How to approach mobile password management for the enterprise
When simple passwords no longer provide sufficient security, look to other options. Here are some ways to modernize password management for your enterprise.
As new mobile security threats continue to emerge, traditional approaches to password management for the enterprise aren't as effective as they once were -- and IT pros must find new ways to properly manage mobile users and apps.
Previous methods of password management for the enterprise included relying on standard passwords and encouraging users to choose which apps to install and use. As these older methods fail, some IT and security managers claim that mobile access management is out of their control. Others attempt -- and fail -- to enforce Windows domain password policies and user provisioning processes across mobile devices.
When mobile security risks exist, they can compromise critical apps, their associated content and larger business systems. And as mobile expands into the internet of things, proper identity and password management at the enterprise level are as important as ever.
BYOD and beyond
A BYOD policy and periodic user training are no longer sufficient for password management for enterprises. Instead, IT pros must integrate automation and simplicity into the process. Most organizations require a level of visibility and control over mobile apps and content that mobile device management (MDM) and enterprise mobility management (EMM) can't provide.
MDM and EMM have evolved into unified endpoint management, which uses aspects of modern data analytics and artificial intelligence combined with traditional identity management approaches. IT pros can more easily onboard and manage users and the apps they need, protecting access to business assets over the entire user account lifecycle.
For more granular control, find a more holistic approach to password management for the enterprise. Some ways to do this are to:
- implement identity federation and single sign-on across common business apps;
- use multifactor authentication to further enhance security on mobile devices;
- automate user enrollment and account management;
- deploy enterprise mobile app management, including custom catalogs, automation and access enforcement, to enterprise resources from trusted apps and devices without user intervention;
- integrate threat management and analyze apps to minimize exposures; and
- use big data analytics to provide insight into past and potential security events.
Emphasize process and progress
To get started with mobile identity and password management for the enterprise, IT pros must fully understand their requirements. IT pros should set goals for their enterprise mobility deployment, such as a positive user experience, simplified management and improved security.
Quiz: Best practices in enterprise mobile security management
Security should be a key part of every enterprise mobile strategy. Screen protection, encryption and remote wipe are three technologies that can improve mobile device security.
To measure progress on an ongoing basis, it's important to examine the workflow. First, analyze current mobile password and app-related risks, determine which gaps exist between the traditional network and mobile network, and discuss mobile needs with the proper users and department heads. Measure those risks over time to see how they both evolve and resolve. IT pros should look at repeat findings, as well as how long it takes to address each of their identified risks.
Finally, monitor for tangible policy violations, device loss and data loss to improve processes, and understand how to adjust mobile password management for the enterprise. Products such as AirWatch by VMware, MaaS360 from IBM, Mobile Device Manager Plus from ManageEngine and Enterprise Mobility + Security by Microsoft can help to simplify these processes.
In the long term, IT pros should look beyond mere compliance for their mobile environments. Instead, strive for true security that integrates with the overall enterprise security program -- both locally and out to the cloud.