Mobile Endpoint Security: Pros, Cons, & How-To

Last updated: 16 May 2016

Mobile Endpoint SecurityIt is always nice to get an analyst perspective on the market (especially in reports that rank your company as one of the leaders J), so I spent the first few hours of my weekend reading the new Gartner Magic Quadrant for User Authentication report, published last week.

As always Gartner provides a great insight on the authentication market-dynamics. Doron Cohen expanded on many of the trends, including mobile devices and the need for cloud-based authentication, and you can read his thoughts here. There are a few other things about the report that sparked my interest and got me thinking about what will be the differentiators in future Magic Quadrant reports.

Gartner is a great believer in the impact the Nexus of Forces (Cloud, Mobile, Big-Data and Social) on different aspects of the IT market, and this year’s report talks a lot about the impact of mobile on user authentication. Let’s ignore for a second the “phone-as-a-token” aspect of this trend, as it became a commodity more than a year ago. The interesting trend as of 2013 is to authenticate users to mobile as an endpoint.

Gartner writes: “We also note that adopting significantly different user authentication methods for different kinds of endpoints will be unsustainable in the midterm to long term because the burden on enterprises and users alike will be too great.”* I couldn’t agree more. One of the pitfalls of user authentication has always been the need to carry out authentication for each device, application or endpoint. Using (at least) two different authenticators for each end user may be too great a burden from both user experience and TCO perspectives.

Context-based-authentication solves this problem (and was suggested by Gartner). It can easily be integrated with PC-based as well as mobile-based applications, and can use a variety of authentication methods, device fingerprint, and even biometric features. Once you’ve implemented context-based-authentication, the burden of making it suitable for all endpoints relies on the vendor (this will probably differentiates visionaries and those who lag behind in future MQ reports). End users get the same user experience, and organizations pay for the same authentication solution, as they did for a single authenticator.

And for those who look for high-assurance solutions, they should base their solutions on dual-mode authenticators: disconnected and connected. The dual-interface is a great way to use the same token on two different device types. When the user tries to authenticate on a PC or on any host/ endpoint that has USB port, the token should be operated in connected mode. When the user needs to be authenticated on a mobile device, the NFC interface will be used with the authenticator’s disconnected mode.

These two methods should create the same user-experience for both mobile and non-mobile endpoints as well as very economic choice for the enterprises. At the end of the mobile section of the report, Gartner states: “Having said all that, only some of the vendors in this Magic Quadrant have demonstrated awareness of this need, and regrettably few have any way of addressing it.”* In my opinion, this ability will be a significant factor to differentiate vendors in the 2014 report.

*Gartner “Magic Quadrant for User Authentication” by Ant Allan, Ph.D, Vice President, Gartner Inc., March 2013.

Leave a Reply

Your email address will not be published. Required fields are marked *