Enterprise mobile software provider MobileIron has announced an update to its Access mobile security and identity platform with a zero sign-on solution which aims to finally replace the password as a security authenticator.
The company’s vision is to enable enterprises to use their mobile devices as their digital identity to access enterprise services and data, built on its unified endpoint management (UEM) platform and powered by Access.
“We’ve created a single point of secure and frictionless access to the perimeter-less enterprise – from any device, managed by MobileIron, someone else, or not at all,” Brian Foster, MobileIron senior vice president for product management told Enterprise CIO. “Enterprises are safe from the risk of passwords while being able to provide mobile-centric, zero-trust security that validates the devices, establishes user context, checks app authorisation, verifies the network and detects and remediates threats before granting secure access to a device or user.
“Our solution would free users from the pain of passwords, enabling them seamless access and huge gains in productivity,” added Foster.
Recent research into the topic has argued that, for many enterprise decision makers, the password has more than run its course. A Forrester study around identity and access management (IAM) late last year noted how, in the words of principal analyst Andras Cser, password re-use can lead to an ‘avalanche of breaches’, while IDG last month found that 86% of security decision makers would do away with passwords altogether if they could.
Zero sign-on solutions, and Zero Trust security in general, is increasingly being seen as the answer. The theory, which has been in the works for almost a decade, is now beginning to seriously gain traction as the technologies which enable it move into the mainstream. Writing for sister publication CloudTech in March from the RSA Conference, columnist Louis Columbus urged decision makers to get a handle on and demystify Zero Trust.
MobileIron was a vendor cited by Columbus, revealing how NASDAQ was scaling its mobile applications – including CRM – to its global sales force on a Zero Trust platform. To prove the point of issues surrounding Zero Trust, the company did a little field work of its own, asking 50 RSA attendees if they could define the concept.
“It is far to say there is some confusion out there and demystification is still needed,” said Foster. “There has to be some education around how the traditional security model doesn’t work in the age of modern work.
“There are a lot of misconceptions and marketing hype surrounding Zero Trust,” Foster added. “It is up to the security pros to educate end-users and help them take actionable steps to start implementing a Zero Trust security framework within their organisation.”
Given that May 2 was World Password Day – a celebration which has over the years turned into a solemnisation – the timing seems especially appropriate. Writing for this publication on last year’s date, MobileIron chief strategy officer Ojas Rege noted the long-held concerns in the industry. “You need to make sure you can trust the app and the device the individual is using,” wrote Rege. “If user, device, and app all pass the trust litmus test, you want security to be absolutely invisible to the individual.”
Yet the company’s mindset appears to have shifted over the past 12 months, from evangelising the virtues of single sign-on (SSO) to believing it is ‘one sign-on too many’, in the words of CEO Simon Biddiscombe.
Whichever, the concept of a password-less enterprise has been a dream for many years – and MobileIron looks to have gotten a step closer with its latest release. You can find more by visiting here.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.