Page 31 - index
P. 31
untrustworthy personal apps they may carry, and aren’t likely to be loading a standard image
onto BYODs with anti-virus and other protective software. Nor is it likely that organizations
will be able to retrieve devices when employees leave. We will need to find new and
innovative ways to address these and other challenges. Notwithstanding the risks, the use
of mobile phones equipped with SEs, or equivalent protected containers, opens
opportunities for powerful new authentication models that leverage the phone as a secure
portable credential store, enabling use cases ranging from tap-in strong authentication for
remote data access, to entering a building or apartment.
Additionally, as BYOD continues to grow in popularity and many cloud-based applications
are accessed from personal devices, enterprises will need to take a layered approach to
security, recognizing that no single authentication method is going to address the multiple
devices and multiple use cases required by today’s mobile enterprise.
A Layered Security Approach
In addition to multi-factor user authentication as the first layer of security, both inside the
firewall and in the cloud, there are four other layers that should be implemented.
The second layer is device authentication. In other words, once it is determined that the
user is who he or she says she is, it is important to verify that the person is using a “known”
device. For this step, it is important to combine endpoint device identification and profiling
with such elements as proxy detection and geo-location.
The third layer is ensuring that the user’s browser is part of a secure communication
channel. Browser protection can be implemented through simple passive malware
detection, but this does not result in the strongest possible endpoint security. It is more
effective to use a proactive hardened browser with mutual secure socket layer connection to
the application.
The fourth layer is transaction authentication/pattern-based intelligence, which increases
security for particularly sensitive transactions. A transaction authentication layer can include
Out-Of-Band (OOB) transaction verification, transaction signing for non-repudiation,
transaction monitoring, and behavioral analysis.
The final layer is application security, which protects applications on mobile devices that are
used to deliver sensitive information. The application must be architecturally hardened and
capable of executing mutual authentication. Adding this layer makes data theft much more
complex and costly for hackers.
Effectively implementing these five security layers requires an integrated versatile
authentication platform with real-time threat detection capabilities. Used in online banking
and ecommerce for some time, threat detection technology is expected to cross over into the
corporate sector as a way to provide an additional layer of security for remote access use
cases such as VPNs or Virtual Desktops.
31 Cyber Warnings E-Magazine – August 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
