3 core challenges
From a technical perspective, there are three operational considerations are making access management more challenging than ever for IT.
Morphing service portfolios
Once upon a time, users needed little more on their desktops than a few desktop productivity tools and a database or two. Today's tools have expanded to include:
- Email, telephony, and collaboration
- Workflow/process applications
- Document repositories
- SaaS/cloud services
- BI and analytic tools
- Mobile device provisioning/permissioning
- Employee support services (benefits administration, education programs, etc.)
Not everyone needs every resource in the enterprise portfolio. And access to many resources must be tightly restricted because of governance constraints on PII and other data. The resulting complexity of resource-to-user mapping makes access management inherently difficult.
The multi-device user
Most organizations' highest-value employees constantly move across multiple devices. One minute they're working from their desktop PC. The next minute, they're using a Droid smartphone. Then they're on an Apple laptop or iPad.
These people can't have their productivity constrained by their choice of device at any given moment. Instead, they need to be able to work with whichever device is more convenient for a given place and time. They might find their smartphone most convenient when they're really on the move, while their laptop or tablet is more convenient when they can sit for a moment in a waiting area or coffee shop.
VDI facilitates this cross-device productivity by abstracting applications and other digital resources from the endpoint device and its particular operating system. However, as noted earlier, VDI only provides a mechanism for allowing endpoint devices to access centrally managed desktop resources. It does not inherently provide policy-based governance to make sure that the virtual desktop instance provided to any given user is the right one for that particular user under their current conditions.
Permission in context
Digital workspace management is made still more challenging by the fact that people are constantly working in different situations. These situations often have an impact on whether a given resource should be made available to them at a particular moment.
Situation contexts that can impact resource authorization include:
- Time of day
- Location (campus geofencing, national boundaries, etc.)
- Network connections (e.g. public Wi-Fi hotspots)
For example, mobile users might be permitted to access document sharing generally even when they are out of the office, but access to certain repositories of sensitive corporate IP or customer information might be restricted when they're sitting in a coffee shop using an unencrypted public Wi-Fi connection.
Smart management of employee access is thus optimally not just driven by individual users' roles and responsibilities—but also by real-time session-specific context.