How Context Can Provide Application-centric Security

Written by

Despite the innumerable terrible headlines we’ve seen over the last few years, data breaches once again dominated the security space in 2015. Mobile firms, hotel chains, federal and government bodies, dating websites, retailers and more were all targeted during the year.

Names, email addresses, physical addresses, credit card information, passwords, social security numbers... just about any personal, identifiable and sensitive information you can think of fell into the hands of hackers.

As well as the material impact they can cause on the businesses that fall victim to hackers – such as the resulting compensation payouts – these attacks can also have a huge impact on a company’s brand. How many people will happily return to a business knowing that it may not be able to adequately protect their data?

Now, I’m not going to comment on the security in place at the companies involved with these breaches, but instead I want to talk more generally about why attacks are becoming more common and more successful. Ultimately, it’s a reflection of the changing way businesses operate, and security practices and processes that have to adapt to keep companies secure.

It’s the applications themselves that are the targets, because that is where the data is housed. Applications are a gateway to the data, the door that lets the hackers in. As businesses get more mobile and more cloud-based, these applications contain larger amounts of data, becoming an even greater target for cyber-attackers.

Also, applications have historically resided in the data center. As a result, this is where the perimeter and primary cyber defenses have been set up. However, because of the rise of mobile and emergence of the cloud, the data center isn’t always the most vulnerable area these days.

The proposed approach would be to think about security within the following four pillars:

  1. Organizations are moving to the cloud
  2. Growth in BYOD and remote/mobile workers
  3. Prevalence of SSL, resulting in many security applications being blind to encrypted traffic and threats hiding within
  4. More sophisticated security threats.

All of these, and the fourth one in particular, mean the perimeter approach is no longer adequate. Instead the perimeter has to be the application itself, wherever it resides. It’s almost like security is reverting back to its baseline design principles, but one that has a solid foundation that should help businesses fight even the most advanced threats.

The key to application-centric security, and to dealing with the complexities that those four elements listed above bring, is context – context of the user, the traffic, and the application.

Context = knowledge = power... to borrow and expand on a famous phrase.

Let me give you an example I recently heard and adopted from a colleague, of what is meant by context. Look at toll roads. In some countries there is nothing more than a machine you throw some coins into, then you drive a few miles and throw some more coins into another machine. That system has no understanding of its users – where are they coming from? Where are they going?

In contrast, there are more sophisticated toll roads that are monitored by cameras or tickets that follow users. So the system knows where the driver has been and where the driver is going and more. That gives the organization supplying the service much more context that can be used for marketing or security, for example.

How is that relevant to an organization? Well, context around the user, the data traffic and the application – such as what client platform the connection is being made from, where it is geographically located, what browser is being used, what protocols are being used, what application is being accessed – enables the organization to see anything and everything that goes on between the user and the application.

So going back to the “context = knowledge = power” equation, if an organization understands what’s coming its way, it has the ability to take the right action.

To protect an application you have to understand the application, and that is done through the contextual awareness mentioned above. Focusing security efforts on applications is an effective way of stopping security threats. It can also prove to be more cost-effective, because you can assign protection based on the value the app has to the business, instead of trying to protect everything equally.

Protect the application, wherever it resides, and you’ll protect the business as a whole.

What’s hot on Infosecurity Magazine?