In 2011, Unisys expects increased investments in biometrics-based protection of mobile devices, token-based encryption for sensitive transactions, port worker identification systems, business continuity planning, and geographic-based security access systems.
Patricia Titus, chief information security officer at Unisys, told Infosecurity that the most significant information security challenge for 2011 will be the “consumerization issues surrounding mobile devices and remote access. Those will have the greatest impact” on information security for organizations.
“We will see a lot more targeted attacks against mobile devices and mobile workforce. As devices get smaller, processing times get faster, and the amount of data they store gets larger, we are going to see an increased threat”, she said.
“Employees are driving corporations and governments to move towards allowing people to bring their own devices to work. That’s what is going to drive productivity: giving them the tools they want to use versus the company saying, ‘Here, this is what we are buying and this is what you get’ ”, Titus said.
This consumerization trend poses a number of security challenges for companies. “The boundary where we used to be able to set up all of our perimeter security is blurred. We need to think differently about data security”, she noted.
Titus recommended that businesses adopt Forrester’s zero-trust model to protect their systems from threats posed by mobile device access. The model “forces everyone to authenticate regardless if they are sitting on the network or you are pushing them through a VPN”, she said. This authentication can be based on what data an employee needs to access to get his or her job done.
Companies can use biometrics, passwords, and PKI certificates to manage access. “It really comes down to, what do you want people to connect to and how do you want to monitor that data”, she said.
Unisys expects biometrics, such as facial image or voice verification, to be increasingly used in 2011 to verify the identities of mobile device users, in addition to the more traditional user ID or password. In addition, Unisys expects the use of token-based encryption, such as smart cards, to increase to authenticate mobile device transactions.
Titus admitted that using biometrics and smart cards for mobile device authentication is “problematic” today. “As the generation of devices starts to grow, we are going to start to see more security built into” mobile devices, she said.
“We are going to see a movement about how to secure those mobile devices, either through native technology on the device or through a third party by bringing a third-party software or security suite into the picture to add that layer of security. Then, the company will need to make an agreement with the employee that if the employee wants to use that device, they are going to have to agree to allow the company to push a security solution to the device", she said.
Another technology that can improve the security of mobile device is GPS. Unisys predicts that organizations will begin to exploit location-based technologies as a means of securing employee access to sensitive enterprise data and systems.
Through use of these advanced technologies, IT managers can monitor in real-time the locations of employees and limit or disable their ability to access sensitive information or conduct sensitive transactions in high-risk areas such as public spaces, Unisys explained. Use of such advanced location-based solutions can also allow organizations to track staff deployed overseas and to account for their location in the event of a security incident.
Titus concluded with an appeal to mobile device vendors to increase security on their products. “I would love the product vendors to start thinking about security before they start pushing out these great technologies and offering security settings as a default instead of a matter of selection….As we start to become more dependent on these devices, I hope product vendors will start to increase the security components on the devices instead of forcing everyone to figure things out for themselves.”