Feature Article

March 07, 2013

Absolute Uses Certificates for Secure Device Management on Enterprise Networks

There was a lot of discussion at the recently concluded RSA event concerning the fact that as a result of the Bring Your Own Device (BYOD) explosion, that securing the enterprise based on the increase in vulnerable vectors, (i.e., those BYODs), is now a priority. In fact, one of the biggest vulnerabilities arises from bad or worst practices all of us employ when interacting with each other either on enterprise networks or outside of them – passwords. Meant as a form of protection, the reality is that in a BYOD world, they have become a major nightmare as a security hole.

The question that the industry in multiple ways has been trying to address is how to best provide really strong identity authentication so only authorized users and their apps on being exchanged, and do so in a way that is simple to use and easily managed.

Solutions range from strong multi-factor authentication that employs encryption and biometrics (finger prints, facial recognition, etc. to the new FIDO (Fast IDentity Online) Alliance initiative, whose stated aim is the elimination of passwords. In reality, those continuing to search for a solution that meets the goals of single-sign on strong authentication that can be easily managed should take a look at what Absolute Software is doing.  

Absolute Software changes the password game with certificate-based authentication

As Tim Williams, Absolute Software director of Product Management, discussed with me, “BYOD is something that should not be feared. It is something that should be embraced because it empowers people to be more productive. The user just wants their stuff and for getting it to be easy. The challenge is that as a result of the convergence of device and app management with security issues that has been accelerated with mobile, IT needs tools to have control over the associated risks. That is where certificate-based management comes in.”

And, just to punctuate the challenges IT has and why passwords can be seen as in many ways the “weakest links” for allowing the bad guys to exploit the proliferation of BYOD, Deloitte recently released a study that found that 90 percent of passwords deemed 'strong' by IT today are vulnerable to hacks right now.  

As Williams noted, certificate authentication was born to forward the main tenet of BYOD: making it convenient and easier for employees to do their work and remove barriers to entry. It was also born with the requirement that IT have the right tools to get control over a landscape that has been problematic to say the least.

Absolute's Certificate Authentication, which is part of the company’s Absolute Manage for Mobile Devices solution, is designed from the ground up to take the human element, coming up with and managing passwords, totally out of the mix. It works as follows.

Unlike device certificates, the solution is based on a process that generates unique certificates per user for Microsoft Exchange e-mail access when a mobile device is initially enrolled and access to corporate e-mail is provisioned. It is the equivalent of a password, but one that includes hundreds of characters. It is one that end users do not have to come up with and will never have to remember.

As Absolute likes to explain, previously, user authentication on enterprise networks relied on a closed network and passwords. This is based on the premise that blocking outside users from the network is easy when the client systems are tethered to that network; however, when client systems are BYOD or corporate issued, and the network itself extends wirelessly (cellular and Wi-Fi) outside enterprise walls, the weaknesses of a password-based system are quickly exposed.

In fact, it is why strong authentication of users, devices and the apps they are running has made identity the new enterprise perimeter.

Absolute says that certificates offer the following advantages over passwords, hashes and multi-factor authentication: 

  • Certificates do not rely on the user: The “password on Post-it note left under keyboard” security failure is no longer even necessary.
  • E-mail and network access can be managed easily without affecting other devices belonging to the same user. Meaning changing phones won't mean re-entering all your login info.
  • Calls to the IT help desk for password support are significantly reduced: No more 3 a.m. wake up calls from panicked employees traveling

On the management side of things, as the graphic shows, IT as a result of the solution has increased visibility, enhanced management capabilities and a powerful set of analytics to deal with people and devices behaving badly.

Source: Absolute Software

In fact, centralized management is a very important aspect of the solution. Not only does it allow IT the ability to have visibility into what they have and what is authenticated for use, but as importantly, it gives them the tools to be able to respond quickly when anomalies occur, as well as provision capabilities quickly for events where the device population needs to surge.

Finally, along with putting IT back in control, centralized management with extensible visibility answers what a question that was floating around RSA regarding encryption and certificates, e.g., “Who is minding the keys and certificates?”

Absolute answers this by putting the power in the hands of those who are accountable while also making life a lot easier for the user. It can help enterprises embrace BYOD rather than fear it, and have users stop fearing IT.




Edited by Allison Boccamazzo


comments powered by Disqus

FOLLOW MobilityTechzone

Subscribe to MobilityTechzone eNews

MobilityTechzone eNews delivers the latest news impacting technology in the Wireless industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter