Light Dark
April 21, 2014 By Security Intelligence Staff 3 min read
Identity & Access

On my way to a major security conference, I reread an InformationWeek mobile security report by Michael Finneran. I knew identity and access management would be a very hot topic, so I wanted to gain a mental advantage by reviewing third-party mobile security reports. Finneran’s report offered two very interesting pieces of information:

  • 86 percent of organizations either allow or plan to allow the use of employee-owned devices for work functions.
  • 42 percent of organizations allow employees to bring in any device — smartphones, tablets, laptops and other mobile devices — and to access the network so long as they agree to certain policies.

Those bulleted statements resonated in a big way. You can’t help but notice as you walk around or go anywhere that just about everyone’s head is down, looking at a mobile device. Often, these people are performing work-related tasks.

The Need for Mobile Identity and Access Management

For many organizations, simple passwords are all the proof users need to log in to the corporate network. Finneran states that 80 percent of organizations with BYOD programs require only a password for mobile access to the corporate network. But what happens when a mobile device is lost or stolen and the password is cached on the device? “Oops, my bad.”

I began to think of my conference role as an IBM ambassador. How would I handle this type of conversation? Do I know enough about identity and access management from a mobile perspective?

My answer was no, so I educated myself on the clear benefits of IBM Security Access Manager for Mobile.  I wanted to explore how this product integrates with products from IBM’s security intelligence portfolio, and understand how clients can gain a more predictive — as opposed to reactive — approach to their overall security strategy.

IBM Security Access Manager for Mobile provides the following benefits:

Reduce Mobile Security Risks

  • Reduces mobile security risks by providing context-aware access control that can enforce established policies and guidelines. Using contextual data analytics to calculate risk, organizations can grant access based on a dynamic risk assessment of the confidence level of a transaction.

Prevent Mobile Fraud

  • Enables organizations to easily deploy multifactor authentication that requires users to prove their identities. For example, users can be sent one-time passwords (OTPs) via text or email, and they can enter the OTP in addition to their regular login information to access the network. For added security, OTPs can also be provided by external devices using hash-based message authentication code (HMAC) algorithms. Similarly, Trusteer, an IBM company, offers a range of fraud-focused mobile security solutions.

Enable Identity-Aware Applications

  • Helps organizations make applications “identity aware” by using OAuth standards-based technology. Users can obtain a one-time authorization code that enables their device to connect securely to applications, providing seamless, password-free access for users. User credentials are not stored on the device; only device tokens that are exchanged transparently each time the application is launched are stored. An optional PIN can also be required during authentication for added security.

Leverage Mobile Security Intelligence

  • Enables organizations to define context-based access policies at a transactional level and require additional authorization based on the type of device, environment, identity or behavior patterns. With a 360-degree view into all the elements of mobile user access, organizations can strengthen their security and compliance posture. Security Access Manager for Mobile integrates with IBM’s QRadar Security Intelligence Platform to provide deep insights into how users access information hosted on-site or in the cloud.

Moving Forward with Risk in Mind

As you go about your day-to-day, notice how often your co-workers are heads down, working on their mobile devices. Then ask yourself these questions:

  • Are they logged into a corporate network?
  • Do they realize the Wi-Fi they are connected to could pose a risk?
  • Are they unknowingly jeopardizing sensitive data?

Simply asking these questions is a first step in the right direction.

Security Intelligence Staff
Security Intelligence Staff

More from Identity & Access
December 11, 2024

Another category? Why we need ITDR

5 min read - Technologists are understandably suffering from category fatigue. This fatigue can be more pronounced within security than in any other sub-sector of IT. Do the use cases and risks of today warrant identity threat detection and response (ITDR)? To address this question, we work backwards from the vulnerabilities, threats, misconfigurations and attacks that IDTR specializes in providing visibility into. As identity threat detection and response (ITDR) technology evolves, one of the most common queries we get is: “Why do we need…

September 27, 2024

Access control is going mobile — Is this the way forward?

2 min read - Last year, the highest volume of cyberattacks (30%) started in the same way: a cyber criminal using valid credentials to gain access. Even more concerning, the X-Force Threat Intelligence Index 2024 found that this method of attack increased by 71% from 2022. Researchers also discovered a 266% increase in infostealers to obtain credentials to use in an attack. Family members of privileged users are also sometimes victims.“These shifts suggest that threat actors have revalued credentials as a reliable and preferred…

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature