Skip Navigation
BlackBerry Blog

Pull Shadow IT Out of the Darkness While Keeping Workers Connected to Their Data

shadowit-peeperEmployees install software-as-a-service (SaaS) applications on their phones to access information that is important to business operations. These applications, such as Box, Dropbox, Google Drive, Concur, Office 365, and many others, could be used without your IT organization’s oversight. When someone leaves the company, files, data, and even login credentials are vulnerable to exposure. According to Gartner, “By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.” Gartner suggests the best way for companies to minimize threats related to shadow IT is to accept that these risks exist, but do whatever they can to protect themselves and their data.

This article was written by Joshua Roberts.

BlackBerry Enterprise Identity provides single sign-on access to cloud and SaaS services. These include BlackBerry Workspaces (formerly known as WatchDox), Box, Workday, WebEx, Salesforce, and Google Apps for Work; administrators can also add custom services to Enterprise Identity. Employees get access to corporate apps without the hassle of signing in to each one, and administrators get the ability to control the access. Users can access services from any device: mobile phones or tablets, computers, web clients, and native platform clients are supported. This is an easy way to limit corporate data exposure.

How Enterprise Identity Makes It Easy to Protect Business Data

When a service – an application running on a server, managed by a third party – is configured in BlackBerry Enterprise Identity, it means that a secure interface between BlackBerry Enterprise Identity and your instance of that service has been set up. Additionally, you can create custom SaaS services. After enabling a service in Blackberry Enterprise Identityand synchronizing it with BlackBerry UEM (Unified Endpoint Manager; formerly known as BES12), the BlackBerry UEM management console can be used to administer the service and deploy entitlements to users.

Double crossingIntegration with BlackBerry UEM makes it easy to manage users and permit them to access cloud services from their iOS, Android, and BlackBerry devices. Administrators can use BlackBerry UEM to add services and manage users, as well as to add and manage additional administrators. Using BlackBerry UEM, cloud services and mobile app files can be bundled together and assigned to a user or group of users.

The most efficient way to enable users is by using app groups, which can be assigned to individual users or user groups. An app group can bind together both the single-sign-on entitlement for a service and the client application files needed for user mobile devices to interact with the service.

User groups give administrators flexibility to authorize large numbers of users at the same time or level instead of manually updating entitlements when users are added or removed from the group. When a user is added to a group, the appropriate entitlement is automatically assigned to them, allowing them to sign into the service from any device using the same credentials. If a user is removed from a group, they automatically lose access to those services.

For more details on how to protect your key business data from loss or theft, visit the official BlackBerry Enterprise Identity product page. If you’re already an Enterprise Identity user, you can find documentation and answers to your questions on the Enterprise Identity Help page. Finally, if you’re concerned about balancing mobile productivity and security in your organization, don’t miss the opportunity to see solutions in action, speak to mobility and security experts, and share ideas with like-minded colleagues at the BlackBerry Enterprise Mobility Forum live events in September.

About Inside BlackBerry Blog