COMPAREXpress

02/11/2016

Unless you live under a large rock, it wouldn’t have escaped your notice that the number of high-profile cyber security compromises is on the rise. And let’s be honest, it’s not down to a lack of available technology; the blame lies mainly with more the behaviour-focused, increasing sophistication of the smooth cyber criminal.

In part, their lives are being made that much easier by the fact that most of us are virtually wed to our mobile phones and that the traditional nine-to-five is well and truly six-feet-under (if indeed, it was ever alive and kicking).

The devices we either hold in our hand or put on our desks haven’t only changed the way in which we work, but they’ve also complicated the way we secure our technology almost beyond measure.

 

Bring your phone to work day

It’s fair to say that most BYOD policies have enjoyed or suffered varying degrees of growing pains, largely due to the fact that the manner in which people treat their devices varies dramatically. Crazily enough, there are users who will diligently refuse to click on a link on their laptop, despite being happy enough to open it on their phone!

Despite the debate of cloud and security enjoying its fair share of technology media headlines, the accompanying noise (broadly speaking) has been drowned out by users championing their favourite apps over those ‘approved’ by the organisation.

Users will invariably do what they need to do to ‘get the job done’. They use the apps they love on the devices they’re surgically attached to, all in the valiant name of productivity.

Rather than continue to sweep the lingering issue of human behaviour under the carpet, we may as well come to terms with the fact that bolstering security on the devices themselves is the most positive step we can take towards counteracting human fallibility.

Despite some industry stories suggesting that we’re all suffering from security fatigue, there is clearly lots of room left for education. However, between now and then, it’s the job of technology to try and bridge that gap.

 

Two factors are better than one

Multi-Factor Authentication (also known as two-factor authentication) is currently flying the flag for any organisation with security as a business priority. It allows only the user access to their account as well as provisioning for the inevitability that everyone forgets important details at one point or another.

Not that Single Sign-On is disappearing, but throw Multi-Factor Authentication into the mix and users are prompted to prove their identity via two out of the following three methods:

  • Something they know – typically a password or a passcode;

  • Something they own – a phone is a good example of this, since it cannot be replicated down to a tee easily;

  • Something they are – unless your employees have a bad habit of losing their fingers, biometrics will usually do the trick...

 

A little less standardisation, a little more action

Some industry experts argue that a reduction in security standardisation doesn’t eliminate the risk of being remotely compromised, and they have a decent point. There is no such thing as being 100% secure.

A little less standardisation however, allows for a little more randomisation. Remote access supported by identity-based security means while a cyber criminal may potentially get their foot in the door, (since the level of sensitive information will vary between different employees and you’ll determine that variation), it may very well be the wrong door.

And that’s even if they manage to bypass the two-factor authentication, as well as verify the employee’s identity via an app, text message or phone call that will go straight to the account holders phone. Throw in an actual moat and a dragon and it’d be frankly awesome.

The advantages are nice and clear: from a behavioural standpoint, it reinforces the individual level of security. However if you or an employee is prompted to verify your account without trying to sign in, then it’ll flag up an attempted breach, identify which device was compromised and advise as to whether any further actions need to be taken.

Remote Working is undoubtedly coming of age, and the well-worn debates of security are being mitigated, but not trivialised. Microsoft Azure is a beautiful example of going beyond the traditional ‘block-and-deny’ approach because, let’s face it; it’s not about trust (users will eventually just find their way around them anyway!).

Microsoft Azure Multi-Factor Authentication takes human behaviour into account, which is probably the first meaningful step towards going toe-to-toe with the current sophistication of cyber-crime.

 

To find out more about how we can help, contact our Cloud Solutions Specialist!

Kaz Traverso | Cloud Solutions Specialist | kaz.traverso@comparex.co.uk | +44(0)7917 641 431

 


Share this page

Do you want to continuously receive news via LinkedIn about COMPAREX UK in general, special offers and our events?

Start following COMPAREX UK on LinkedIn


Related Pages

 COMPAREX SAM2GO - Software Asset Management as a managed service.

Contact Us