Identity and access management - Mobility

[MUSIC] Hi. I'm Todd Peterson. I'm on the Identity and Access Management Team here at Dell Software. And today we're going to talk about mobility through the lens of identity and access management. Let's turn to the Dell XPS One Touchscreen and get started. So most people, when they think of mobility, are thinking of the device, that managing mobility is all about managing the device. We view it as there's two parts of that coin. You manage the device, but you also must manage the identity and the data that's involved. So we view IAM, which is traditionally identity and access management, could now be called identity and access mobility. So let's get started. Before you can even think about using a mobile device or accessing things in a BYOD scenario, you have to know what you're accessing. And what you're accessing has to be done secure. So you're talking about the applications that you have. So a number of organizations have applications that they've developed in-house. The problem with those is you have a number of developers that are coding applications, but those applications are coded with security done differently every single time. So you have 10 applications, authorization and authentication has been built 10 times, differently each time. So what we would recommend is externalizing security, where you just simply plug those applications into a single security scenario so they're all using the same security. That means it doesn't matter where you're coming in from-- on premise, mobile, whatever-- the security is rock solid. Once you have the security of your applications locked down, we recommend that you take a holistic approach to fulfilling the device, to provisioning the applications and the data and the access that the users require. Wouldn't it be great if you could simply send a user or user's manager to an amazon.com-type shopping cart scenario where they simply order the devices that people need, policy is checked for the applications that people need, and the data that they need access to? And, according to that policy, they are given the right access to the right applications in the right device. So everything would be solved there to make it much easier to get to the things you need. Once the people have the device, once the applications and data are secure, you now need to manage it. Here we're talking about traditional mobile device management. How do you do a lock and unlock? What happens when somebody loses their device? How do you do reset factory settings? But it's all based on IT-controlling things, including application access and phone access. Once you have that all set up, the next thing you want to do is control how people come in. You could open the doors and let anyone in to anything that you want in any way that they want to come in. But a more prudent approach is to control things so that you know they're coming in the right way, through the right avenues. So whether a user is coming in via a Wi-Fi access, via remote access from somebody else, you want to make sure that the policy that influences that is consistent and unified across everything. Maybe you allow a different type of access if it's on-premise. And if it's coming in remotely, maybe you have a little bit more stricter control. Next thing you want to do is enable the users to work efficiently. Couple of things that you can help with is automating self-service password resets, allowing them to reset their passwords instead of relying on IT the whole time. Automating the work IT needs to do around the directory and setting up the account. You can even enable the users and the managers to do those things in a self-service mode, similar to amazon.com approach we were talking about earlier. And that includes not only access to the device, but to the applications that are sitting on that device. Finally, the next level is to add governance to that access. You've controlled access earlier, but now you need to govern that access. That involves controlling who can do what, how, why, when, and where. And also watching what is done to make sure that it complies with policy. So you have a unified and uniform security policy that takes into account on-premise, as well as remote. Mobility, as well as any other means of access that you may need. That then controls how they get to every application that they need and makes sure that application access is appropriate and done according to the policy that you've already implemented. Finally, once you've got all that nailed down, you have an auditor that's going to demand that you prove that you've done all this accurately. So you have the audit need. You can have user activity monitoring tools that watch what people are doing with whatever way they're accessing. That will apply to the applications. But don't forget you've got privileged users they have extra special access, which require extra special watching. You can do that as well. And finally, that will bring you to a compliance state where what you're doing will satisfy your auditors, keep you secure regardless of whether it's on-premise, mobile, or whatever. So we recommend that you approach mobility from an identity and access management standpoint. If you do that, you'll find much more security, much greater efficiency, as well as the ability to progress with the next big thing that comes along after you've nailed down the mobility issue. For more information on this or any other aspect of identity and access management, visit us on the web at software.dell.com/identitymanagement. Thanks for watching. [MUSIC]