Context-aware computing is not a new idea; everything from the search engine you are probably sitting in front of to the mobile phone in your pocket uses it at its most basic level.
The origin of the phrase comes from the human idea of studying a piece of text and bringing to bear the other things that you know about the words on paper; from the author’s life story to the facts about its setting.
There is a big difference though. With humans this kind of contextual understanding takes more time than simply reading the words on the page. In contrast, contextual computing, and particularly context-aware security, saves time.
There is no question that security teams are spending increasing amounts of time looking after compliance controls. In fact, security teams are overworked generally and even very large companies are seeking to outsource some elements of the process. This could be to a virtual chief information security officer or an entire outsourced team.
Context-aware security devices provide valuable time leverage in an already over-stretched department. They utilise supplemental information to improve security decisions, allowing people to do the same in significantly shorter time scales.
Read more about context-aware security
- Security Think Tank: High levels of control require detailed security intelligence
- Security Think Tank: Context-aware tech does not eliminate human touch
- Security Think Tank: Context, the 5 Ws and H of security
- Security Think Tank: Context-aware security is about more than buying technology
- Security Think Tank: Begin switch to context-aware security now, says Gartner
- Security Think Tank: New tech trends fuel need for context-based security
- Security Think Tank: context-aware security is business-aware security
By embracing context-aware security devices, operational savings can be made through a reduction in response times and an increased likelihood of the correct decision being made during an incident.
But how should business approach these new technologies?
- Make strategic technology replacements in line with upgrade paths
- Identify process bottlenecks where context aware technologies can streamline business operations
- Identify areas of intensive data analysis and look for strategic alignments with context-aware devices that can increase reaction times without reducing effectiveness
Thinking back to the origin of the phrase contextual computing, it is important also that these actions be put into the most appropriate human context. It should be a specialist security team or officer running these processes and they need to be made in context – while thinking holistically about the overall needs of the business.
It may well be that more security technology, context-aware or not, is not the biggest requirement for some companies.
Sometimes it is the human context that needs to be improved, from a social-engineering perspective. After all, the supplemental information the software will be looking for is founded on human behavior patterns, from information user behavior and tasks to location, infrastructure and physical conditions. Context counts, but so do people.
Peter Bassill is a member of the ISACA cyber security board and managing director at Hedgehog Security
This was first published in March 2013