to market
72%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
or your customers, users expect a great experience and an app that
“We want to continue to provide our customers with
exceptional customer experiences and that means
engaging with them where they are­—conveniently
over their smartphones, tablets or the Internet.”
adds value quickly. Deliver less, and your brand will suffer.
Eric Barnes, Application Development Manager, Wawa Inc.
Eighty-eight percent say the top development goal for mobile
Learn more about how WaWa is Staying a Step Ahead of On-the-
applications is improved user productivity. Leading enterprises have
Go Customers.
Eighty-nine percent of respondents cite improved user experience as
the top development goal for mobile applications. They know that user
experience is king. Whether rolling out mobile apps to your workforce
discovered that a mobile workforce is a more productive and
satisfied one.
4
INSIGHT #2
SECURITY IS BOTH A LEADING DRIVER AND A
CHALLENGE FOR MOBILE INITIATIVES
WHAT ARE YOUR DEVELOPMENT GOALS FOR MOBILE APPLICATIONS?
Improved user experience
regarding access/login
89%
Improved user productivity
88%
Secure, auditable and
compliant access to data
83%
Faster time to value
82%
Reduce current and future
costs of securing mobile apps
79%
Faster time to market
72%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
When respondents were asked about their goals for mobile applications, “Secure, auditable, and compliant access to data” was cited 83 percent of the
time. This was the third most common goal stated, just behind productivity and user experience.
5
SECURITY IS BOTH A LEADING DRIVER AND A
CHALLENGE FOR MOBILE INITIATIVES (cont.)
WHAT ISSUES CONSTRAIN YOUR ABILITY TO PROVIDE GREATER MOBILE ACCESS?
Securing issues over devices
caching passwords locally
71%
Multiple policy stores for web
and mobile access controls
66%
Inability to scale mobile app development
without higher security risks
66%
Inability to scale mobile app
development cost effectively
63%
Inability to report on who
accessed what data
59%
Inability to control access
52%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
When participants were asked about the issues that constrain their
exposing the enterprise to risk when a device is stolen or lost. They
rollout of mobile applications, 71 percent said that, “Security issues
want to scale their mobile application development to meet the needs
over devices caching passwords locally” was a significant concern. Next
of the app economy, but they need to ensure that security scales with
on the list of issues was, “Inability to scale mobile app development
their mobile app development needs.
without higher security risks.”
Read about how Land O’ Lakes rolled out simple secure access
As the participants know, mobile devices pose a unique set of threats
to mobile apps.
to enterprise security. Because the nature of mobile devices, bidirectional access to data occurs beyond the protection of the firewall.
And in most cases, passwords are stored directly on the device—
6
INSIGHT #3
EXECS SEE MOBILE DEVICES AS KEY TO THE
POST-PASSWORD ERA
WHAT ARE YOUR GOALS FOR YOUR MOBILE INITIATIVES?
Securing issues over devices
caching passwords locally
49%
Multiple policy stores for web
and mobile access controls
47%
Inability to scale mobile app development
without higher security risks
39%
Inability to scale mobile app
development cost effectively
29%
Inability to report on who
accessed what data
9%
Inability to control access
6%
0%
10%
20%
30%
40%
50%
60%
Almost 40 percent of the participants see mobile platforms as a way to
era—and for good reasons. Among other problems with passwords,
provide multi-factor or strong authentication as a means to improving
the main cause of security breaches and hacks is stolen credentials.
security. In addition, they’re seeking simpler, more innovative and
lower-cost ways to handle multi-factor authentication through the use
Learn more about transforming smartphones into mobile
of mobile device applications.
authentication devices.
The goal of using mobile devices for strong authentication is proof that
enterprise reliance on passwords as a primary authentication method
is starting to break down. They’re moving toward the post-password
7
INSIGHT #4
ENTERPRISES ARE SEEKING A SINGLE
IDENTITY AND ACCESS MANAGEMENT (IAM)
SYSTEM FOR WEB, API AND MOBILE ACCESS
WHAT ARE YOUR GOALS FOR YOUR MOBILE INITIATIVES?
Single system for web, API
and mobile
55%
Secure single sign-on for native
mobile apps and web apps
51%
Flexible deployment options
49%
Standards-based mobile access
management and security (OAuth
2.0, OpenID Connect)
46%
0%
10%
20%
30%
40%
50%
60%
Support for web, API and mobile access was the most common goal cited for future mobile access. This all-of-the-above approach clearly provides the
most flexibility to meet current and future employee and customer needs for productivity and user experience. But what about security? Respondents
answered that in the following question, where they indicated that a single system that supported web, API and mobile authentication and
authorization was the most desirable attribute of an IAM solution.
Read about a modern architecture for identity management.
8
LET’S REVIEW
INSIGHTS POINT TO FEDERATED IDENTITY AND
ACCESS MANAGEMENT
Productivity and user
experience trump
everything else.
Execs see mobile devices
as a possible solution to
insecure passwords.
12
34
Security is both a leading
driver and challenge for
mobile initiatives.
Enterprises are seeking a
single identity and access
management (IAM) system
for web, API and mobile
access.
These insights underscore the value of a federated identity and access management (IAM) system, which is the core of Ping Identity’s solution. Such a
solution simplifies and secures the ugly, complex, heterogeneous world of enterprise IT.
The Ping Identity platform addresses all four insights and more:
• SSO­­–boosts productivity and improves user experience
• Mobile SSO and API security–provides a scalable framework to make mobile devices and apps secure and productive
• Mobile MFA–transforms a mobile device into a second-factor authentication method
• Based on standards–engineered to secure web, mobile, and API security with open standards
Go to pingidentity.com to learn more about how you can address the business insights and trends of this decade and the next.
9
APPENDIX
PARTICIPANT PROFILE
Participants of the survey represent a wide range of industries,
CxO
14%
Manager
23%
decision-making roles and budgets. One hundred perfect of responders
VP
15%
participated voluntarily; none were engaged using telemarketing.
Director
47%
High Tech
Management
11%
Healthcare
28%
Business Services
19%
Job Level: Survey participants represent senior management and
executives in decision-making roles.
Retail Trade
22%
Financial Services
20%
Yes
18%
Industry Sector: Survey participants represent firms from a wide
No
50%
range of industries. Forty-five percent are in the Fortune 1000.
Not sure
32%
<$250
million
6%
$250 million - $500 million
19%
Use of WAM for Mobile App Initiatives: Fifty percent of
>$1.5 billion
45%
participants admit that they don’t currently leverage a web
access management (WAM) infrastructure to support mobile app
$500 million - $1.5 billion
23%
development.
Revenue: Participants represent firms with a well stratified range of
revenues.
About Ping Identity | The Identity Security Company
Ping Identity is the leader in Identity Defined Security for the borderless enterprise, allowing employees, customers and partners access to the applications they need. Protecting over one billion
identities worldwide, the company ensures the right people access the right things, securely and seamlessly. More than half of the Fortune 100, including Boeing, Cisco, Disney, GE, Kraft Foods,
TIAA-CREF and Walgreens, trust Ping Identity to solve modern enterprise security challenges created by their use of cloud, mobile, APIs and IoT. Visit pingidentity.com.
Copyright ©2015 Ping Identity Corporation. All rights reserved. Ping Identity, PingFederate, PingOne, PingAccess, PingID, their respective product marks, the Ping Identity trademark logo, and
PingCon are trademarks, or servicemarks of Ping Identity Corporation. All other product and service names mentioned are the trademarks of their respective companies.
0715.01
10