The present disclosure relates generally to managing events related to accessing an enterprise system using remote devices. More particularly, techniques are disclosed for communicating to remote devices information about events related to changes in access to the enterprise system.
With the proliferation of devices including mobile devices, many enterprises are adopting a “bring your own device” (BYOD) policy. BYOD enables users to bring their own devices to connect to an enterprise's system to access resources (e.g., applications or data) provided by the enterprise. A BYOD policy may permit users to continue use of their own devices for personal use. Managing different uses (e.g., personal use and corporate use) of user-owned devices in an enterprise system becomes a paramount concern for an enterprise. Permitting user-owned devices to access an enterprise system can present new security risks. Once access to an enterprise system is obtained by a user-owned device, the enterprise system may be exposed to security risks from non-compliant devices and non-compliant use of devices. Security becomes an even greater concern when user-owned devices are compromised (e.g., hacked, stolen, or lost).
To facilitate management of user-owned devices and corporate devices that access an enterprise system, some enterprises may implement a mobile device management (MDM) system and/or a mobile application management (MAM) system. Such systems may facilitate management and control of access to an enterprise system to ensure an enterprise system and its resources are secured. Management and control of access to an enterprise system may include communicating information about compliance and resources, and actions that must be taken for maintaining access to the enterprise system.
An enterprise that has thousands of users (e.g., employees, contractors, and customers), may be faced with the task of managing access for thousands of devices that access the enterprise. At any given time, an enterprise may have to communicate with many devices to inform those devices about the changes in access to an enterprise system. Due to the number of devices to which information needs to be communicated, a tremendous burden may be placed on the system(s) that manage communication of such information. The systems utilized to facilitate communication of information to devices may become overloaded, and sometimes unresponsive due to the number of devices that need to be notified. Many times, communication of information related to changes in access to an enterprise system may be delayed or not delivered. To complicate matters further, many devices may be affected by multiple changes related to accessing an enterprise system, such that information about multiple changes must be communicated to devices. On many occasions, information about changes in access may be forgotten or not processed by a device due to an error (e.g., device error or communication error) encountered by the device. Sometimes devices may encounter errors when information about the same change is communicated to those devices that previously encountered an error. As a result, some devices may not receive information about a change in access to an enterprise system. For example, if one access policy revokes access to a resource and another access policy provisions access to a resource that was revoked, then the order of the events based on the access policies determines the final access to that resource.
A messaging service, such as a Java® Messaging Service (JMS), may be implemented to support a publish-subscribe model. Such a model may allow changes to artifacts in an enterprise system to be notified by the enterprise system (acting as a publisher) to all interested subscribers of a topic of change. In the instance where there is one topic subscriber on each node in a server cluster, the messaging service may be unable to facilitate processing of a change among the subscribers, thereby leading to duplication of work or may result in an incorrect delivery order. A messaging service may be too heavyweight to enable management of new or different type of topics corresponding to a change in access to an enterprise system.
As a consequence of the many challenges described above for communicating, some devices may not receive information about changes in access to an enterprise system. Enterprises are searching for ways to improve communication of information for management of both user-owned and corporate devices, which access an enterprise system.