Bring-your-own-device adoption is steadily increasing, with Gartner projecting that 38 percent of companies will stop providing devices to workers by 2017. As this trend accelerates globally, there has been an emergence of Bring Your Own Identity (BYOI), where employees can access organizational resources with their own defined identities.
With an average of 25 accounts per person, there has been a merge of personal device and identity that creates a seamless experience from personal devices, as well as organizational cost savings for identity management and better directed marketing and communications.
But what are the security costs?
Signing on to a site using social network credentials works, but Ian Yip, Identity, Security and Governance Product and Business Manager at NetIQ, says it is at the expense of some security.
“Social identities help consumers clear the security hurdle to the point where the word ‘security’ doesn’t rate a mention during the authentication and/or registration process. Social networks however, still use passwords,” says Yip.
Yip emphasizes that passwords on their own are insecure, in the absence of other forms of identification, such as multi-factor authentication, and a lot of damage can be created.
By comparing the different levels of BYOI, organizations can determine the best approach to balancing the security risks of and cost savings of BYOI.
Ian also shares that “consumer devices offer the best vehicle in bringing non-password based authentication mechanisms to the mainstream much the same way social networks have brought identity federation to the masses.”
However, the shift to cloud-based access from smartphone devices also creates a security challenge when storing sensitive data.
Geoff Webb, Director of Solution Strategy at NetIQ, emphasizes that personal devices, such as smartphones should never store data, but should act more as a conduit to data.
“In the end, as we move to a world of cloud services accessed from mobile devices, solving security problems is going to center more and more around monitoring for abnormal activity and managing access,” Webb said.
When it comes to consumers, social media tops the list as a source of identity, but data breaches can compromise organizational credibility and stability. By limiting access to customers and constituents, and actively monitoring privileged user accessibility, you can assess the risk and value of BYOI to determine the level of integration that is appropriate for your organization.