The document discusses how mobility and the Internet of Things are impacting identity and access management (IAM). It outlines how enterprise mobility is driving changes that require securing access on mobile devices and securing corporate data and applications. This brings risks like access-based attacks and device/data loss that require securing authentication, authorization, device/user profiles, and access on disparate devices. The document also provides examples of how IAM can address use cases involving mobile single sign-on, multi-factor authentication, device management, API protection, and data security. It evaluates IAM vendors and discusses future directions such as supporting more devices and stronger authentication methods while separating corporate and personal data.

1. Mobile’s Influence on IAM
- Abhinaw

2. Agenda
1. Mobility & IoT
2. Impact of Enterprise Mobility on IAM landscape
3. Use cases : Mobility & IAM
4. Industry Analysis
5. Future direction
6. Q & A

3. Internet of Things & Mobility
The computer industry is the only industry that is more fashion-driven than women’s fashion. – Larry Ellison.
Source: Wikiquote.
Disruptive Technologies
What is Internet of Things ?
Mobile Internet – Economic Value.
Impacted Industries
Retail , Logistics , Healthcare , Insurance , Government etc.

4. Business Drivers (Enterprise Mobility)
1. Operational Efficiencies / Reduced time in Decision making
2. Increases Employees’ productivity
3. Bring-Your-Own-Device movement ( Nearly 70% of employers allow it. )
4. Employee Satisfaction
5. Increases Customer/Partner Engagement ( Brand Management )
6. Need to Innovate
7. Context aware marketing / Self-service / Removing field assets

5. Impact on IAM
Can the corporation secure its most precious assets while boosting productivity and employee satisfaction?
 Risks - Physical Devices , Network security and Data Security
[Access based attacks , Device loss, rogue malicious apps , SMS attacks]
 Securing Corporate information is of top priority for CIOs – 41%
 Enterprise Applications which are instigating urgency
•
•
•
•
•
•
•
CRM Applications
Social Collaborative tools
Cloud based document repositories
Enterprise Messengers
Workflows
Payroll and Enterprise Travel apps
MS Office on Mobile apps.

6. What needs to be done ?
1. Securing Data for Mobile Consumption
2. Optimizing app performance while accessing Enterprise information
3. Securing/Adapting Mobile access to Enterprise APIs
4. Device/User level authentication & authorization
5. Support disparate devices and Operating Systems
6. Risk based Control and investigation – Compliance.
7. Over all lower TCO
a. Mobile Device Management
b. Mobile Identity Management
c. Mobile App Management

7. Use cases (Mobility & IAM)
1. User and Device authentication/authorization
2. Fingerprinting of devices
3. Device Blacklisting / Whitelisting ( Incase device is stolen or lost)
4. Single-Sign On
5. Multi-factor authentication / KBA / Context aware
6. Fingerprint authentication ( Just like iPhone 5s feature )
7. Data management
•
Encryption of data
•
Local wipe initiated by remote admin – segregate personal data.
•
Data can be shown on only browser or virtualized apps
•
Snapshot capability – capture current config and backing up

8. Use cases (Mobility & IAM)
7. Directory integration
8. Support for ease of development and integration – more compelling proposition.
9. Respect Employee privacy – App Containerization
10. Fine grained policy based authorizations
11. Ability to generate comprehensive reports to meet compliance needs

9. Industry Analysis
Five Forces
Threat of substituents.
Threat of new Entrants
Bargaining power of Suppliers
Bargaining power of Buyers - High
Competitive rivalry with in Industry

10. Vendor Analysis
Weightage
Oracle
CA
IBM
Mobile SSO
0.15
Yes
Yes
SDK – platform agnostic
0.15
Yes
Yes
Data at-rest encryption (wipe out)
0.08
Yes
Yes
Device blacklisting & Device inventory
Capabilities (Info of device ,user etc)
0.05
Yes
Yes
User & Device authentication/authorization
0.05
Yes
Yes
Yes
Protection of APIs
0.15
Yes
Yes
Yes
Voice Recognition/Fingerprinting
0.02
Remote Management of Devices & Apps
0.08
Yes
REST based Directory Interface
0.08
Yes
Mobile Application containerization
0.15
Yes
Identity 2.0 ( Social , Open ID etc )
0.04
Yes
Yes
Yes
Yes
Yes
Novell

11. Future Direction
1. IoT market problems
2. Support for IPV6 ; (IPv4 and IPv6 are not interoperable)
3. Fingerprint / Voice Recognition or even stronger Authentication
4. Support for storing billions of Identities in stores which provide better performance
5. R&D around making these ID stores available on a CDN like network.
6. More segregation on Corporate and Personal data/access management.

12. Q&A