Happy New Year everybody! I’m sure your in-boxes, RSS readers, Linked-in groups, Twitter feeds, magazines and other periodicals are all filled right now with predictions for IT in 2013. I’ll have a couple of those myself, but only as they relate to what were the hot buzz topics of 2012.
Each year there are a couple of technologies, catch phrases, acronyms or abbreviations that catch the fancy of the non-technical press and become the “IT buzz words” of the year. Those of us in technology try to do our best to either explain what the buzz words really mean or throw up our hands and nod whenever they are uttered. For example, in 2011 “Cloud computing” was such a buzz phrase. The general press became enamored with the concept and every software vendor (and even some hardware vendors) took it up as a way to sell whatever they were selling. The cloud is now considered ho-hum, even passé, by the general press while we’re still left with implementing cloud-based solutions and strategies.
In 2012, there were two related buzz abbreviations I want to talk about – BYOD (Bring Your Own Device) and MDM (Mobile Device Management).
BYOD wasn’t a new phenomenon, however. I first encountered it 25 years ago when my then VP of marketing came into my office just after New Year’s Day to ask if he could bring his new computer into the office to use on the network rather than the IBM PC (with the “green screen”) that he currently had. His new computer had color and cool games. I had to assure him that his Commodore 64 couldn’t be attached. (Some years later, though, some enterprising Danes created an Ethernet card – and NetWare driver – for the C64. But by then I had moved on, so perhaps someone else hooked up that device.)
RIM Blackberries have been around for a number of years and many a sales and/or marketing person has requested that they be able to access their corporate email & calendar on one. Still, the rise of the iPhone, Android devices and numerous tablets has led to a far bigger clamor for employee access to corporate assets on “their” current “new” platform. And that’s what we need to remember – it’s all about enabling different platforms.
At one time, it was about attaching MACs to the PC network, or Linux devices to the Unix workgroup. But it’s been almost 10 years since Vintela (now part of Dell via Quest) and Centrify solved that problem. Indeed, Centrify has now come on to include many mobile platforms in the mix it can authenticate to Active Directory and extended its coverage to cloud-based services.
And, really, that’s the point. While the mass media moan and groan about mobile devices accessing corporate information the real problem is being able to control authentication, authorization and governance on all platforms that could attach to corporate resources – both in the data center and in the cloud. That brings us to the second buzz phrase and abbreviation – MDM.
MDM, Mobile Device Management, is supposed to be the “solution” to BYOD. Well, as long as the “D” is a mobile platform. And it’s quite true that the mobile device is different from, say, the desktop device. But we’ve known that for over 20 years, also. It was 1991 when I acquired my first “portable” (more correctly, luggable) PC. I could take it with me anywhere and – using the built-in 2400 baud modem – connect to the servers and other devices on my corporate network from almost anywhere in the world. I continued to be able to do that with laptops, notebooks, netbooks down to the tablets and smartphones that make up my current traveling devices. Who knows, maybe in a couple of years I’ll only need my Google Glasses! But the bottom line is that we should be talking about device management as a unified technology, not a hodge-podge of separate management solutions for different platforms. My colleague Martin Kuppinger went into this in more detail recently.
AS a corollary to BYOD, many of my technoholic peers have been gushing about BYOI – Bring Your Own Identity. This theory proposes that employees will want to access platforms (particularly cloud platforms) for corporate data using the authentication credentials they’ve used for personal data on those same platforms. But this is a no- brainer. The answer to the question “can I use my personal sign-on for enterprise resources?” is an unqualified “no, you can’t do that.” The enterprise, through its IT department, needs to keep total control of access (and authorization) to the information that is the organization’s “crown jewels”. Without the ability to instantiate, maintain, modify and remove that access you might just as well drop all authorization and the let the world and it’s uncle have unfettered access to your assets. Martin Kuppinger has pointed out to me that, in the past, we’ve agreed that everything around authentication and authorization will become (a) versatile and especially context/risk-based and (b) sort of “unified”. I still agree. Risk/context based authentication and authorization are still the goal I’d like us to aim for. But in my mind, the enterprise needs to be the Identity Provider (IdP) and not the Relying Party (RP) with the sole exception of those instances where one or more 3rd party IdPs has a contractual commitment to the enterprise guaranteeing the authentications and with strong penalties for failure.
As many of you are aware, my colleague Craig Burton created a firestorm late last spring when he announced that SAML was dead – and wrote its obituary. As he, Martin and I all later explained we weren’t announcing an end to the use of SAML – indeed we all pointed out niche areas where it continues to be the best solution – but an end to further development using SAML. I wish I’d thought to pronounce “LDAP is dead” ten years ago before that useful protocol was stretched and twisted beyond anything it was intended for – or was capable of.
So there you have the bottom line for 2012 – stop developing with only SAML in mind (Oauth and OpenID Connect are the future, at least for now) and forget you ever heard BYOD, BYOI or MDM. Tried and true traditional identity protocols and management scenarios will continue to be your best choice in the new year. Fads and buzz words will continue to come and go (mostly go) and their proliferation throughout mass media will continue to add to IT’s burden, but if we all stick to our guns and deliver the goods we know will not only protect the enterprise’s information but will also contribute to a better bottom line then it will be both a happy and a prosperous new year. We here at KuppingerCole will do our best to help you out. Next time we’ll take a look at two ideas that, hopefully, will be the talk of 2013.