"As far as getting identity management under control, I think [the proliferation of mobile devices] has had a positive effect in making sure we remain consistent in our authentication mechanism," Cloutier says. "It has helped us to create rigor around our authentication platforms."
For example, increased mobility has enabled ADP to force applications developers at the company to consolidate their authentication platforms to centralized identity management authorities. "The bottom line, if they want their application available on mobile, they need to use IT's managed authentication platform," Cloutier says.
It does not make sense to create a second set of identities for users on mobile devices, Cloutier says. "You'll be watering down your control capabilities," he says "Access [to] data by individuals will remain fluid, including location, device, etc. Creating controls and monitoring capabilities that map users to data and data to use gets exponentially more difficult with each system added to an enterprise."
In addition, control technology requires identity management integration, and integrating multiple identity repositories to any system or control can lead to platform stability issues and higher costs, and affects a company's ability to be agile, Cloutier says. "Focus on proxied authentication or managed authentication through mobile device management-like applications," he says.
At Purdue University Calumet in Hammond, Ind., most of the administrative staff, about 300 people, are now using smartphones (iPhone, Android, Windows, BlackBerry), says Frank Cervone, vice chancellor for information services and CIO. Tablet adoption has been lower, with at about 100 employees using iPads or Windows-based tablets.
For both types of devices the primary business application is email and calendaring, Cervone says. "We have a virtual desktop capability for a limited set of applications, but have not seen much interest in using that functionality yet," he says.
Mobile devices have added a bit of complexity to identity management at Purdue because identity management is "pretty much a manual affair on Apple and Android devices," Cervone says. "We have had to develop more online help so people can make the needed adjustments to their accounts on their own rather than having to come to the help desk or call in."
The university is also looking at software tools that would help make the management of identities simpler for managers as well as end users, Cervone says. "We are also looking at various options for stricter enforcement of controls to limit data loss," he says.
"At this point it has been more of an issue with authentication rather than ID management, since the applications have been limited so far, for the most part, to email and calendaring," Cervone says. "All other applications [use] standard university authentication."
Purdue requires all university-issued devices to have either a PIN or some other type of locking mechanism to prevent unbridled access, Cervone says, as well as authentication for access to the university network.
Sign up for Computerworld eNewsletters.