Mobile Security: The Casino Bouncer Who Sniffs the Mobile IDs

October 23, 2015
| |
3 min read

Are you visiting the casino city to take part in IBM Insight 2015? Are you attending Insight 2015 because you are worried about your highly fragmented IT security posture? Mobile security could very likely be the primary reason for your concern. In this era of mobile and cloud technologies, your employees, contractors and partners need to have access to your organization’s on-premises and cloud infrastructures from their mobile devices.

As mobile usage rapidly grows, cybercriminals are targeting mobile devices as vulnerable entry points to enterprise networks. These threats are leading to paralyzing mobilephobia in some organizations. Since restricting mobile usage is no longer an option, it’s time to embrace the technology and tackle those fears head on with a comprehensive mobile security strategy.

Mobilephobia: Do You Have a Comprehensive Mobile Security Strategy?

Many organizations think a strategy to manage mobile devices and protect the data within them will suffice. However, it’s not enough to just protect the devices and safeguard data and applications; enforcing access management policies to ensure legitimacy of users and blocking fraudulent access to the organization’s IT infrastructure is critical from a mobile security perspective.

Now the question is how to ensure a top security posture in an environment where you already have separate access management solutions for on-premises infrastructure, cloud infrastructure, software-as-a-service (SaaS) and more. And now you’re adding all of the complexities that come with mobile access. These complexities are leading to access management chaos.

Alleviating Access Management Chaos

In today’s world, where many security leaders feel the sophistication of attackers is outstripping the sophistication of their organization’s defense, can organizations do justice to a mobile security strategy — or any security strategy, for that matter, by surviving this access management chaos? No way. They simply need to take back control of access management and adopt one single, comprehensive platform that encourages secure adoption of Web, mobile and cloud technologies while simplifying user access management.

From a mobile security perspective, the access management platform must:

Provide Risk-Aware Access for Mobile Apps and APIs

The access management platform should dynamically assess risks associated with mobile app access by using contextual information about the device, user, environment, resource, possible malware and past user behavior. It should have strong multifactor authentication capabilities to verify user credentials depending on the risk context.

Protect Against High-Risk Mobile Devices

In a scenario where mobile devices trying to gain access to the IT infrastructure are infected by malware, the platform must be capable of blocking any fraudulent and high-risk transactions from the infected devices without modifying the back-end applications.

Enhance User Experience With Mobile Identity Assurance

Once the applications are aware of the identity of the user on the mobile device, there is no need to repetitively enter usernames and passwords to gain access. An access management platform should improve mobile identity assurance through one-time registration codes to link devices with application and user identity.

Remove Barriers for Mobile Productivity

Besides mobile identity assurance, the platform should allow users to easily access enterprise resources with minimal authentication friction. For example, if the mobile device already has the device management solution, then the access management platform should allow device-level single sign-on (SSO) to enterprise resources. This would enhance productivity and the user experience.

Manage Access in the World of Hybrid Cloud

Besides mobile security features, the access management solution should enable organizations to manage access in the world of the hybrid cloud. It should quickly establish SSO to enterprise applications and federated sign-on to popular software-as-a-service (SaaS) applications at one go. It should support user identity propagation in the hybrid cloud application interactions.

IBM has recently announced a new version of its access management platform, called Security Access Manager. It helps organizations take back control of access management. Please meet us at Insight 2015 to learn more.

Satyakam Jyotiprakash
Portfolio Marketing Manager, Security Operations and Response Solutions, IBM Security

Satyakam Jyotiprakash is the worldwide Portfolio Marketing Manager for IBM Security Operations and Response (SOAR) solutions. In his previous role, he was th...
read more