Share

Related Links

  • Towerwall
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories

Feature

Comment: Mobile Devices Get Means for Tamper-evident Forensic Auditing

30 November 2012
Michelle Drolet, Towerwall

Providing early evidence of tampering can shorten investigation times for breaches and audits, says Michelle Drolet of Towerwall

The convenience of mobile devices has led to their rapid proliferation in the workplace. But along with that convenience comes security and compliance issues contributing to the degeneration of trust.

Risk management for mobile devices is of rising concern, particularly in highly regulated industries such as healthcare and finance. In order to detect security breaches and guarantee compliance, tamper ‘proofing’ has not been sufficient. When it comes time for a forensic audit, the ability to detect unauthorized changes to digital files becomes invaluable in an investigation.

In an article published by Enterprise Mobile Solutions, Mike Gault of Guardtime admitted how “Enterprises and government agencies don’t want to rely on trust authorities when it comes to ensuring transaction trails are secure. They’re looking for proof – an independent verifiable audit trail.”

The Institute of Internal Auditors says that internal audits are the leading method of detecting fraud among all industries. Compliance policies have, of course, requirements to provide clear audit traces, but that is not always sufficient. Having a means to more easily recognize tampering can improve audits by flagging digital files that have been altered or deleted in the time since they were created. Using tools to provide evidence of tampering rather than simply attempting to stop it can simplify and shorten investigation times for security breaches. These applications also shore up trust of mobile devices and the data they access or carry by validating it.

Keyless signature technology has been tapped to provide the best tamper-evident applications for mobile devices, cloud computing, and any other less-than-secure means of disseminating information. This method, rather than relying on keys, secrets, or other third-party information, uses hash functions for data verification. It creates a signature indicating the time, integrity, and origin (business, computer, or user) of the information against which to compare the received file.

The method of keyless signature is highly scalable and benefits from the simplification of the validation method. Certification-based validation schemes are often very complex and have management issues such as the revocation or expiration of the validating instrument. In addition, keyless signatures can be appended to almost any type of file or file format and the signature stored separately from the file, embedded into the file, or as a separate file alongside the original if needed.

By integrating keyless signature technology with mobile risk management, governments and enterprises can more easily comply with auditing policies. The forensic logs and audit records provided by these types of solutions are extremely transparent. Not only is the data and device validated, the audit trail itself is secured.

Says Rick Segal, CEO of mobile risk management provider Fixmo, “When it comes to proving compliance, the ability to verify a document’s integrity before and after a transfer is just as important as ensuring the data it contains is accurate and verified. The integration of keyless signatures and mobile risk management ensures our customers can confidently prove compliance in an auditable fashion across all corporate-liable and employee-owned (BYOD) devices on their network.”

Gartner announced that for 2012 cloud computing will become more mainstream with a 10X increase in deployments. Tamper-evident forensic auditing is not only a requirement for compliance of mobile devices; it will also serve to enhance cloud computing security and trust as well.

By lessening dependence on third-party trust instruments and easily integrating with almost any file system, keyless signatures improve data integrity and provide a means of showing proof of authenticity for each mobile device in use.


Michelle Drolet is founder of Towerwall, a data security services provider in Framingham, Mass., with clients such as Bose, Middlesex Savings Bank, Raytheon, and SMBs.

 

This article is featured in:
Compliance and Policy  •  Identity and Access Management  •  IT Forensics  •  Malware and Hardware Security  •  Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×