Be the first to hear the mobile news. Enter your email to join.

identity-defined security perimeter

What Is an Identity-Defined Security Perimeter?

  • Brian Katz By

In my recent blog post, I touched upon the common, or single, experience strategy and how identity is the new perimeter for that strategy in the enterprise. Today, I want to take a deeper dive into what it means. How exactly does identity define your users’ experiences? How can companies take advantage of this to create delight while securely enabling users?

Identity Management Yesterday & Today

Identity management has always been about who a user is. It allows a company to verify that when a user wants to access data, they know who they are. In recent times, identity is about more than who the person is. Identity encompasses where they are and what device they are using.

Enterprise mobility devices and tools have matured in the last few years so that it is possible to use many form factors and instruments on the device to authenticate who someone is. The user can apply biometrics, possession and location to prove who they are. A company can, based upon this proffer of identification, decide what data a user can access and what they can do with that data.

VMworld 2017 Spotlight Session:
“Transformation of the Digital Workspace”
Add SAAM3157SU via VMworld U.S. schedule builder.
EUC at VMworld

[Related: Unification of EMM and Identity Management Makes Securing Personal Devices Easier]

Examples of Identity-Defined Security Perimeters

An example of this is an iPhone.

  • First, a user may enroll that iPhone into an enterprise mobility management (EMM) solution that puts a certificate on the device so that the device is known and associated with the user.
  • Then, TouchID can be enabled on that device so the user does not have to type a password to use the device or apps on the device.
  • The device’s location can also be used to make sure that the person is where they should be. A user who works in Boston but appears to be logging in from China may not be the person that they claim to be.

A company should normally have an access policy that defines what data a person can see and use based upon these many factors, which starts with their identity. For example:

  • A pharmaceutical company may decide that research data should only be viewed while a scientist is on the actual research site or lab but allow the scientist to look at their email anywhere.
  • A company with a location in the EU (where General Data Protection Regulation, GDPR, is going into effect) may decide that much of their local data can only be accessed while in that country/region, and users outside that region shouldn’t be able to look at it.
  • A user who has proven their identity but is using an insecure device may not be allowed to access sensitive data at all.
identity-defined mobile security

At a pharmaceutical company, an identity-defined security perimeter means a scientist may be restricted to view research data only while in the lab but may be able to view email anywhere.

It becomes very easy to see how a company can define their perimeter for their information through identity. It becomes about what a person should access and where and how they access that data. Additionally, IT is now able to classify data and specify what sorts of protection each class needs.

[Related: The Frontiers for EMM: Identity, Windows Apps & the Digital Workspace]

Identity & the Single User Experience

Once you have your security perimeter defined, you can begin to formulate your single experience strategy. It starts with designing for mobile first and what some people would say is mobile only.

The truth, though, is that mobile only doesn’t actually mean mobile only, it means focusing on the user experience and delivering that experience in focused chunks. We can see this in many of the apps developed for smartphones that delight users today. Instead of being monolithic, they allow a user to process data in bite-sized chunks and work on the immediate task. They no longer have to dig through menus to find the function that they need to get their work done.

The goal of a single experience strategy is to start with a workflow and build your apps around the data that the user needs. Instead of being an all-encompassing app, it becomes an all-encompassing workflow where the form follows the function. When an app is designed this way for a smartphone and then moved to a tablet, it can now use the larger screen and possible attached keyboard of the tablet to offer more functionality, but still stays focused. When that same app is moved to the laptop or PC, the focus stays with it, but the experience changes to accommodate the features of that PC.

This doesn’t require that you build the app for the smartphone first but that you build with the same strategic focus so you can provide that similar (not necessarily identical) experience to the user, and they become comfortable using the tool of their choice. All people bring their own biases into the choice of devices that they use, and the situations they are in will influence them, as well. It is easier to use a phone or tablet when moving around versus when standing still near a table or desk when a PC or laptop may be a better choice.

single user experience strategy

Paired with a mobile-first design strategy, identity-defined security enables a single, secure experience across users’ devices of choice.

Allowing users to take advantage of a single common experience using the device of their choice while ensuring that their data is secure is what you get when you combine identity with a mobile-first design strategy. This is the core of what VMware Workspace ONE is enabling.

Read more:

Brian Katz

Brian Katz

Brian Katz (@bmkatz) is the director of mobile strategy for VMware End-User Computing.

Leave a Reply

Your email address will not be published. Required fields are marked *


Blog By Region

Blog By Category: