Smartphones and tablets are becoming ubiquitous in the workplace, and IT and security executives are having to accept the fact that the "bring your own device" and " consumerization of IT" trends are for real. This isn't a bad thing, considering the potential benefits such as productivity gains, improved collaboration and enhanced customer service.
But a key question for organizations, in terms of security, is what impact the mobility trend will have on identity management. Many IT and security executives have worked hard in recent years developing ID management strategies and procedures for their enterprises, and how the presence of smartphones and tablets affects those efforts is no small consideration.
Industry research shows that the move to mobile devices will continue for the next several years. By 2015, the worldwide mobile worker population will reach an estimated 1.3 billion, representing 37 percent of the total workforce, according to a report released in January 2012 by International Data Corporation (IDC) in Framingham, Mass. That would represent an increase from just over one billion in 2010, the research firm says in its study, the "Worldwide Mobile Worker Population 2011-2015 Forecast."
Given that mobile devices are proving to be such integral tools for accessing corporate data and applications, companies will have to be vigilant about making sure they know who is using the devices at any given time and that those users are authorized to gain access to vital business information.
"From the first day an enterprise end-user is welcomed on board, to the day they eventually leave the organization -- and every workday in between -- their ability to access essential enterprise systems, applications and data is made possible by enterprise-issued identities and corresponding access privileges," says Derek Brink, vice president and research fellow, IT Security at research firm Aberdeen Group in Boston.
"The processes and workflow for managing enterprise identities and access privileges over their lifecycle, from initial provisioning to real-time daily operations to ongoing end-user support to eventual de-provisioning and revocation, are for most companies as fundamental as power and payroll," Brink says. "Performed well, they are highly efficient but virtually unseen. Performed poorly, they are the source of unnecessary friction and costly end-user frustration."
But smartphones and tablets themselves are not driving changes in how enterprise-issued identities and corresponding access privileges are managed, Brink says. "The identity and access lifecycle is pretty much the same, whether you are logging in from your laptop or from your new iPad3," he says. "The bigger changes being driven by these devices would have to be in how enterprises think about protecting their sensitive data, or about how they choose to deliver their critical applications."
Sign up for CIO Asia eNewsletters.