Workers today spend more than a third of their time away from their desks, leveraging a mix of mobile devices and applications to access and share information and collaborate with others. While mobile devices give us unprecedented connectivity options, they also create significant security challenges.
In a survey of 4,500 business users, the research firm Ovum found that 70 percent have no device management or security functionality of any kind on their devices. Still, nearly half say they regularly use their personal devices to access corporate data.
That’s a dangerous combination, one that cybercriminals have been all too eager to exploit. Mobile data leaks and malware attacks have reached all-time highs, and the Department of Homeland Security (DHS) is urging organizations to rethink their approaches to device security. Among the DHS recommendations is the increased use of mobile authentication using personal identity verification.
Traditionally, mobile security has focused on devices. Solutions generally have been designed to lock down the devices themselves or control which applications users can access. Mobile identity management, however, takes a network perspective.
With mobile identity management, organizations have the ability to verify a mobile user’s identity and implement policies regarding data and application access. They can block users from accessing corporate data from devices and apps that don’t comply with security policies. They can also restrict access from specific locations or networks.
For example, if a trusted user attempts to access an accepted application from a known device, the identity management solution would produce a high reputational score, and the user would be granted access. If the same user attempts to conduct an unusual activity from a restricted location, the system might instead issue an authentication challenge or even deny access.
With many mobile identity management solutions, a user’s mobile identity is defined by three components: the mobile number, the device itself, and mobile activity or behavior. Mobile numbers are good indicators because they don’t often change and are directly linked to a user by a purchased mobile data plan. Mobile devices are identifiable by an international equipment identity number as well as many other attributes, including hardware types, operating system, settings, and browsers.
Mobile activity or behavior is an increasingly important element in establishing a user’s identity. Location is an obvious clue. If an employee’s device suddenly starts trying to gain network access from a different state or a foreign country, that would be a red flag that would likely result in a challenge. Machine learning analytics track and refine behavioral characteristics based on usage patterns established over time. These characteristics could include anything from location to time of access and even typing speed.
According to a new market analysis from the Key Market Insights group, the global market for mobile identity management solutions is expected to grow at a compound annual rate of 15.17 percent through 2022. Interest is surging as organizations become aware that mobile devices have become top targets for data theft, malware, and other cyberattacks.
In a world where mobile is now the preferred computing platform, the traditional network perimeter is effectively blurred. Users today expect critical data and applications to be available on any device, in any context, at any time. That means identity has become the new perimeter. Access must be based on a high level of trust that users are who they say they are.
For more information about mobile security, please send us an email at (firstname.lastname@example.org).