More evidence of the "consumerization" of enterprise IT: On Monday, security firm RSA announced that it will release software designed to make an Android device provide two-factor authentication by serving as an RSA SecurID authenticator.
SecureID provides a one-time password that changes every 60 seconds, and works in conjunction with RSA Authentication Management software, which facilitates integration between SecureID and 350 products.
RSA, part of EMC, says that more than 40 million people at 30,000 organizations worldwide use its SecurID technology, which is available via a variety of software models and hardware devices, including key fobs, on-demand SMS tokens, as well as applications running on Windows, Mac, Apple iOS, and BlackBerry.
RSA said it will release the new Android SecureID software later this month, and that it will be free. Actually using it to authenticate with enterprise applications, however, will require that an organization has already deployed RSA Authentication Manager software.
The move to provide two-factor authentication on smartphones is obviously part of the growing adoption of consumer-focused smartphones in the enterprise -- part of the so-called consumerization of enterprise IT. Interestingly, however, market watchers say it's also part of a trend toward using smartphones themselves to bolster enterprise security. In fact, "the smartphone will become the default strong authenticator for users in the near-term; it means one less device that the user must carry," said Mark Diodati, research director at Gartner, in a statement.
As a result, he said, "it's important that strong authentication methods like one-time password devices are supported on smartphones, and that developers have an easy way to embed this high-quality authentication method into mobile applications."
According to RSA, using smartphones to generate a SecurID can also reduce security costs for businesses, since they don't have to purchase or replace standalone key-fob SecureID devices. Furthermore, if an employee leaves the organization -- presumably with their smartphone -- their SecureID authentication can be immediately revoked.