Now that BYOD has become a widely accepted standard in many organizations, the next logical step in the consumerization of enterprise IT appears to be BYOI — Bring Your Own Identity.
In the simplest terms, BYOI is the management of usernames and passwords by a third party. Most of us have either seen or used BYOI in the form of social sign-ins; it’s common to visit websites that allow you to sign in or create accounts using your Facebook, Google or Twitter information. Instead of re-entering all of your pertinent information and establishing yet another password (or, more likely, using the same password that you’ve used everywhere else), with a simple click of a button you allow the site to access your social media profile and automatically establish an account.
BYOI and social sign-ins have a number of advantages. Perhaps the greatest advantage is simplicity — it’s just easier to hit one button than it is to fill out a long form or come up with a password that meets all of the current security requirements.
And in terms of security, proponents of BYOI claim that log-in and other personal information is more secure than it would be otherwise. When a third-party, like Facebook, is responsible for managing the security of the credentials, they argue, they are stored with the highest levels of security protection, and not, as is common, written down on a sticky note and left in plain sight.
However, not everyone is convinced that BYOI is the solution to security woes.
In the simplest terms, BYOI is the management of usernames and passwords by a third party. Most of us have either seen or used BYOI in the form of social sign-ins; it’s common to visit websites that allow you to sign in or create accounts using your Facebook, Google or Twitter information. Instead of re-entering all of your pertinent information and establishing yet another password (or, more likely, using the same password that you’ve used everywhere else), with a simple click of a button you allow the site to access your social media profile and automatically establish an account.
BYOI and social sign-ins have a number of advantages. Perhaps the greatest advantage is simplicity — it’s just easier to hit one button than it is to fill out a long form or come up with a password that meets all of the current security requirements.
And in terms of security, proponents of BYOI claim that log-in and other personal information is more secure than it would be otherwise. When a third-party, like Facebook, is responsible for managing the security of the credentials, they argue, they are stored with the highest levels of security protection, and not, as is common, written down on a sticky note and left in plain sight.
However, not everyone is convinced that BYOI is the solution to security woes.
Blurring the Personal and the Professional
The increasing interest in BYOI is a direct result of the growth of BYOD in the workplace. As more and more employees use their own devices for work, they are also using their personal log-ins to access company resources or applications. In some environments, this can cause problems, as a lack of a clear line between personal and professional identities can have legal ramifications.
Privacy is also a concern with employees using their personal ID’s and accounts as a means to log in to corporate accounts. Not only is there the potential for unauthorized persons to gain access to corporate networks via improperly secured single point log-ins, the information gathered via social log-ins in particular may be a violation of company security policies. For example, using social media to log-in often results in the launching of geolocation services or data gathering technology that could expose sensitive data. Not to mention, should a security breach occur, it’s possible that employees could have their own personal accounts compromised as well.
A Single Corporate Log-In
While BYOI in the strictest sense may not be a good fit for many corporate networks, it does raise the question of whether employees should have a specific, single login dedicated to their professional identity. Some experts believe that employing a single identity service to authenticate users, in conjunction with multi-factor authentication, provides a greater level of security than any previous solution. For example, employees could access corporate services using their username and password combination along with a token, key fob or one-time use code; once they are authenticated at the base level, they can then use that professional identity to access other applications and services on the corporate network without providing additional credentials.
Still, proponents of BYOI note that it is generally more secure than other forms of authentication because it essentially takes the password out of the equation. And since passwords are widely believed to be the weakest link in IT security, anything that strengthens authentication is potentially a good thing. So as BYOD continues to take hold, and companies look for new ways to protect and control access to their networks, expect to see more about the BYOI concept and new ways to streamline security while making it stronger.
The increasing interest in BYOI is a direct result of the growth of BYOD in the workplace. As more and more employees use their own devices for work, they are also using their personal log-ins to access company resources or applications. In some environments, this can cause problems, as a lack of a clear line between personal and professional identities can have legal ramifications.
Privacy is also a concern with employees using their personal ID’s and accounts as a means to log in to corporate accounts. Not only is there the potential for unauthorized persons to gain access to corporate networks via improperly secured single point log-ins, the information gathered via social log-ins in particular may be a violation of company security policies. For example, using social media to log-in often results in the launching of geolocation services or data gathering technology that could expose sensitive data. Not to mention, should a security breach occur, it’s possible that employees could have their own personal accounts compromised as well.
A Single Corporate Log-In
While BYOI in the strictest sense may not be a good fit for many corporate networks, it does raise the question of whether employees should have a specific, single login dedicated to their professional identity. Some experts believe that employing a single identity service to authenticate users, in conjunction with multi-factor authentication, provides a greater level of security than any previous solution. For example, employees could access corporate services using their username and password combination along with a token, key fob or one-time use code; once they are authenticated at the base level, they can then use that professional identity to access other applications and services on the corporate network without providing additional credentials.
Still, proponents of BYOI note that it is generally more secure than other forms of authentication because it essentially takes the password out of the equation. And since passwords are widely believed to be the weakest link in IT security, anything that strengthens authentication is potentially a good thing. So as BYOD continues to take hold, and companies look for new ways to protect and control access to their networks, expect to see more about the BYOI concept and new ways to streamline security while making it stronger.