Understanding identity underpins BYOD security

We're all familiar with the notion that perimeter is disappearing from IT systems – but it's not a new phenomenon. In fact, the perimeter has been dissolving for years, says NetIQ's Ian Yip.

“There is no perimeter, and there hasn't been for years,” he told the company's CSO Agile Security breakfast in Sydney. Even the popular emerging theme that “identity is the new perimeter” is counter-productive, he said, because it allows CIOs to hold onto a long out-dated model.

“If you hold onto that out-dated concept, it will be very difficult to move on from what we do now,” he said.

As discussed in the article, Yip is a strong believer in the development of identity standards that would allow better use of ID in managing access to systems.

However, that creates a different and difficult problem: perfect identity creates the perfect way to steal identity. CSO asked Yip about the best way to manage this issue – which seems to shift the risk from the enterprise to the individual.

Behavioural analysis is important, he said: “if you can identify what's normal for an individual from a behavioural standpoint, and if you have a good baseline to start with, you can spot anomalies”. That data, he said, is what indicates when an attempt has been made to steal an identity.

This is, he added, probably simpler to achieve in the enterprise, where both the identity and the behaviours will live in a more constrained environment. However, he agreed with CSO that the BYOD world undermines the clear division between someone's “public” identity and their “enterprise” identity.

“That's what puts a premium on understanding the context,” Yip said. “The identity you have on a mobile device has a social identifier that's useful for low-risk transactions. If someone is attempting a more serious transaction, then you need to step up to a stronger identity.”

In relation to the BYOD environment, Yip said, that understanding of identity becomes the foundation for managing BYOD security. Enterprises, having decided what their staff need to access, what they have the right to access, and what amount of access they can be allowed from their mobiles, have a much better chance of properly securing the environment – whereas mobile device management solutions, focusing as they do on the device rather than the user, are nothing more than a tactical solution.

AT&T hacker Weev released from prison after appeals court overturns conviction

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]

Comments

kb

1

The iBoss cross-platform mobile authentication works on any Internet device, regardless of operating system, and will bind to any directory. The schools/ business use virtually no resources managing the devices, yet threats are immediately identified and staff are filtered in keeping with the applicable policies.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.