BYOD boon: Make identities part of the cloud OS

Symplified's CEO will argue at an upcoming conference one way to deal with the problem: Push access management and control into the cloud

Imagine not having to have to worry about the dangers of Bring Your Own Device (BYOD).

Symplified is not promising enterprises that its cloud identity and access management (IAM) solution will eliminate them, but company founder, CEO and Chairman Eric Olden will tell an audience next Wednesday at the Credit Suisse Disruptive Technology Conference in Half Moon Bay, Calif., that the threats can be minimized by putting more of the security tools in the cloud.

Symplified calls itself the "Cloud Identity Company," and Olden said that is the model he believes is mandatory if enterprises are going to manage and prosper with the disruptive technologies of both mobile devices and the cloud.

"The sheer number of identities and things that need to be secured, whether they are data, applications or people, has grown exponentially," Olden said. "And the way we thought about securing access is broken."

"Second, the way companies are approaching IT has completely changed. Platforms like Salesforce and Google are running things -- out there [in the cloud]," he said. "With mobile users, it creates a totally different problem. The devices are not owned by the enterprise, yet they're being used to access it."

Olden compares the simultaneous explosive growth of mobile and the cloud to corresponding waves in the ocean. "[They] don't collapse, but build on each other. The consequence is that it's not a nice wave. It's a tsunami. You can't get to high enough ground to avoid it. So you have to manage it," he said.

The way to do that, he will tell conference attendees, is to make identities part of the cloud operating system. "The Internet is the great network, but what's running on connected computers is a whole new ecosystem," he said. "The question is, how do you secure things not individually, but as a fabric."

As an example, he points to how email virus scanning used to be done. "You'd install some software on your laptop and then if you got something bad, it would let you know," he said.

"But that's difficult to scale," Olden said. "Economies of scale in the cloud provide better message security. There are hundreds of millions of devices out there. The laws of physics mean the math just doesn't work to secure them individually. So what we do is, rather than try to control the device, we push access management and control into the cloud."

That means keeping applications and company data off the devices and in the cloud, which therefore makes it possible to enforce security on both managed and unmanaged devices, also in the cloud, Olden said.

"The user can go to a URL and access the application," he said. "There's nothing to download. He just puts a username and password in. It can ask for token -- but it's all being done in the cloud. You create portal that only authorized persons can access.

"And since you're really looking at the application through the browser on the phone - you're also keeping data off the device, which makes IT guys happy because they don't have to wipe them."

Olden said Symplified is not in competition with, or meant to replace, mobile device management (MDM). He said the advice given to enterprises for BYOD -- a list that includes encrypting all data, using anti-malware apps, banning rooted or jailbroken devices and un-vetted third-party apps and making sure devices are updated to the latest firmware -- should still be done.

"This is another layer," he said. "It just makes the system healthier -- like taking vitamins."

Copyright © 2012 IDG Communications, Inc.

Make your voice heard. Share your experience in CSO's Security Priorities Study.