Corporate mobile security and user access control
The perimeter of IT security is constantly changing and deformed under the influence of cloud computing, IT penetration into the lives of users and the intensification of working time. Information technology and information security decision makers have to find a delicate balance between respecting the security of corporate data and maintaining the simplicity, accessibility and ease of use that users expect. The need to close the gap between user identification and mobile access has led to the development of innovative identity management and access control (IAM) solutions, an overview of which we offer below.
So, what is the fundamental security issue in implementing corporate initiatives to expand mobile access?
First of all, and this is the main problem , by default, access to most corporate applications is protected only with a static password, which can be compromised or stolen using either phishing or brute-force or hacking user databases, for example, used by organizations and suppliers cloud services. The development of cloud-based applications in the corporate environment — such as Salesforce, AWS, or Office 365 — has led users to remember multiple sets of usernames and passwords in order to complete their immediate work tasks, resulting in a syndrome called password fatigue. Moreover, applications accessed outside the corporate firewall are protected solely by static passwords. It is clear that the use of static passwords jeopardizes the data and computer networks of organizations. And given the fact that employees often use two or more mobile devices for business purposes, concerns about secure access only increase.
')
According to the Verizon Data Leakage Investigation Report for 2016, in fact, 63% of data leaks were made possible by using cracked, stolen or reused passwords (recycled passwords), and the impact of these leaks could be reduced if two-factor authentication was used (2FA ).
Fortunately, organizations are becoming cautious and are gradually introducing appropriate access control mechanisms. According to a recent Gemalto survey, 40% of organizations around the world are currently implementing two-factor authentication mechanisms to ensure secure access to their networks and applications. Therefore, the “confidence level” of the fact that the user is really who he claims to be, is significantly increased, and it does not matter whether it is access to corporate resources from outside the corporate firewall or access to corporate resources from mobile devices.
The second most frequently cited after-security issue is that expanding mobile access creates an additional burden on IT management, and management has to think that increasing flexibility will put additional strain on staff.
The third most common problem is cost.
But what exactly should organizations undertake, on the one hand, that are under pressure from business management, which requires increased mobility to increase employee productivity, and, on the other hand, concerns about security, increasing IT management burden and increasing costs?
Fortunately, there are various innovations in the field of authentication technologies, thanks to which the increase in mobility can be made more secure, affordable and user-friendly and user-friendly. These innovations include services delivered using cloud technologies, such as authentication as a service and account management as a service (identity-as-a-service). They reduce the cost of providing a higher level of security in the form of multi-factor authentication and access control technologies by eliminating the need for the daily transaction costs associated with maintaining and operating these solutions. When moving to the cloud, the administrative burden, including software and hardware maintenance, installing security patches, creating backups and restoring data, ensuring redundancy and high availability of infrastructure, significantly reduces the cost barrier when implementing more effective solutions to ensure secure access.
From the point of view of improving usability for mobile employees, there is single sign-on (SSO) technology, which is designed to save users from “password fatigue” by providing a single user name and password to access all working applications - instead of 15 , 20 or 25 similar pairs. Single sign-on can be implemented using a variety of different protocols and technologies, for example, SAML 2.0, password saving (password vaulting), reverse proxy, or Open ID Connect technology.
Another innovation that provides secure and user-friendly mobile access is the use of PKI Bluetooth smart readers. These Bluetooth smart scanners read PKI-protected credentials present on smart cards and USB tokens, and send them via Bluetooth Smart to mobile devices, effectively providing PKI authentication via a Bluetooth connection. PKI Bluetooth Smart scanners allow you to implement more complex scenarios of using PKI on mobile devices - everything that could be done on laptops or desktop computers until today. Advanced PKI usage scenarios include digital signatures, for example, when writing electronic recipes, submitting tax reports, etc., encrypting and decrypting mail traffic, as well as PKI-based two-factor authentication mechanisms for online applications and even for containerizing corporate mobile applications.
For example, the PKI Bluetooth smart scanner reads the PKI-encrypted data from the smart card, sends it to the middleware installed on the user's tablet or smartphone, and thus enables full-fledged work with various applications that require PKI certification, which previously were only available on desktops and laptops.
Thus, it allows to increase the mobility in a variety of different vertical applications, without neglecting the considerations of corporate security, and not causing “fatigue” to the user.
So, what is the fundamental security issue in implementing corporate initiatives to expand mobile access?
First of all, and this is the main problem , by default, access to most corporate applications is protected only with a static password, which can be compromised or stolen using either phishing or brute-force or hacking user databases, for example, used by organizations and suppliers cloud services. The development of cloud-based applications in the corporate environment — such as Salesforce, AWS, or Office 365 — has led users to remember multiple sets of usernames and passwords in order to complete their immediate work tasks, resulting in a syndrome called password fatigue. Moreover, applications accessed outside the corporate firewall are protected solely by static passwords. It is clear that the use of static passwords jeopardizes the data and computer networks of organizations. And given the fact that employees often use two or more mobile devices for business purposes, concerns about secure access only increase.
')
According to the Verizon Data Leakage Investigation Report for 2016, in fact, 63% of data leaks were made possible by using cracked, stolen or reused passwords (recycled passwords), and the impact of these leaks could be reduced if two-factor authentication was used (2FA ).
Fortunately, organizations are becoming cautious and are gradually introducing appropriate access control mechanisms. According to a recent Gemalto survey, 40% of organizations around the world are currently implementing two-factor authentication mechanisms to ensure secure access to their networks and applications. Therefore, the “confidence level” of the fact that the user is really who he claims to be, is significantly increased, and it does not matter whether it is access to corporate resources from outside the corporate firewall or access to corporate resources from mobile devices.
The second most frequently cited after-security issue is that expanding mobile access creates an additional burden on IT management, and management has to think that increasing flexibility will put additional strain on staff.
The third most common problem is cost.
IAM solutions for secure mobile access
But what exactly should organizations undertake, on the one hand, that are under pressure from business management, which requires increased mobility to increase employee productivity, and, on the other hand, concerns about security, increasing IT management burden and increasing costs?
Fortunately, there are various innovations in the field of authentication technologies, thanks to which the increase in mobility can be made more secure, affordable and user-friendly and user-friendly. These innovations include services delivered using cloud technologies, such as authentication as a service and account management as a service (identity-as-a-service). They reduce the cost of providing a higher level of security in the form of multi-factor authentication and access control technologies by eliminating the need for the daily transaction costs associated with maintaining and operating these solutions. When moving to the cloud, the administrative burden, including software and hardware maintenance, installing security patches, creating backups and restoring data, ensuring redundancy and high availability of infrastructure, significantly reduces the cost barrier when implementing more effective solutions to ensure secure access.
From the point of view of improving usability for mobile employees, there is single sign-on (SSO) technology, which is designed to save users from “password fatigue” by providing a single user name and password to access all working applications - instead of 15 , 20 or 25 similar pairs. Single sign-on can be implemented using a variety of different protocols and technologies, for example, SAML 2.0, password saving (password vaulting), reverse proxy, or Open ID Connect technology.
Another innovation that provides secure and user-friendly mobile access is the use of PKI Bluetooth smart readers. These Bluetooth smart scanners read PKI-protected credentials present on smart cards and USB tokens, and send them via Bluetooth Smart to mobile devices, effectively providing PKI authentication via a Bluetooth connection. PKI Bluetooth Smart scanners allow you to implement more complex scenarios of using PKI on mobile devices - everything that could be done on laptops or desktop computers until today. Advanced PKI usage scenarios include digital signatures, for example, when writing electronic recipes, submitting tax reports, etc., encrypting and decrypting mail traffic, as well as PKI-based two-factor authentication mechanisms for online applications and even for containerizing corporate mobile applications.
For example, the PKI Bluetooth smart scanner reads the PKI-encrypted data from the smart card, sends it to the middleware installed on the user's tablet or smartphone, and thus enables full-fledged work with various applications that require PKI certification, which previously were only available on desktops and laptops.
Thus, it allows to increase the mobility in a variety of different vertical applications, without neglecting the considerations of corporate security, and not causing “fatigue” to the user.
Source: https://habr.com/ru/post/323338/
All Articles