Page 5 - Cyber Warnings
P. 5
According to Gartner, businesses are projected to have from 11.2 to 20 billion IoT devices
installed by 2020. As smart meters, IV pumps, manufacturing robots, farming equipment, and
even conference rooms connect, the network must get smarter and be able to classify and
understand the behavior of IoT devices automatically in order to keep the enterprise safe.
When Context Controls Connectivity
Between the mobile devices already on the network and the IoT devices that are coming, the
inside of the network has become a soft underbelly. It demands a different type of security
approach—one that starts on the inside and extends beyond the perimeter, and can adapt to
the dynamic nature of users—and mobile-oriented threats—those that can originate from
anywhere.
The hallmarks of this security approach are: shared contextual information and adaptive
controls based on mobility needs. By recognizing that no two users are alike, an adaptive trust
approach allows IT to define more personal policies that are mapped to individuals or groups
that share similar roles and business objectives.
Going back to our initial trio, the visiting salesperson gets guest access allowing them to reach
only the Internet—this after meeting sponsor acknowledgement and device compliance. While
guest access is a familiar scenario, context-based policies get more interesting when applied to
the two employees.
Enforcement can now be based on user role, device ownership, MDM/EMM status, and even
location. The network administrator has full privileges from his laptop while he is in any
company-owned building. At home, his privileges drop somewhat and they are different for his
laptop and his smartphone.
The HR director has full access to all systems when onsite, and when working from home on
her laptop. When traveling she is limited to emails and approvals from her mobile device. For
vacation, review, or budget approvals, the HR director also has the necessary multi-factor
authentication credentials to move the approval into the workflow cycle.
This added layer of security ensures that automated processes are only initiated by approved
personnel. If the mobile device is stolen, a thief has no access to the company’s systems or
private employee data.
User role, device type, ownership, status and location are some of the relevant contextual
information that allows IT to create policies that allow or deny access on a case-by-case basis
without leaving the enterprise completely exposed to new threats.
5 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide