The intensely personal relationship users have with smart mobile devices —essentially handheld supercomputers —presents a new combination of challenges for government and enterprise CIOs and IT security managers. The more data these devices collect or share, and the more they serve as conduits to enterprise systems, the more attractive they become to cyber criminals.
A new FedScoop special report describes how mobile devices can actually be more made secure than on-premises devices. Innovative technologies including derived credentials, behavioral analytics and containerization offer superior user authentication and multi-layer data and network protection at the transactional level.
Guarding the gate
The first challenge for mobile security is ensuring that only the authorized individual is using the device. Phones and tablets are too often lost or stolen, and laptops left unattended can be easily be viewed by unauthorized eyes.
To address these risks, federal agencies including the Department of Defense have relied on Personal Identity Verification or Common Access Cards (PIV/CAC) to verify personnel identity in a variety of situations, including when employees log into government networks and sign documents digitally. But inserting CAC cards into a physical reader connected to a mobile phone or tablet can be cumbersome.
New derived credential technology eliminates the need for a physical card by placing verified identity credentials directly and securely onto the mobile device, much as mobile-pay systems do away with the need to make payments using a plastic credit card. This technology offers the added benefits of making identity verification more convenient, and preventing unauthorized logins.
But derived credentials and authentication tools such as biometrics offer only a one-time, “snapshot” form of user verification. Once the user has passed the initial test and gained access, the device and everything on it become fully available for viewing and use.
Behavioral analytics promises to change this paradigm. By learning user behavior — understanding and identifying browsing habits, messaging syntax and even how the user holds the phone — tools designed to capture how a device is used can provide the equivalent of a continuously-authenticating security “video,” (compared to one-and-done “snapshot” tools) to detect interlopers, transaction by transaction.
Security technologies in platforms take authentication even farther than just protecting employee and agency data while it is at rest, in use or in transit. Platform security systems, such as Samsung’s Knox, can authenticate at the transaction level by verifying not only the person performing the transaction, but also the permission to perform it at that exact time and location. If a user tries to execute a sensitive transaction in a hostile location, the device may disallow access to that operation (while continuing to allow other uses).
Divide and conquer
As an increasing number of organizations allow personnel to bring their mobile devices to work (BYOD)—as many as 50 percent by 2018, according to Mobile Business Insights—agencies may wish to use platforms such as Knox to place virtual “containers” around their data, limiting access.
Containerization allows enterprise IT directors to build ‘walls’ on mobile devices that can control how applications interact with their mobile device ecosystems, isolate a device to perform a single function and divide work data and apps from personal data and apps.
Knowledge is power
The idea that mobile technologies risk sacrificing security and privacy for the sake of convenience is widespread, but inaccurate. Although 34 percent of respondents to a recent survey by Dimensional Research said they think mobile devices are less secure than PCs, when properly configured these devices can actually be more effective than their larger digital brethren.
For more in-depth recommendations about enhancing mobile security, download the special report, “Advancing mobile technologies without sacrificing security.”
This article was produced by FedScoop for, and sponsored by, Samsung.