The consumerization of IT and bring your own device (BYOD) initiatives in the workplace are challenging IT leaders to deliver secure mobility without spoiling users’ mobile experience.
IDC Financial Insights projects that, by 2017, the value of purchases made through mobile devices will exceed USD1 trillion. Out of these mobile payment users, 48% of the users are concerned about security, while 22% do not fully trust in the technology to process transactions properly.
Gartner, on the other hand, expects that through 2015, about one in two enterprises will take advantage of mobile device power-on passwords coupled with X.509 public key infrastructure (PKI) device credentials for remote-access authentication. Other authentication methods and technologies on mobile devices include OAuth, Near Field Communication (NFC), and one-time password (OTP).
Biometric factors – including fingerprint, voice, or facial recognition – may gain traction next year as “30% of users accessing corporate networks or high-value web applications from smartphones or tablets will use biometric authentication, up from less than 5% today,” said Gartner’s analysts.
With the mobile operating systems and devices that support biometric authentication, implementations are becoming robust enough to support business use.
Meanwhile, both iOS and Android devices now incorporate NFC functionality and emulate an NFC card through a separate chip in the device. “People are using NFC not just for payments,” points out Priyesh Panchmatia, Director, Solutions at i-Sprint Innovations, which hosted a CIO roundtable discussion on the future of security and mobility in enterprises. “They often use NFC to turn the mobile phone into an authentication device, which will work in combination with their credit card.”
As these mobile authentication technologies mature, Gartner recommends that a password policy requiring at least six alphanumeric characters and prohibiting dictionary words be enforced on devices with access to corporate information. The large set of combinations provided by such a password would discourage hackers.
In addition, Gartner recommends a further authentication method or at least another password be used to access sensitive corporate applications and data. Here, software tokens such as the X.509 credentials on the endpoint offer one way to establish the higher-assurance authentication required by some organizations.