Analytics are the new buzz, supplanting even cloud in the minds of managers, media and the vendor community. But there’s solid substance behind this inflation of the analytics bubble – the fact of their ability to address the increasingly complex data-driven challenges we face in productive life, and in the technology that supports it. Case in point is mobility. While workers today are taking their cue from the relentless march of phone-clad consumers into every aspect of life, using the smartphone/laptop/tablet as a mobile office solution, increasing numbers of businesses are coming to recognize the productivity benefits of having a mobile workforce. For the global, mobile worker of today, the office can be anywhere from headquarters to home-based workspace to a wired airport lounge, and performance, not presence, is the new measure of employee value.
And as companies develop ever more cloud and web-based communication channels enabling internal workers to connect to back office data and applications, they are also working to realize new potential benefits of reaching out to broader communities: social to enhance networking and access to subject expertise, partner groups to improve supply chain and sales, and customer combinations to develop marketing and reinforce brand. The result is a panoply of user types and identities that require access to an increasingly broad array of new and legacy business applications from a multiplicity of locations – in other words, a large and complex mix of variables that is the preferred playground of analytics platforms.
This byzantine access tangle also presents new security challenge to the IT administrator tasked with protecting corporate data while empowering the remote worker/partner. To help, Dell is working to integrate the power of analytics into its access management portfolio, a suite of IAM solutions including password management, multi-factor authentication and single sign on, which came to Dell with the acquisition of Quest Software back in the fall of 2012. For example, the Dell One Cloud Access Manager version 8.0, which was released this month, now includes (at no additional cost) a Security Analytics Engine to provide out-of-the box control of web-based applications.
Dell calls the engine a “risk scoreboard” that allows the user to shift from static security to “adaptive” or “context-aware” security. As Todd Peterson, product marketing manager, identity and access management for Dell Software explained, security systems have traditionally been based on a series of yes/no question and answers, in which any negative answer – to a queries like is it after hours, where is the device located? – can invoke denial of user access, bringing user productivity to a halt. The Security Analytics Engine, on the other hand, allows the organization to build context around these questions to enable more flexible security policy that better reflects the complex reality of the contemporary mobile workplace. With the engine, access is approved/denied based on a user’s risk score, compiled through aggregation of specific scores for individual factors – say, for example, a score of 10 for mobile; 0 for on-premise, 0 for a managed device; 10 for an unmanaged device, etc. – and security enforced through user-defined policy that takes into account context around a number of variables. Situational information that can be scanned for would include items such as time of day, location, browser used, the application that a user is trying to access, user role and identity, device status (managed or unmanaged), the type of authentication requested, a user’s history (is this request outside normal patterns?), and blacklist/whitelist information.
In order to develop this context, Dell is able to pull in other assets to support Cloud Access Manager 8.0 capability, such as the SonicWALL firewall, which can provide time of day or IP information, or the SecureWORKS managed service division, which can provide IP blacklist and whitelist information that can be incorporated into policy or decision making. Going forward, Peterson expects further integration of Dell technologies that would enable control – enforcement of identity security at the firewall level, for example.
Ultimately, Peterson explained, this concurrent analysis of many variables means “you don’t make security decisions based on past decisions and static information. You make real time decisions based on dynamic information – as different components come into play, your security decision can adapt and change with them.” Decisions delivered through this risk analysis are then enforced automatically by the Cloud Access Manager without manual intervention.
A critical complication in identity management today is application diversity. But Peterson argued that One Cloud Access Manager is unique in the market for the broad scope of its IAM delivery: the solution provides single sign on for any application that is accessed via a browser, and includes support for SAML, the XML based open standard for exchange of authorization and authentification data, the identity specification standard WS Federation, Windows Authentication for ASP.NET applications, OWASP, the OAuth protocol and the API friendly Open ID Connect layer which sits on top of it to enable encryption, discovery and session management in the authentication of web-based, mobile and JavaScript sessions and end users. “This means Office 365, Salesforce, Google Apps, any other SaaS offering, ‘off the shelf’ web applications and social authentication – those are all covered,” he noted, “but it doesn’t stop there. It also provides the ability to do single sign on and authentication for legacy applications, which may have been developed over time and built before SAML or OWASP were available or by organizations that chose to use other, proprietary authentication methods. We specifically built Cloud Access Manager to cover the gamut.”
The solution also provides secure remote access via reverse proxy, meaning that in situations such as when an unsecured device is looking for access, for example, or when the device is used by someone outside the organization, the business can specify exactly what applications it would like to expose to that user, without the overhead associated with creating a VPN.
Dell has also built “social login” via OAuth standards into this latest version of Cloud Access Manager, allowing single sign on to popular social sites like Facebook, Google, Twitter, Windows Live to address user ‘password fatigue’, a feature that Peterson noted might offer greater appeal in markets like education or in other low risk, high volume use cases where a diverse user population would benefit from a more simple access approach than to the corporate world.
A third enhancement in the updated version of Cloud Access Manager is extension of support for radiant compliant password management to smart cards for customers who wish to use these as part of two factor authentication.
The sensitive nature of security management means that Dell’s solution is typically deployed on-premise, though a SaaS offering is available and Dell expects cloud deployment to become more popular in managed services environments. Peterson described deployment of Cloud Access Manager as “fairly low impact” as the solution runs on a server, involves minimal configuration, does not require client software and has no special connectivity need. At the same time, the solution provides a unified, single experience for users who may be accessing corporate data and apps in a variety of ways. “As long as users can get to a browser on their device, they can get to whatever they need,” Peterson explained. “And it’s an experience that is consistent with what they would get on-premise, on a PC, tablet or phone. It all looks and acts the same.” For the business, the solution enables the organization to “gear access to the situation, without installing a separate access management solution or redefining policy for mobile workers,” while reverse proxy provides security in locations where VPN might be problematic – an airport kiosk, for example. A win-win in the emerging mobile era.