Originally posted by Gartner

A well-executed single sign-on (SSO) strategy reduces password-related support incidents and provides users with improved convenience and more-efficient authentication processes, according to Gartner, Inc. A sound SSO strategy will give users fewer reasons to write down passwords. However, one password providing access to all in-scope systems can lead to compromised access to those systems.

“Organizations implementing SSO, particularly to systems that hold sensitive data, should implement risk-appropriate authentication methods with the SSO system,” said Gregg Kreizman, research vice president at Gartner. “Solutions are not ‘one size fits all,’ and solutions that provide SSO to all target systems may be deemed too expensive. Therefore, a best practice is to identify the tactical and strategic approaches that reduce enough of the problem space over time and within budget.”

Mobile devices can pose further challenges for SSO. “The proliferation of mobile phones and tablets with a variety of operating systems has created the latest and greatest challenges to authentication and SSO,” said Mr. Kreizman. “Web-architected applications can often be supported with existing access management tools, such as Web access management (WAM) and federation, because smartphones and tablets have Web browsers. Native mobile resident applications can create a gap in SSO support, and market offerings to resolve the issues are currently immature, proprietary, or not comprehensive enough to support multiple device and operating system variants.”

2012 was a pretty big year, in terms of mobile and enterprise mobility. Look at just a few of the milestones that spring to mind in a quick mental review of the year’s biggest mobile headlines:

Originally Posted by Aaron Goldberg, Tablets at Work Blog

When we start to talk about using tablets in an enterprise, one of the first things that must be understood is that the tablets we all know and love are not industrial-strength designs focused on the needs of a commercial organization.  Rather, these are consumer-first products that have real limitations when it comes to using them for business.  And this isn’t just a hardware discussion, although there are some key hardware differences.

1.  Operating System

The first large difference that has to be addressed is the operating system.  And the operating system is dramatically impacted depending on what the tablet is used for.  Consumer tablets are for browsing, running little apps, games, and generally “light-weight” work. 

I get to talk to a lot of CIOs in my line, and I always enjoy getting their perspective on technology and change. I’m frequently awed by their intelligence and the sheer scope of their knowledge and experience. I’ve often been surprised by their backgrounds, as well. I can think of top CIOs who came out of college with degrees in Philosophy, Chemistry, even Zoology. None of them thought they’d end up running IT for a major agency or corporation. (Guess which one ran an entire State’s IT? See the answer below.*)

So it’s particularly interesting to talk to them now, as the world they grew up and carved out a career in begins to disintegrate around them. Some people are even questioning if there will be such a thing as a CIO role 10 years from now. The question isn’t that far-fetched: “Self service” IT is a reality now, with a complete range of custom IT resources readily available to any department or individual who decides to “go rogue,” while bring-your-own device (BYOD) is spreading through organizations like wildfire – regardless of IT’s official policy on the practice, one way or the other.

In my conversations with CIOs and IT leaders during the past 18 months, most consider it a given that they must have a mobile strategy for their organizations. These strategies range from allowing employees to access the corporate network with their personal devices (a practice widely known as Bring Your Own Device, or BYOD for short), to pursuing a full scale switchover to a tablet-based infrastructure for users. Most companies find themselves somewhere in the middle.

The one fly in the mobility ointment for the majority of IT leaders is the issue of data security. Simply put, mobility breaks the time-tested perimeter security model that most organizations are still desperately clinging to. The fact is, the perimeter model is already broken. Mobility just brings this issue out into the light.

Despite the accessibility and cost-effectiveness cloud computing offers higher education, most colleges and universities have taken a conservative approach when it comes to actual investments in the cloud.

According to a survey of 496 campus IT leaders by the Campus Computing Project, more than two-thirds of colleges have outsourced student email to cloud providers. And yet, conversion rates for faculty email and other office applications are much lower. What’s more, deployment of enterprise resource planning (ERP) and learning management systems (LMS) to the cloud has not yet exceeded 5%.

Cloud computing has been a bright spot in a gloomy financial environment, with an increasing number of state and local governments adopting cloud infrastructures to cut IT costs and increase efficiencies. Simultaneously, agencies have seen significant increases in the amount of useful operations and tactical data they are collecting.

But just like chocolate and peanut butter, “Big Data” and the cloud are better together. These two IT trends are about to converge, a marriage that promises to permanently alter the way that agencies collaborate and share data.

The use of mobile devices on public sector networks is top of mind for most government agency and IT leaders. You can be sure that some form of mobile endpoint device is coming soon to the public sector—in spite of the security risks that keep agency IT leaders awake at night.

Don’t let security challenges derail your mobility plans, says U.S. CIO Steve VanRoekel, who warns IT leaders against making a “false choice between security and innovation.”

Indeed, federal mobility initiatives such as VanRoekel’s federal mobility strategy, General Services Administration’s (GSA) strategic sourcing plan for mobility initiatives and National Institute for Standards and Technology’s (NIST) security guidelines for tablets and mobile phones will pave the way—and set the expectation—for state and local governments to securely use mobile devices while meeting their organizational objectives.

Are state and local government networks secure enough for the “bring your own device” (BYOD) trend? Should they be? Current research indicates that most state and local government networks have little or no BYOD program in place, leaving potentially vulnerable holes in their network security. As the trend grows, it is necessary to develop programs ensuring data security across all platforms.

The latest research by Network World and SolarWinds is telling. They found that 60 percent of government agencies surveyed said their agencies didn’t have the appropriate tools to manage personal devices on the enterprise network. Yet the same percentage said their agency allows any employee-owned device to be connected to the network.

And if government employees are as careless as the enterprise end users surveyed by Harris Interactive and security solutions provider ESET, the public sector should take BYOD-related security issues seriously. Nearly a third of those who use their laptop for work use it to connect to public wireless networks; about the same number said that their data and files are not encrypted. About 46 percent of those surveyed have allowed someone else to borrow the personal device they use at work; 37 percent haven’t activated auto-lock.

In previous posts we’ve written a lot about how Windows 8 will bring a new user interface to PC and mobile device users. But Windows 8 also introduces many features designed to help IT professionals better manage and protect their enterprise information. One of the more interesting tools IT industry watchers are talking about in this area is Windows To Go.

Part of the Windows 8 Enterprise edition (which we’ll discuss in greater detail later this month), Windows To Go will enable users to access their Windows 8 corporate image from a USB drive. IT administrators will have the power to burn whatever image they like on those USB drives, so they can determine the exact OS experience their users will have. Users can then boot that image from any x64 PC at any location, regardless of whether they are online. (Note: Windows To Go is not supported on Windows on ARM).

This is important to IT professionals because it gives them the ability to control the environment their users work in—from managing app and file access, to enforcing policy compliance and administering streamlined support. Windows To Go can further help IT professionals better secure and manage access to company information by employees using their own personal computers and mobile devices.