Let’s make one thing clear; context awareness is one of the most important topics in IT landscape today. Without context awareness, IT departments cannot fulfill the requirements of their customers (means users) and the security and compliance requirements of their business. Not considering this fact may result in a disadvantage over the competition and in worst case it costs the business money.
What do I mean by this?
If I look back 10 years, the IT environment was very static. Users were accessing corporate resources such as applications, data and desktops more or less from one unique location and device. But this has dramatically changed over recent years with the workforce becoming dynamic. What do I mean with ‘Dynamic Workforce’? Access to corporate resources now takes place based on multiple factors:
Any device: Is the device corporate owned or a BYOD? What kind of privileges has the user on that device? Does the device have the required security state? Is there a dedicated GPU for better remoting experience?
Any network: Internal or external access? Is the Wi-Fi network encrypted? What is the bandwidth and the latency of the connection? Connected through cellular services?
Any location: Corporate or home office? What is the location within the corporate environment? Is it a public area?
I could easily extend the 3 topics above with lots of additional cases about the device, the network or the location. But I guess you can easily imagine lots of more useful scenarios where the context is relevant. The key point I’d like to make here is the fact that in today’s businesses the workforce’s access to corporate resources is no longer static, it became very dynamic!
And that is exactly the challenge that businesses face with their security and compliance requirements with the increased dynamic access to corporate resources. The root cause of the challenge is the fact that businesses have heavily invested in their existing management technologies, which primarily use the role of the user within the business, to control access to corporate resources. In other words, access is granted or denied based on the security group membership of the user within Microsoft Active Directory.
I’m sure some readers will disagree because they are using remote access solutions to grant context aware access to corporate resources. But when I state ‘Access to corporate resources’, I do not exclusively think about remote access from the outside of the corporate network, but also access from the internal network and within the environment. Ask yourself, are you able to consume that collected context from a central source with all your existing management and security solutions (e.g. VBScript, PowerShell script, Microsoft Group Policy, UEM solutions) running on your VDI stack or on your physical devices? Is this context available in your reporting solution?
To summarize, access to corporate resources:
- Is now dynamic (any device, any network any location)
- Where available, context information is not easy to consume
To address these challenges, I’d like to see solutions which delivers the context into the condition set of my existing and future management solutions, independent of the used technology. This would empower my management and security solutions to grant or deny access to my corporate resources with true context awareness to achieve the business security and compliance requirements also for the dynamic workforce.
What is the context exactly? The context by my definition is based on multiple attributes of the user and their device. This can be grouped into Hardware (type, security components, capabilities, serial number, etc.), Operating System (type, membership, virtualized, printers, etc.), Software (security components, applications, certificates, etc.), Network (type, security, IP setup, signal strength, ISP, GPS, etc.) and User (type, membership, authentication, device usage, etc.).
Considering the context within the IT landscape enables a dynamic workforce, meets the existing security and compliance requirements and at the end saves the business money!
If you want to discuss or you have any feedback, please feel free to send me an email to firstname.lastname@example.org.
Happy reading, and see you soon!